# University of California, Berkeley, CS294-90: Cryptography and Cryptanalysis, Spring, 2013

## Instructor and Office Hours

John L. Manferdelli and David A. Wagner
Email: johnmanferdelli@hotmail.com
Office: Soda 711
Office Hours: M 2:00-4:00 (and by appointment)

## Class Description

Typically, people do not make a living at cryptography or cryptanalysis, yet many people benefit from a deeper understanding of both.

Cryptography is virtually the only mechanism for providing confidentiality, authentication, privacy and integrity in distributed systems, including the internet, and systems with radio based communications. So cryptography is a basic tool for computer scientists.

You can't really design a good cryptosystem if you don't know how they break. That's what cryptanalysis is all about. More importantly, it's hard to know how to use cryptosystems properly if you don't know how they break and how they are designed.

This class will be a hands on study of both cryptography and cryptanalysis with less focus on theory and more focus on actual practice.

We'll cover much of the following (depending on class interest):

• Classical ciphers: Enigma, Purple, M-209, SIGABA.
• Random Numbers: Estimates and learning, entropy estimation and HMM, independence.
• Block Ciphers: DES, FEAL-4, AES, modes of operation. related keys, weak keys, integral attacks, differential cryptanalysis of DES and FEAL-4, linear cryptanalysis of DES and FEAL, cryptanalysis of AES candidates, solving algebraic equations.
• Stream Ciphers: Linear shift registers, non-linear shift registers, RC4, complexity and Berlekamp-Massey, approximation attacks, correlation, immunity, WEP attack.
• Cryptographic hashes and one way functions: Dobbertin's attack on MD4, Differential Crypto, SHA-0, SHA-1, SHA-2, SHA-3.
• Public Key Schemes: Distribution of primes, factoring, sieves, discrete logs, index calculus, Pollard rho, Elliptic curves, MOV attacks, reduction techniques, point counting, ECC parameters.
• Protocols and their discontents: TLS, IPSEC, proof of possession, CMS, splicing attacks, key management and side channel attacks.
• Using cryptography in real systems.

Required Background: Algorithms, discrete math (probability, beginning group theory, elementary number theory), linear algebra, and the ability to program (for analysis of cryptosystems). See me if you have any questions.

## Textbook

There is no textbook but I'll post extensive notes. You can find some references here.

## Mail

The grade will be derived from one take-home exam and a modest class project covering some aspect of cryptography agreed on with the instructor. There will be homework but it won't be graded. However, many of the homework problems can be expanded into class projects and will be helpful for the take-home exam.

## A Word from Our Sponsors

The material on this web site is provided "as is" without any warranty. There are likely to be mistakes. If you find any mistakes or if there is material that you believe might infringe on the right of a third party, please let me know.

Please comply with the University of California, Berkeley Rules of Academic Conduct.

## Schedule (Subject to Change)

Date

Week 1
January 23, 2013

Topic: Introduction

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 2
January 28/30, 2013

Topic: Cryptography joins the 20th Century

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 3
February 4/6, 2013

Topic: Cryptography in 1975: Block Ciphers and DES

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 4
February 11/13, 2013

Topic: Block Ciphers: FEAL and AES

Lecture Notes: Lecture Notes and Lecture Notes

Homework Assignment: Homework

Week 5
February 20, 2013
Februrary 18 is a holiday.

Topic: Modes of operation

Lecture Notes: see previous notes.

Homework Assignment: Homework

Week 6
February 25/27, 2013

Topic: One way functions and cryptographic hashes

Lecture Notes: Lecture Notes and Lecture Notes

February 27: Special Guest Lecture, Jesse Walker,

Hash function construction and SHA-3

Homework Assignment: Homework

Week 7
March 4/6, 2013

Topic: Public key cryptography: RSA

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 8
March 18/20, 2013

Topic: RSA and MACs

Lecture Notes: Lecture Notes

Homework Assignment: Homework

March 25-29, 2013

Topic: Intersession break. Work on your projects!

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 9
April 1/3, 2013

Topic: Public key cryptography: Discrete log systems

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 10
April 8/10, 2013

Topic: Random numbers and cryptographic protocols

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 11
April 15, 2013. No class April 17, 2013.

Topic: Elliptic Curve Cryptography

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 12
April 22/24, 2013

Topic: Elliptic curve based systems

Lecture Notes: Lecture Notes

Homework Assignment: Homework

Week 13
April 30/May 1, 2013

Topic: Presentation of class projects. Take home exam distributed on May 1.

Presentation Schedule: Presentation Schedule

Week 15
May 6-17, 2013

Take home exam due on May 8, 2013 5PM PDT, mail exams to instructor
Projects due.