Instructor: Poorvi Vora, poorvi@gwu.edu, 706 Philips Hall. Office Hours: 4:30-7:30 pm, Tuesdays.

TA: Yu-An Sun, ysun.hosp@gmail.com, 720G, Philips Hall. Office Hours: 12:3o-3:30 pm, Mondays, and 3-6 pm, Thursdays.

Text: Douglas Stinson, "Cryptography: Theory and Practice", Third Edition, 2005.

Course Content: Classical ciphers and cryptanalysis, Shannon's perfect secrecy, Feistel ciphers and DES, SPN's and AES, linear and differential cryptanalysis, public-key crypto (RSA, Discrete Log), one-way functions, digital signatures, authentication.

Prerequisites: Discrete Mathematics, some complexity theory

Grading: HWs (25%), Quizzes (20%), two tests (15% each), a final exam (25%).
Late HWs are allowed till the HW solution is made available, but will be multiplied by a factor of (1.0 - n*0.1) where n is the number of days the submission is delayed. So, for example, if you submit your HW two days late, your grade on that HW will be multiplied by 0.8.

284 and 162 will be graded separately. If you are an undergrad, please consult your adviser before choosing to take 284; graduate credit for 284 is not automatic for undergrads, but all those enrolled in 284 will be graded together.

Course Outline

Planned Schedule

22 January 2007, Lecture 1: Classical Ciphers and their cryptanalysis. Slides All of chapter 1 from the text except sections 1.1.5, 1.1.7, 1.2.3, 1.2.4, 1.2.5 and theorems in section 1.1.3. We will not be covering Hill Ciphers (sections 1.1.5 and 1.2.4) or cryptanalysis of the Vigenere Cipher (section 1.2.3) in this course, but we will cover stream ciphers and their cryptanalysis (sections 1.1.7 and 1.2.5) in lecture 4, and the theorems from section 1.1.3 in lectures 2 and 10. Further Reading (not necessary, and you do not need any of the proofs) Modular Arithmetic Class Notes, CSCI 124 Groups Class Notes, CS 124 (the theorem in this will be covered next week)

29 January 2007, Lecture 2: Number Theoretic Algorithms. Slides Notes Theorem 1.1 from section 1.1.3 with a proof not in the book. While last week I provided pointers to notes from a different class, I have now written notes for this class. HW1 assigned: Due on 5 February Quiz 1

5 February 2007, Lecture 3: Euclidean Algorithm Basic. Block Ciphers: Substitution-Permutation Networks, Feistel Ciphers. Euclidean Algorithm (Basic) Slides, Slides: SPNs and Feistel Ciphers Basic Euclidean Algorithm Notes Sections 5.2.1 (pages 163-164), 3.1. 3.2 from text, section 2 from Heys' report. HW2 assigned: Due February 16 Sample files: input_spn, output_spn, input_feistel, output_feistel Quiz 2 References H. M. Heys, Section 2, "A Tutorial on Linear and Differential Cryptanalysis", Technical Report CORR 2001-17, Centre for Applied Cryptographic Research, Department of Combinatorics and Optimization, University of Waterloo, Mar. 2001. (Also appears in Cryptologia, vol. XXVI, no. 3, pp. 189-221, 2002.) Practice Problems Problems 1-19, GCD

12 February 2007, Lecture 4: Complete SPNs and Feistel Ciphers. AES, DES. Slides: SPNs and Feistel Ciphers, Slides: DES and AES Sections 3.5, 3.6 (except 3.5.2, which will be covered in lecture 8) from text. Quiz 3 HW 1 Solutions Quiz 3 Solutions References DES Standard AES Standard Animation of AES Encryption

19 February 2007, Holiday: Presidents' Day

26 February 2007, Lecture 5: Test 1: Classical, Block Ciphers, some number theory, Lectures 1-4.

5 March 2007, Lecture 6: Extended Euclidean Algorithm. Probability Theory Extended Euclidean Algorithm Slides, Extended Euclidean Algorithm Notes Probability Theory Slides Sections 2.2 and 5.2.1 from text Quiz 4 Practice Problems Modular Inverse

12 March 2007, Spring Break Practice Problems: 1.11, 3.1-3.4, 3.7

19 March 2007, Lecture 7: Shannon Secrecy. Slides Sections 2.1-2.3 from text. HW3 assigned: Now due April 9 Quiz 5 References Claude E. Shannon, "Communication Theory of Secrecy Systems", Bell System Technical Journal, vol.28-4, page 656--715, 1949.

26 March 2007 Lecture 8: Complete Shannon Secrecy. Slides: Shannon Secrecy Sections 2.2, 2.3, 2.7 from text. Quiz 6 References Claude E. Shannon, "Communication Theory of Secrecy Systems", Bell System Technical Journal, vol.28-4, page 656--715, 1949.

2 April 2007, Lecture 9: Entropy. Linear Cryptanalysis. Sections 2.4 (no Huffman encodings), 3.3 from text. Slides: Entropy, Cryptanalysis HW4 assigned: Due April 30 Quiz 7 References H. M. Heys, "A Tutorial on Linear and Differential Cryptanalysis", Technical Report CORR 2001-17, Centre for Applied Cryptographic Research, Department of Combinatorics and Optimization, University of Waterloo, Mar. 2001. (Also appears in Cryptologia, vol. XXVI, no. 3, pp. 189-221, 2002.)

9 April 2007, Lecture 10: Linear and Differential Cryptanalysis. Stream Ciphers. Slides: Stream Ciphers, Cryptanalysis 1.1.7, 3.4, 5.3.1 (exclude algorithm 5.4, which will be done in lecture 12), from text Quiz 8 HW 3 Solutions References H. M. Heys, "A Tutorial on Linear and Differential Cryptanalysis", Technical Report CORR 2001-17, Centre for Applied Cryptographic Research, Department of Combinatorics and Optimization, University of Waterloo, Mar. 2001. (Also appears in Cryptologia, vol. XXVI, no. 3, pp. 189-221, 2002.) Coppersmith, Krawczyk, Mansour. "The Shrinking Generator", Crypto '93, LNCS 773, pages 22-39. Springer-Verlag, 1994. Beth and Piper, "The stop-and-go-generator" in Advances in Cryptology: Proceedings of Eurocrypt 84, Lecture Notes in Computer Science, Berlin: SpringerVerlag 1985, vol. 209, pp. 88-92.

16 April 2006, Lecture 11: Test 2. Extended Euclidean Algorithm, Shannon Secrecy, Stream Ciphers, Cryptanalysis, computational complexity of basic operations. Lectures 6-10.

23 April 2006, Lecture 12: Implementation: fast powers mod n. RSA algorithm. Quiz 9

30 April 2005, Lecture 13: Number theory: Lagrange theorem on group order, CRT, Isomorphism between Z_pq and Z_p X Z_q based on CRT. RSA Correctness Proof. Discrete Log. Sections 5.2.2 and 5.2.3 from text Slides: RSA Discrete Log Quiz 10

2 May 2005, Wednesday, Lecture 14 Catch-up. HW 5 Due May 14 Quiz 11 CS 162 Test 1 Solutions, CS 162 Test 2 Solutions, CS 284 Test 1 Solutions, CS 284 Test 2 Solutions

14 May 2005, Monday CS 162 and CS 284: Final Exam 1720-1920 (5:20-7:20 pm) in usual classroom. Covers entire syllabus, but with greater emphasis on stream ciphers and material since Test 2. No linear or differential cryptanalysis.