All students are subject to the Northeastern Universitys Academic Integrity Policy. This is an introduction to cryptography course. about this concept. paper for a demonstration of this issue. For more reading on zero knowledge see notes in previous lecture. ), A Graduate Course in Applied Cryptography, Allen In particular the first 5 presentations there (Introduction, = (b) Show under the RSA assumption, (G, F*, I*) is one-way. Some attacks on SSL V3.0 are described in McGraw-Hill. (and Malcolm Williamson came up with a protocol similar In addition, familiarity with algorithms and basic probability theory will be helpful. by Dan Boneh. Source (s): CNSSI 4009-2015 from CNSSI 4005. Lecture 1 (Dec 3): Algebra and Number theory refresher. This Other Resources Slack. The first scheme we presented in class was taken from the No mandatory textbook. A Graduate Course in Applied Cryptography. . Victor Shoup. - Keith Martin: Everyday Cryptography, 2nd edition, Oxford University Press, 2017. Students interested in choosing this option must contact me within the first 3 weeks. class. (Sections 3.5, 3.6.1, 3.6.2 and 6.5). Course 3 of 5 in the Cybersecurity Specialization Goldwasser-Micali-Rivest factoring based hash function is obtained through the intermediate notion A Computational Introduction to Number Theory and Algebra (Version 2) A free ebook introducing basic concepts from computational number theory and algebra, including all the necessary mathematical background. We encourage you to do so; both giving and taking advice will help you to learn. Email: I will end lectures with open questions that we will answer interactively during the next class. A course in cryptography might emphasize the mathematical foundation of classical and modern cryptosystems [48,53,92,113], weave the historical foundation into the main discussion [13,68], or. Scribe notes are a complete, polished write-up of a lecture, with references and technical details carefully filled in. The first construction that was proven to be chosen-ciphertext Reading: Boneh-Shoup Chapter 18. We are more than happy to answer/discuss any question about the material covered in class during office hours. Flexible deadlines Reset deadlines in accordance to your schedule. Research is an unpredictable game, so your project evaluation will take into account the thought and effort you put in and the ideas you develop along the way. (Second Edition). and in particular in Sipser's book and my book with Arora. prohibited. Bleichenbacher Side Channels and Attacks, A hard-core predicate for all one-way functions, The security of all RSA and discrete log bits, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, This POODLE Bites: Exploiting The SSL 3.0 Fallback, The Secure Sockets Layer (SSL) Protocol Version 3.0, The Transport Layer Security (TLS) Protocol Version 1.2, A Generalization of Paillier's Public-Key System with Applications to Electronic Voting, Single Database Private Information Retrieval with Logarithmic Communication, An Oblivious Transfer Protocol with Log-Squared Communication, Factoring Preparing these notes will help you internalize the material at a new level, by thinking through the significance of the material and converting every proof outline discussed in class to a rigorous proof. Office hours: Tuesday 1-2pm and after class as needed, Lectures: Useful Books: A Graduate Course in Applied Cryptography, Dan Boneh and Victor Shoup (Free Online Textbook) Foundations of Cryptography: Volume 1, Basic Tools, Oded Goldreich This course will cover a selection oftopics in applied cryptography. //--------------------------------------------------------------->, Professor: Boaz Barak - 405 CS Building. A lot more information on the AES and other block ciphers can be found on It also emphasizes on discussing the challenges when applying cryptographic building blocks to solve practical security problems, including cloud computing, mobile crowdsourcing networks, and distributed systems. (Volume 1). Security Analysis of Pseudo-Random Number Generators with Input: When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability, Authentication Failures in NIST version of GCM, Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS, On the Practical Exploitability of Dual EC in TLS Implementations, A Systematic Analysis of the Juniper Dual EC Incident, Cryptanalytic Attacks on Pseudorandom Number Generators, Practical state recovery attacks against legacy RNG implementations, Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic, A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic, Factoring Polynomials with Rational Coefficients, Using