# CS 463/680: Cryptography and Data Security

Dr. Lawlor, Spring 2015

Course deadlines:

- The take-home final exam is due by midnight on May 7 on Blackboard (log in first). (In question 2, the elliptic curve to use is secg's p256k1.)
- Project 2 final drafts are also due by midnight on May 7 on Blackboard (log in first). This final version should be clean and polished, and should be easy for me to understand, but does not need to include a separate writeup.
- Midterm exam grades and brief feedback are on NetRun (and see the midterm answer key).
- Project 2 rough draft brief feedback is on NetRun.
- Project 2 talks will be in class April 29, May 1, and May 4. You should prepare about 10 minutes of material, including a discussion of prior work, clear examples, and at least some figures or illustrations. Your talk grade will receive a 10% bonus on April 29, a 5% bonus on May 1, and no bonus on May 4.
- Wednesday talks:
- ECDSA crypto chat (email your username/password to Chris)
- French Braid Hash
- CUDA length extension attack on SHA-1
- Length extension attacks on MD5
- Friday talks:
- JSON web tokens
- Gcode steganography
- Monday talks:
- CUDA MD5 generation
- McEliece encryption
- Authentication through SHA-256 with AES-256 encryption for robotic communication security
- Project 2 rough draft was due Monday, April 20 on Blackboard (log in first). (Project 2 requirements: like project 1, but grad students will not need to do a paper-style writeup.)
- Project 1 final draft was due Wedesday, March 25 on Blackboard (log in first). Brief rough draft and presentation feedback is on NetRun.
- Project 1 presentations are the week of March 9-13, with a target of about 15 minutes of material per student. In addition to explaining the basic problem background, how other people are solving it, how you're solving it, and how well your solution works, it's often useful to talk about the problems you had building and testing your solution. Brief rough draft comments and grades are on NetRun.
- The take-home midterm exam is due back by midnight Friday, March 6 on Blackboard (log in first).
- Homework 2 centers around RSA, and is due Monday, February 23.
- Project 1 topics were due Wednesday, February 11. Rough drafts are due on Blackboard (log in first) Wednesday, February 25.
- Homework 1 centers around RC5, and is due Friday, February 6. It's built in crApto, which is a lot like NetRun.
- Homework 0 is some dictionary based cryptanalysis, due Friday, January 23. Comments and grades are on NetRun.
- This short survey on possible course topics was used to finalize the course content and schedule.

Lecture notes:

- Monday, April 27: Project work session due to National CCDC
- Friday, April 24: No class due to SpringFest
- Data Security & Authentication in the Legal System, Wednesday, April 22
- Historical cryptographic techniques, Monday, April 20
- Quantum key distribution, Wednesday, April 15
- Quantum cryptography, Monday, April 13
- Computer performance considerations in cryptography, Friday, April 10.
- Data Security in practice: the Premera health insurer attack, and an OIG report on security problems predating the attack. Krebs thinks it was spearphishing. Wednesday, April 8.
- Steganography, Monday, April 6
- Signal Security and TEMPEST, Friday, April 3
- Whole-Disk Encryption, Wednesday, April 1
- Cryptocurrency, BitCoin, and Morality, Friday, March 27
- Digital signatures in RSA, Schnorr, and ECDSA, Wednesday, March 25
- Galois Finite Fields and AES, Monday, March 23
- Class on Friday, March 6 will be a project work session, due to the CCDC regional. I'll be there and ready to help with your projects, but attendance in person is not required.
- Securing people, Wednesday, March 4
- Physical aspects of data security, Monday, March 2
- Elliptic Curve Jacobi Coordinates, Friday, February 27
- Elliptic Curve Implementation and Elliptic Curve Diffie-Hellman key exchange, Wednesday, February 25
- NO CLASS Monday, February 23 due to weather
- Elliptic Curve Cryptography (ECC) basics, Friday, February 20
- Known flaws in RSA, Wednesday, February 18
- HTTPS Certificate Formats and Setup, Monday, February 16
- RSA Encryption Setup and Math, Friday, February 13
- Finite field arithmetic and modular inverse, Wednesday, February 11
- High performance multiplication and exponentiation, Monday, February 9
- Diffie-Hellman key exchange, and the discrete logarithm problem, Friday, February 6.
- Protecting Passwords with Hashing, Wednesday, February 4.
- Hash Algorithms and SHA-256, Monday, February 2.
- Feistel Structured Ciphers and the Data Encryption Standard (DES) of 1977, Friday, January 30.
- Random and Pseudorandom Numbers, Wednesday, January 28.
- Measuring Entropy: Information Theory, Monday, January 26.
- Byte histograms and correlations, Friday, January 23.
- RC5 and Cipher Design, Wednesday, January 21.
- Terminology, Friday, January 16.

Resources:

- crApto is my web-accessible system of crypto made to be broken. It uses your NetRun account, which you can reset here. Several homeworks will use it.
- If you like books, a comprehensive but increasingly dated book is Bruce Schneier's
*Applied Cryptography*(1996). - A slim but more recent text on cryptanalysis is Christopher Swensen's
*Modern Cryptanalysis*(2008). - A WWI and interwar-era description of cipher design, politics, spies, and intrigue both foreign and domestic, is Herbert Yardley's
*The American Black Chamber*(1931).

## Index of 2015 Spring

## Orion Lawlor

- Associate Professor, Computer Science
- University of Illinois, Urbana-Champaign 2004 Ph.D.
- Computer graphics; parallel programming; robotics; 3D printing.
- ELIF 134
- 907-474-7678
- Office Hours:
- MTWRF 3:30 p.m. to 5 p.m.
- lawlor@alaska.edu
- Lawlor's Page