# 6.857: Computer and Network Security

## Lectures and Handouts

### Lecture 1 (Wednesday, February 8): Introduction

- Course information handout
- Lecture 1 notes (only covered up through page L1.4)

### Lecture 2 (Monday, February 13): History of Cryptography

- Lecture 2 Slides
- Problem Set 1 (due Feb 24) - do you know who's in your group?
- Nash's proposed cryptosystem, with transcription here, for use with PS1. Here's some Python code that takes a stab at implementing it--feel free to use it as a resource (particularly the comments), though also let us know if you think it's incorrect!

### Lecture 3 (Wednesday, February 15): Further Introduction, Encryption

- Lecture 3 Notes (covered through page L3.5)

- "Traveling Light in a time of Digital Thievery", NYT 2/11/12
- "Ron was wrong, Whit was right" - recent paper about insecure RSA keys
- "Freedom to Tinker: There's no need to panic over factorable keys" - a bit of analysis of the above paper

### Lecture 4 (Tuesday, February 21 - a "virtual Monday"): One-Time Pads, Randomness, RC4

Links and materials of interest:- Wikipedia articles on hardware random number generators, quantum key distribution (particularly the BB84 protocol), and RC4
- IEEE Spectrum article about Intel's new random number generator

### Lecture 5 (Wednesday, February 22): Block Ciphers

- Lecture Notes
- New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack by Desai, a description of UFE
- Wikipedia on Block Cipher Modes of Operation, worth it for the image of Tux encrypted in ECB mode.

### Lecture 6 (Monday, February 27): Guest Lecture: Victor Costan on Web Security

- Victor's Slides
- Problem Set 2 (due March 9) - do you know who's in your group?
- Desai's variable input length symmetric encryption scheme, for use on PS2.
- Bellare and Rogaway's variable input length symmetric encryption scheme, for use on PS2.

### Lecture 7 (Wednesday, February 29): Guest Lecture: Prof. Srini Devadas on Physical Unclonable Functions (PUFs)

### Lecture 8 (Monday, March 5): IND-CCA Security & Hash Functions

- Lecture 8 notes
- Professor Rivest briefly referenced The Bright Side of Being Hacked

### Lecture 9 (Wednesday, March 7): Hash Function Properties & Uses for Hash Functions

- Lecture Notes
- Prof. Dan Boneh of Stanford's free cryptography course

### Lecture 10 (Monday, March 12): Project Idea Presentations

- See project proposals for a decent outline of what was presented
- Problem Set 3 is out; see here for groups.

### Lecture 11 (Wednesday, March 14): Hash Functions

- Lecture Notes
- ECRYPT 2005 Conference on Hash Functions - see especially a nice introductory survey article by Bart Preneel
- Merkle-Damgard Revisited by Coron, Dodis, Malinaud and Puniya, appearing in Crypto 2005
- Slides from Adi Shamir discussing Floyd's "two finger" algorithm and improvements
- The NIST SHA-3 hash function competition web site

### Lecture 12 (Monday, March 19): One-time MACs and Finite Fields

- Lecture Notes
- A Computational Introduction to Number Theory and Algebra by Victor Shoup is a great additional resource

### Lecture 13 (Wednesday, March 21): Number and Group Theory

### Lecture 14 (Monday, April 2): More Groups, and DH Key Exchange

- Lecture Notes
- PS4 is posted. To complete the homework, you'll need this paper by Adam Kalai. You'll also need the datasets of keys, which have 1000, 10000, 100000, 1000000 keys. (You can download these files together in a zip file here).
- Suggested reading is chapters 8 and 9 of Paar and Pelzl's "Understanding Cryptography"
- Wikipedia on Elliptic Curves
- Wikipedia on Elliptic Curve Cryptography
- Sage is a free, open-source collection of mathematics programing tools based on top of Python.

### Lecture 15 (Wednesday, April 4): Public Key Encryption, El Gamal, IND-CCA2, and Cramer Shoup

- Lecture Notes
- Recommended readings: Paar and Pelzl Chapters 6, 7 and 8, and Katz and Lindell Chapter 10
- Tsiounis and Yung's paper "On the security of El Gamal PK encryption"
- Wikipedia on the Cramer-Shoup PK encryption method

### Lecture 16 (Monday, April 9): RSA Encryption and Digital Signatures

- Lecture Notes
- Dan Boneh's paper Twenty Years of Attacks on the RSA Cryptosystem

### Lecture 17 (Wednesday, April 11): Digital Signatures: RSA, ElGamal, and DSS

### Lecture 19 (Monday, April 23): Gap Groups, Bilinear Maps, and Secret Sharing

- Problem Set 5 is due May 4th
- Lecture Notes
- The Pairing-Based Crypto Lounge
- Pairing-Based Cryptographic Protocols: A Survey
- The Boneh-Lynn-Shacham (BLS) signature scheme
- Shamir's secret sharing scheme

### Lecture 20 (Wednesday, April 25): Key Establishment and Certificates

- Lecture Notes
- Handbook of Applied Cryptography chapter 12
- Wikipedia on Needham-Schroeder
- Also see "Protocols for Authentication and Key Establishment" by Colin Boyd and Anish Mathuria (Springer, 2003)

### Lecture 21 (Monday, April 30): SPKI, SDSI, Viruses, and Trusting Trust

- Lecture Notes
- SPKI/SDSI Page
- Certificate Chain Discovery in SPKI/SDSI
- Wired story on the Slammer worm
- Quines (programs that print themselves)
- Ken Thompson's Turing Award article "Reflections on Trusting Trust"

### Lecture 22 (Wednesday, May 2): Electronic Cash

- Lecture Notes
- How to Make a Mint: The Cryptography of Anonymous Electronic Cash by Law, Sabett, and Solinas
- Untraceable Off-line Cash in Wallets with Observers by Stefan Brands
- Bitcoin
- Peppercoin