# 6.857: Computer and Network Security

## Lectures and Handouts

### Lecture 1 (Wednesday, February 6): Introduction

### Lecture 2 (Monday, February 11): History of Cryptography

- Problem Set 1 - do you know who's in your group?
- encdec.py, tenciphs.txt, fourciphs.txt, and fg.txt - for use in PS1 problem 2
- Lecture 2 notes here and here.

### Lecture 3 (Wednesday, February 13): Encryption and One-time pad

### Lecture 4 (Tuesday, February 19 - a "virtual Monday"): OTP, Randomness, Hash Functions

### Lecture 5 (Wednesday, February 20): Hash function applications and constructions

- Lecture 5 notes
- Meaningful innocuous and evil documents with the same MD5 hash value. Someone might be willing to sign the first message but not the second.
- Check out the password-hashing competition here!.

### Recitation 1 and 2 Notes (Friday, February 15, 22): Number theory and Passwords

- Number theory notes here and here. The topics we covered are: divisors, primes, modular arithmetic, gcd, Euler's theorem, Fermat's little theorem, repeated squaring for fast exponentiation, generators, Chinese Remainder Theorem. Notes from recitation.
- Notes on passwords and hashes.

### Lecture 6 (Monday, February 25): Web security

- Lecture 6 slides
- Problem set 2 and the VM Image. Group assignments are here.

### Lecture 7 (Wednesday, February 27): Buffer overflows

- Lecture 7 notes
- Smashing the Stack for Fun and Profit by Aleph One (published in
*Phrack*Vol. 7 No. 49) - StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, by Cowan et al (in Usenix)
- The Geometry of Innocent Flesh on the Bone: Return-into-libc without function Calls (on the x86) by Shacham - some advanced variants on return-to-libc attacks.

### Recitation 3 (Friday, March 1): Using hashes and encryption to secure a FS

### Lecture 8 (Monday, March 4): Block ciphers

- Lecture 8 notes
- Wikipedia on Block Cipher Modes of Operation, worth it for the image of Tux encrypted in ECB mode

### Lecture 9 (Wednesday, March 6): Block cipher modes, MACs

- Lecture 9 notes
- NIST listing of block cipher modes
- Desai's paper defining UFE mode
- Recitation 4: We went over the IND-CCA security game and UFE in more detail and did some exercises. Lec 9 note cover this material.

### Lecture 10 (Monday, March 11): MACs continued, Finite Fields

- Lecture 10 notes
- Problem Set 3 and groups
- The EAX Mode of Operation by Bellare, Rogaway, and Wagner. Note that you are only responsible for pages 1-10.

### Lecture 11 (Wednesday, March 13): Finite fields, One-time MACs, Number theory

### Lecture 12 (Monday, March 18): Finite fields, Generators, Orders of elements, Safe primes

- Lecture 12 notes
- Problem Set 2 sample solutions are available on the protected page.
- Recitation 5: We went over one-time MACs and proved their security. (This material is included in Lec 12 notes). We also discussed final project ideas.

### Lecture 13 (Wednesday, March 20): Group theory, Diffie-Hellman, Finite groups

- Lecture 13 notes
- Recitation 6: We solved number theory problems about the material in Lectures 11-13: practice exercises and solutions.

### Lecture 14 (Monday, April 1): Pedersen Commitments, PK Encryption, El Gamal

- Lecture 14 notes
- Problem Set 4. You will need the list of primes/generators and the list of student numbers. Note that you should choose your own problem set group (of three or four people) for this problem set!
- Problem Set 3 sample solutions are available on the protected page. Include these in your quiz preparation.

### Lecture 15 (Wednesday, April 3): Malleability/homomorphism, IND-CCA2, Cramer-Shoup, RSA

- Mining your Ps and Qs: Detection of Widespread Weak Keys in Network Devices by Heninger, Durumeric, Wustrow, and Halderman. (external link) - interesting attack on real-world RSA implementations that use poor randomness
- Lecture 15 notes.
- Recitation 7: we revised in more details RSA, the Chinese Remainder Theorem, and the correctness of RSA as covered in class; we also discussed the paper Mining your Ps and Qs by Heninger et al.'12.

### Lecture 16 (Monday, April 8): RSA OAEP padding, Digital signatures

- Lecture notes
- Dan Boneh's paper Twenty Years of Attacks on the RSA Cryptosystem.

### Lecture 17 (Wednesday, April 10): Digital signatures, RSA, El Gamal, DSS

### Lecture 18 (Wednesday, April 17): Quiz (no handouts)

### Lecture 19 (Monday, April 22): Secret sharing, Bilinear maps, BLS signatures, IBE

- Lecture notes
- Problem Set 5 and the associated USTclient.py

### Lecture 20 (Friday, April 26): Electronic cash, Blind signatures

### Lecture 21 (Monday, April 29): Electronic cash, Zero-knowledge proofs, Hashcash, Bitcoin

- Lecture Notes
- Bitcoin home page
- How to Make a Mint: The Cryptography of Anonymous Electronic Cash (Law, Sabett, and Solinas)
- Problem Set 4 sample solutions available on the protected page