LLL-reduction for solving RSA and factorization problems: a survey, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Cryptanalysis of RSA with private key d less than N, The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli, Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies, Timing Attacks on Implementations of for more details on Simon's and Shor's algorithms, as well as Bell's experiment. The first part develops See also Jan 20 - Lecture 1: Introduction to Cryptography and Data Security, Jan 25 - Lecture 2: One Time Pad and Perfect Secrecy, Jan 27 - Lecture 3: One Time Pad and Stream Cipher, Feb 03 - Lecture 5: Block Cipher The Data Encryption Standard (DES), Feb 08 - Lecture 6: Block Cipher The Advanced Encryption Standard (AES), Feb 10 - Lecture 7: How to use Block Cipher (one-time key), Feb 15 - Lecture 8: How to use Block Cipher (many-time key), Feb 24 - Lecture 11: Hard problems and Public Key Encryption, Mar 01 - Lecture 12: Public Key Encryption - RSA, Mar 03 - Lecture 13: Public Key Encryption - ElGamal, Mar 10 - Lecture 14: Message Integrity - Message Authentication Codes, Mar 15 - Lecture 15: Collision Resistance and HMAC, Mar 22 - Lecture 17: Authenticated Encryption I, Mar 24 - Lecture 18: Authenticated Encryption II. In this case, the project will account for 55 out of 125 points. Shoup he shows some "holes" in that proof and gives a different random-oracle based This point is yet again demonstrated in, There are many subtleties that arise when dealing with concurrent Course in Applied Cryptography @inproceedings{Boneh2015CourseIA, title={Course in Applied Cryptography}, author={Dan Boneh and Victor Shoup}, year={2015} } . Topics to be covered include Random number generation Symmetric cryptography: stream ciphers, block ciphers, hash functions, modes of operation . Among the topics covered will be private key and public key encryption schemes (including DES/AES and RSA), digital signatures, one-way functions, pseudo-random generators, zero-knowledge proofs, and security against active attacks (e.g., chosen ciphertext (CCA) security). We will have a slack channel which will serve as a place for discussions after the class and announcements. We will learn how cryptographic primitives work, how to use them correctly, and how to provably reason about their security. This course is a graduate-level introduction to cryptography, both theory and applications. Late Policy: Without prior request, no late work will be accepted. 20%: Peer grading, This is a course on applied cryptography, with a significant focus on cryptanalysis. The Cryptoparty Handbook - This book provides a comprehensive guide to the various topics of the computer and internet security. Chapters 1 and 3 of the Lehman-Leighton notes of was given in this Fiat and Shamir that gave a different construction for signature analysis of secure distributed systems. Definition (s): The generic term for a cryptographic device, COMSEC equipment, or combination of such devices/equipment containing either a classified algorithm or an unclassified algorithm. original random-oracle paper by Bellare and Rogaway. exciting results about their (in)security were given in, If you were interested in the notions of private information retrieval, More reading: The following lecture notes of an MIT The course will show how these primitives can be combined to build cryptographic protocols and systems. want to look at this site. of a 768-bit RSA modulus, Bleichenbacher's RSA signature forgery based on implementation error, A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic, A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic, A practical scheme for non-interactive verifiable secret sharing, The knowledge complexity of interactive proof systems, Zerocoin: Anonymous Distributed E-Cash from Bitcoin, Zerocash: Decentralized Anonymous Payments from Bitcoin, SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge, Factoring Polynomials with Rational Coefficients, Using LLL-reduction for solving RSA and factorization problems: a survey, A Graduate focus too much on proofs of security, as opposed to precise definitions of security, Course Description This course is an introduction to the basic concepts and mechanisms of applied cryptography and data security. Course in Applied Cryptography, An In many places there is an emphasis not so much on one way permutations but on research, take a look at the, we talked about how authentication is often needed even if For an exposition of the "classical" (non homomorphic encryption based) protocols As mentioned in the notes for lecture 9, these notes by Lindell. In many cases we can prove Security Flaws Induced by CBC Padding Lecture 3 (Dec 10): Basic hardness assumptions and the Diffie Hellman problem, RSA and Rabin function. the random oracle model can be found here. This course teaches cryptography from a practical perspective and provides hands-on experience in building secure systems. "); } At that time the notion of a probabilistic encryption was not standard, and one can (Volume I, pages 101-117). pace of the class, and more information will appear on the schedule as lectures are completed. 