CS 758: Cryptography / Network Security

last updated December 22, 2013

This page contains information about the Computer Science graduate course CS 758, "Cryptography / Network Security". This course is being offered in the Fall Semester, 2013 by Doug Stinson.

Course Information

If you are not a CS student and you would like to take this course, please contact me.
class time: 11:30--12:50 T Th
class location: DC 2568
first lecture: Tuesday September 10
instructor: Doug Stinson
office: DC 3522
email: dstinson"at"uwaterloo.ca
Note: please use University of Waterloo accounts when sending me email.
telephone: (519)-888-4567 ext. 35590
consultation: I am often available for consultation in my office without an appointment. If you wish to make an appointment, please send me email or telephone me.

Textbook

There is no assigned textbook for the course. However, if you would like a reference (other than the lecture slides), much of the course material can be found in The Third Edition of Cryptography: Theory and Practice.

Course Slides, Assignments and Supplementary Information

Course slides, assignments and additional notes will be available.

Here is the current version of the slides (November 22): 1-up, 2-up and 4-up.
Assignment 1.
Math notes.
Maple hints.
The textbook material on RSA attacks.
Assignment 2.
FIPS 196.
Solutions to Assignment 1.
Assignment 3.
Solutions to Assignment 2.
Solutions to Assignment 3.

Objectives

This course covers cryptographic protocols and their application to secure communication, especially in a network setting.

Prerequisites

There are no formal prerequisites. A previous course in cryptography such as C&O 487 (Applied Cryptography), or a course in security such as CS 458/658, would be helpful (but it is not essential) in providing background for the course.

This is not a mathematics course, but cryptography uses a variety of mathematical techniques, most of which are at least introduced in a typical "discrete structures" course. Background that is useful for this course includes basic complexity theory, elementary number theory, algebra, probability, and combinatorics.

Course Outline (from the calendar description)

Review of cryptographic primitives and their applications to information security, and notions of cryptographic security. Discussion of public-key encryption, secret-key encryption, message authentication, signature schemes, and hash functions (6 hours).
Techniques for entity authentication. Passwords, challenge-response, identification schemes (e.g., Fiat-Shamir, Guillou-Quisquater), general techniques for zero-knowledge proofs for NP-complete languages (6 hours).
Protocols for key establishment, transport, agreement and maintenance. Online key distibution using a trusted server (Kerberos). Public-key techniques, including a discussion of Diffie-Hellman key agreement, man-in-the-middle attacks, STS protocol and forward secrecy. Unconditionally secure key distribution, including the Blom scheme and combinatorial key distribution patterns (10 hours).
Cryptography in a multi-user setting. Secret sharing schemes (including Shamir threshold schemes and schemes for general access structures). Conference key distribution and broadcast encryption. Copyright protection techniques and tracing schemes (8 hours).

Grades

The course grades will be based on written assignments (which may require some simple Maple programming) plus a course project. I encourage students to work in groups of two or three for the project. The project will include a written component as well as a presentation in class. The project will involve preparing a report on a recent research paper on a topic related to the course material, and/or implementing and analyzing one or more protocols on a topic related to the course material.

Course Project

The timeline for the course project is as follows:

Please form groups of 2-3 and inform me by email as to the membership of your group by Oct. 15.
A 1-2 page outline is due by October 29
In-class presentations (15-20 minutes) will be during the last week of classes.
The written report is due during the exam period (the exact date to be specified later).

The project could study one research paper in depth, or provide a survey/comparison of 3-4 related papers. The topic should be something related to the course content, e.g., identification, key distribution, secret sharing, etc. The project should be concerned with protocols (i.e., not just a cryptosystem) and it should have strong crypto content (i.e., it is not a security project). You can also consider topics not covered in the course, e.g., RFID identification. Your project should strive add some significant content to a paper or papers. This could include one or more of the following:

Including proof details (if they are omitted from the paper)
Doing additional analysis or computations.
Extending the results of the paper in some way.
Implementing one or more protocols or providing a comparison of implementations.

There are many possible sources you can look at to find suitable papers. Two of the best are:

IACR eprint archive, and
LNCS crypto conference proceedings.
A list of crypto and security journals (most of these are available online).

Feel free to email me or make an appointment to see me if you would like additional guidance.