Computer and Network Security (6.857, Spring 2015)
Lectures
Lecture notes from 6.857, taught by Prof. Ronald L. Rivest. Some lecture notes are exactly the ones posted on the 6.857 course website
- Lecture 1: Introduction
- Lecture 2: (Cancelled):
- Lecture 3: Security principles and Growth of crypto
- Lecture 4: One-time pad
- Lecture 5: Hash functions I: random oracle model (ROM), one-way, collision-resistance, target collision resistance, preimage attack, second preimage attack, pseudo-randomness, non-malleability, hashed passwords, digital signatures, commitment schemes
- Lecture 6: Hash functions II: puzzles, Hashcash (’97), Merkle’s public-key crypto using puzzles, Merkle-Damgaard construction, Davies-Meyer construction, MD5
- Lecture 7: Cryptocurrencies: atoms vs. bits, Bitcoin, public ledger, multiple-in multiple out (MIMO) transactions,
- Lecture 8: Ciphers I: Shamir’s secret sharing, block ciphers, DES, AES
- Lecture 9: Ciphers II: ideal block cipher, modes of operation, electronic codebook mode (ECB), counter mode (CTR), cipher-block chaining mode (CBC), cipher feedback mode (CFB), indistinguishability under chosen-ciphertext attack (IND-CCA), unbalanced feistel encryption
- Lecture 10: Stream ciphers: RC4, Spritz, ChaCha
- Lecture 11: Message authentication codes: HMAC, CBC-MAC, PRF-MAC, One-time MAC (OTMac), authenticated encryption with associated data (AEAD), EAX mode, encrypt-then-MAC, finite fields and number theory
- Lecture 12: Crypto math I: primality testing, one-time MAC, the Totient function (phi), divisors, greatest common divisor (GCD), (Extended) Euclid’s algorithm, order of group elements, generators, Fermat’s little theorem, Lagrange’s theorem, why we pick safe primes
- Lecture 13: Crypto math II: group theory review, Diffie-Hellman key-exchange, Zp, Zn, Qp, Qn
- Lecture 14: Public key crypto I: commitment schemes, Pedersen commitments, ElGamal, Decisional Diffie-Hellman (DDH) problem
- Lecture 15: Public key crypto II: IND-CCA2 security Cramer-Shoup, RSA, making RSA IND-CCA2-secure, other RSA security aspects
- Lecture 16: Digital signatures: hash and sign, RSA PKCS, RSA PSS, ElGamal, Digital Signature Algorithm (DSA)
- Lecture 17: Bilinear maps: gap groups, bilinear maps, Boneh-Lynn-Shacham (BLS) signatures, 3-way key agreement (Joux), identity-based encryption (IBE)
- Lecture 18: Zero knowledge proofs: zero-knowledge proofs (ZKPs), interactive proofs, Sudoku, 3-colorability, graph isomorphism, Hamiltonian cycle, discrete log
- Lecture 19: Computing on encrypted data guest lecture by Vinod Vaikuntanathan:
- Lecture 20: Electronic voting: public voting, paper ballots, lever machines, punch cards, optical scan, Direct Recording by Electronics (DRE), Voter Verified Paper Audit Trail (VVPAT), DRE+VVPAT, vote by mail, internet voting (oh dear God), voting requirements, security threats, end-to-end voting security, Twin (Rivest and Smith), Scantegrity (Chaum et al)
Papers
Papers we read in 6.857 (directory here):
- Bitcoin, Satoshi Nakamoto
- Research Perspectives and Challenges for Bitcoin and Cryptocurrencies, Princeton University
- AES Proposal: Rijndael
- How to share a secret, Adi Shamir
- The EAX mode of operation
- Secure communications over insecure channels, Ralph Merkle
- New paradigms for constructing symmetric encryption schemes secure under CCA, via Unbalanced Feistel Encryption
- Unlinkable serial transactions: Protocol and applications
- A method for obtaining digital signatures and public-key cryptosystems, Rivest, Shamir, Adleman
- Twenty years of attacks on the RSA cryptosystem, Dan Boneh
- New directions in cryptography, Diffie-Hellman
- Cramer-Shoup cryptosystem
- ElGamal cryptosystem
- FIPS PUB 186-4: Digital Signature Standard (DSS)
- Sequences of Games: A Tool for Taming Complexity in Security Proofs
- Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance, Phillip Rogaway
Slides, articles
TODOs