Welcome to CS 590 (Practical and Applied Cryptography)!

Instructor: Christina Garman (clg@purdue.edu)

OVERVIEW

In 2016 more than 2 billion records and $450 billion were lost due to publicly-reported criminal and nation-state cyberattacks across the globe, and over 100 million medical records were stolen in the United States alone. The failure of our existing security infrastructure motivates the need for improved technologies, and cryptography provides a powerful tool for doing this. Over the past several years though, we have seen a number of serious vulnerabilities in the cryptographic pieces of systems, some with large consequences.

This course will teach cryptography and cryptographic design principles as they are applied to real world systems, both in how to correctly use cryptography to build secure systems as well as examining flaws and "breaks" in already deployed systems. We will also discuss the mistakes that led to these flaws, how these flaws could have been prevented, and various tools and techniques that exist for building cryptographic systems in practice. Students will have the opportunity to implement cryptographic schemes and explore cryptographic failures in practice, as well as engage in a semester-long research project related to applied cryptography. The course will be largely lecture-based.

Time: Tu/Th 4:30pm-5:45pm
Location: Lawson 1106 and livestreaming on Brightspace

Prerequisites:

OFFICE HOURS

My office hours will be TBA in my office (Lawson 1185), as well as online.

I will be available by appointment as well.

GRADING

The course will be largely lecture based, though we will occasionally be reading and discussing papers. We will also have a few projects, both in implementing cryptographic schemes as well as exploring cryptographic failures in practice. Finally, there will be a semester-long research project related to applied cryptography.

While this is a lecture-based course, discussion will still be very important, so part of your grade will include a participation component. So please attend class! If you cannot make class for any reason (such as job interviews, etc.), please let me know as you will not be penalized for this.

Final grades will be assigned on a curve at the end of the course.

SCHEDULE

This schedule is subject to change.

TBD

Week Topic Readings
Week 1 Introduction Reflections on Trusting Trust
Optional: The Security Mindset
Optional: How to Think Like a Security Professional
Week 2 Basics of Cryptography Historical Cryptography
Week 3 and 4 Introduction to Symmetric Cryptography Symmetric Key Cryptography Notes
Optional: Authenticated Encryption Deep Dive
Week 5 and 6 Introduction to Public Key Cryptography Public Key Cryptography Notes
Notes on Algebra and Number Theory
Twenty Years of Attacks on the RSA Cryptosystem
Optional: The Discrete Logarithm Problem
Optional: Main Computational Assumptions in Cryptography
Week 7 TLS Lessons Learned in Implementing and Deploying Crypto Software
Optional: https://tlseminar.github.io/
Week 8 TLS Attacks
Week 9 Protocols
(Authentication, SSH, DNSSEC, Secure Messaging, etc.)
Week 10 Cryptographic Hardware
Week 11 Cryptographic Side-channels
Week 12 Provable Security
Week 13 Multi-party computation (MPC)
Week 14 Zero-knowledge proofs
Week 15 Ethics, Law, and Policy
Week 15 Make-up/Catch-up/Relevant current topics

PROJECTS

All projects will be submitted on Brightspace unless otherwise noted.

ASSIGNMENTS

All assignments will be submitted on Brightspace unless otherwise noted.

PAPER LIST

TBA

Students are expected to have read the associated paper(s) BEFORE each class.

If you have any suggestions for papers that you would like to present, please let me know!

ADDITIONAL RESOURCES

A Few Thoughts on Cryptographic Engineering

No textbook is required, but if you would like additional resources the following may be useful:

Resources for Cryptographic Background

COMPUTER SCIENCE DEPARTMENT ACADEMIC INTEGRITY POLICY

The Department of Computer Science expects and enforces the highest standards of academic integrity and ethics. The Department takes severe action against academic dishonesty, which may include failing grades on an assignment or in a course, up to a recommendation for dismissal from the University.

Academic dishonesty is defined as any action or practice that provides the potential for an unfair advantage to one individual or one group. Academic dishonesty includes misrepresenting facts, fabricating or doctoring data or results, representing another's work or knowledge as one's own, disrupting or destroying the work of others, or abetting anyone who engages in such practices.

Academic dishonesty is not absolute because the expectations for collaboration vary. In some courses, for example, students are assigned to work on team projects. In others, students are given permission to collaborate on homework projects or to have written materials present during an examination. Unless otherwise specified, however, the CS Department requires all work to be the result of individual effort, performed without the help of other individuals or outside sources. If a question arises about the type of external materials that may be used or the amount of collaboration that is permitted for a given task, each individual involved is responsible for verifying the rules with the appropriate authority before engaging in collaborative activities, using external materials, or accepting help from others.

A student accused of academic dishonesty must be afforded due process as defined by Purdue University procedures. The Dean of Students Office may be notified concerning an academic dishonesty incident as provided by Purdue University procedures.


Last modified Tue 19 January 2021.