Fall Quarter, 2004
Instructor: Stanislaw Jarecki
Class time: Tu-Th, 11-12:20
Room: ICF (Interim Classroom Facility, i.e. bldg 315), room 101
Extra day: At the end of the quarter, there will be an extra day-long session with student presentations, either on Dec 2 (Thursday), Dec 3 (Friday), or Dec 4 (Saturday), to be decided in the first week. Each presentation will be 20 minutes long. You will be expected to listen to the talks of all the other students, but you will be excused from the part of the talks that conflicts with your other obligations on that day.
The class is open to upper-class undergraduates, with the permission of the instructor. The requirements for the undergraduates are reduced. For example, no final presentation is required (see more below).
Class web site: http://www.ics.uci.edu/~stasio/fall04/ics268.html
Prerequisites: ICS 6A and ICS 161/261, also see below
Textbook (recommended but not required): Douglas R. Stinson, "Cryptography: Theory and Practice (2nd edition)".
Main reading material: Handouts, lecture notes, and other material available on-line (see a link below).
This course is an introduction to modern cryptography and security for graduates and advanced undergraduates. The class will try to balance between the breadth of the coverage and an attempt to develop a general approach to the study of security issues. The first aim of the class is to introduce students to various cryptographic tools like symmetric and public-key encryption schemes, signature schemes, message authentication schemes, identification protocols, and others. The second and equally important aim of this class is to develop a "provable-security" paradigm of approaching any communication security problem. This paradigm consists of (1) understanding the security *goal* of any protocol, i.e. understanding what properties a protocol needs to achieve to be considered secure, and (2) designing a protocol together with a *proof* that the protocol achieves these properties under some well-understood computational hardness assumptions, for example under the assumption that it is computationally hard to factor large composite numbers.
The aim of the course is to introduce some fundamental cryptographic tools in such a way so that (1) you will be able to specify the security needs of the system you are designing and use existing cryptographic mechanisms in such a way so that your security needs are met, and (2) you will be able to develop new cryptographic mechanisms and protocols yourself.
To help further these goals, we'll end the class with conference-style presentations by the *graduate* students on some security/cryptography topic chosen by the student.
This class will not teach you all there is to know to make computers and networks secure. Cryptography is only one layer in the stack of engineering issues that need to be solved to make computers and networks secure. Computer security deals with lots of issues we will not touch on in the class, like buggy code, viruses, denial of service attacks, network monitoring techniques, preventing bad passwords, integrating various network services securely, and many more. This class will stay firmly on the layer of algorithms for the so-called "cryptographic primitives", i.e. the design of cryptographic tools like encryption, signatures, authentication. While some of these tools will be probably very useful in solving any of the real-world security issues above, we will not be analyzing any such systems in this class. On the other hand, we will often mention the real-world security issues like those listed above in motivating the security properties required of the cryptographic tools we will be designing.
Another note of warning is that in this class we will not concentrate on techniques used to design and analyze block ciphers (like DES or AES) and hash functions (like MD5 and SHA), although the class will offer you some insight into security of such constructions. We will focus instead on public key crypto, but we will spend a few lectures on private key algorithms too.
Problem sets are due at the beginning of the class. You are not allowed to work on the homework problems together with other students. You are also not allowed to consult solutions from previous years or solutions available on-line. You are allowed to consult other sources, such as textbooks, lecture notes, or research papers, but you must clearly mark any material you reference.
The (recommended) textbook is Douglas R. Stinson's "Cryptography: Theory and Practice", which is available through the UCI bookstore. It is very good as a reference for a lot of the material we will be covering, but we will not follow it in great detail, and a lot of the lecture material is not covered by Stinson.
The primary source of the material will be the lecture notes and handouts which I will be posting on the web and distributing in class.
The formal prerequisites are ICS 6.A and ICS.161. However, what you really need in general is this:
More specifically, you need the following:
This class is complimentary to the MATH.173A - 173B classes on number theory and cryptography which are taught by Prof. Margulies in the math department. Having that class or any other preparation in number theory is a very good background for this class, but it is not necessary. However, if you think you'd like to work on cryptography and security, and you do not have a strong background in number theory, I recommend that you take both classes this quarter. Prof. Margulie's class is taught MWF 3-3:50 in ET 204, and the ICS students can either take it for a grade or pass/fail as a special topic course, ICS.299.
Students who want to learn more about crypto/security are encouraged to attend a weekly seminar of the SCONCE group, which takes place on Fridays 11:30-12:30, in ICS2 room 144.