1. (17/1) Overview of course, classical encryption systems, simple substitution, Vigenere, transpostion, one-time tape, G-writer. Security. Chapter 2 of Stallings book. A short description of the G-writer is available on the course home page.

2. (19/1) Breaking of Vigenere, Security of one-time tape, entropy. This material appears in many places but section 1.2.3 and chapter 2 of Stinson's book, "Cryptography; theory and practice" is a good source.

3. (21/1) Data Encryption Standard (DES). Definition, modes of operation, a short discussion on attacks. Chapter 3 of Stallings.

4. (24/1) Data Encryption Standard completed. Linear cryptoanalysis, power attacks. Time/space tradeoffs for inversion of one-way permutations and general one-way functions. Chapter 3 of Stallings. Matsui's paper on breaking DES is in proceedings of CRYPTO 1994, Springer Lecture Notes in Computer Science, Volume 839. One rigorous proof of a variant of the time/space tradeoffs can be found in "A. Fiat and M. Naor, Rigorous Time/Space Tradeoffs for Inverting Functions, SIAM J. Computing Vol 29, 1999 pp. 790-803", (available for instance from Moni Naor's home page) or the original article "Hellman, A cryptoanalytic time memory trade-off, IEEE Transaction on Information Theory, Vol 26, 1980, pp 401-406.

5. (26/1) Finite fields of with a power of two number of elements. How to do addition, multiplication and division. Description of AES. Stallings, Chapters 4 and 5.

6. (28/1) AES completed. A discussion of public key cryptography in general. Some background in Number Theory, the breakable system of RSA with prime exponent and the modification to correct RSA. Stallings, Chapter 5 (AES), 8.1-8.4 (primes, CRT), and 9.1-9.2 (RSA).

7. (31/1) Diskussion of RSA and some of its properties. Finding d is equivalent to factoring, general inversion is not known to be. Mentioned fastest known methods for integer factorization (General Number Field Sieve). Timing attacks (Kocher). Vulnarabilities when e is small and attacks when d is small (Wiener). Material from Stallings 9.2 where additional information can be found in the references.

8. (2/2) Finished the attack on RSA when d i small. Properties of the multiplicative group mod p for a prime p. The discrete logarithm problem. El-Gamal encryption and McEliece encryption scheme. Material from Stallings 8.5. El-Gamal and McEliece can be found in Stinson's book (McEliece only in first edition).

9. (4/2) McEliece completed. Hashfunctions in general, inversion using small memory. A good hash function based on the intractability of discrete logarithms and a description of SHA-1. A general discussion of hash functions can be found in Stallings Chapter 11 and SHA-1 is in Chapter 12.2. The discrete logarithm construction can be found in the first edition of Stinson's book.

10. (9/2) SHA completed. A general discussion of digital signatures and what properties we need. A discussion of how to use RSA for signatures.

11. (11/2) DSS signature scheme. Key exchang by Public key encryption system, Diffie-Hellman, quantum channel and a large number of semi-difficult puzzles. 13.3 in Stallings (DSS), 10.2 in Stallings (DH). The semi-difficult puzzles were discoverd by Merkle and appears in a paper in Communication of the ACM in 1978. The quantum material originated in a 1984 article of Bennet and Brassard presented at a conference. There are a large number of secondary sources for this material. It appears for instance in Brassards book "Modern Cryptology".

12. (16/2) Elliptic curve cryptography. Chapter 10.3-10.4 in Stallings.

13. (18/2) Pseudorandom number generators. Chapter 7.4 in Stallings. Some lecture notes has been added.

14. (23/2). Guest lecture by Mats Näslund from Ericsson. It discussed security in GSM network and in the future 3G.

15. (25/2). Identification protocols and the concept of zero-knowledge, i.e. that a player does not learn anything if he can generate his view of the protocol himself.

Sidansvarig: <johanh@nada.kth.se>

Senast ändrad 25 februari 2005

Tekniskt stöd: <webmaster@nada.kth.se>