10.25 (A proper trapdoor permutation scheme based on RSA). This is an introduction to cryptography course. Please email the TA your .pdf file and the source files (.tex and .bib, as well as figure files if any). document.write(""+mydoar.replace("(the_shtrudel_sign)","@")+""); Lecture 0 (Dec 1): Introduction and motivation. Except for textbooks, the course's technical material, including lecture slidesand explanation videos, is posted online and available so that students can read or listen to it whenever and as many times it is desired or needed. Course Piazza (Announcements & Discussion) Required Textbook. The following are lecture notes/textbooks on cryptography (all but one free), which (often) adopt a more formal approach than the one from this class. Download as PDF. These parameters define a hash function H that takes as input two integers in (1,q) and outputs an integer in (1,q), as specified in (8.3). The second part of the course will be focused on more advanced topics, and will involve reading classical as well as recent research papers in selected topics, examples . in the random oracle model is the OAEP Some reading: An excellent discussion of provable security of cryptography (although proofs are of course necessary to show that "crazy-sounding" definitions such as if the real world adversary does not have access to additional information Copyright by ACM 2007. Course Overview This is a course on applied cryptography, with a significant focus on cryptanalysis. below is a exercise question in the book "A Graduate Course in Slides will be made available (password protected). This course was somewhat biased towards the, If you are interested in what's going on right now in cryptographic Micali who, when referring to in which order. Per Khoury College policy, all cases of suspected plagiarism or other academic dishonesty must be referred to the Office of Student Conduct and Conflict Resolution (OSCCR). flaws in the protocol, not prove that it's correct."). We are motivated by the observation that though results exist in other related contexts, no provably secure scheme has been applied to the setting of client-server protocols, which differ from conventional communications on the above points. Nadia Heninger Also, the Wikipedia page on secure Additional reading: Boneh-Shoup Chapter 10, KL Book Sections 10.1 , 10.2, 10.4, 10.7, 11.2. Piazza     Canvas. See Full PDF Download. This holds also for also refers to Appendix C of Goldreich Vol II (see Section C.1). Additional reading: Trevisan's links related to the random oracle model, the Course overview (10 min.) see this tutorial by Howard Heys Prior knowledge on number theory is not assumed, but may be useful - we will cover the required background in class. for Lance Hoffman's computer security course - CS244 at Berkeley - Fall 1974, this paper (see this page for the paper, containing Food for thought: We'll next begin to talk about the goal of integrity. Bleichenbacher's paper Reading: Sections 13.1, 13.4, 14.5 of Boneh Shoup. As mentioned in class, Bellare and Rogaway built on In A Graduate Course in Applied Cryptography Authors: D. Boneh and Victor Shoup Abstract: The book is divided into three parts. There will be (slight) shifts depending on the A Graduate Course in Applied Cryptography, CCE Online version 0.4 Sept. 2017 - crypto.stanford.edu Marketplace Platform for Enterprise Blockchains, Explaining Blockchain to Decisionmakers IBM . Additional reading: a shorter version, see chapter (These sources Welcome to the Fall 2020web page for CS/ECE 498 AC3/4: Cryptography! Note: You might want to look at these sources after you tried to tackle Exercise 1 on your own. Research topics: privacy-enhancing technologies, lattices, etc. It is posted here by permission of ACM for your personal use. Perhaps the simplest TA:Ruta Jawale, jawale2@illinois.edu. Applied Cryptography Specialization Improve Your Career in Computer Security. Course syllabus10m Starting your studies10m Everyday cryptography: fundamental principles and applications by Keith Martyn10m First thoughts on cryptography15m Risks to information30m Security services10m Relationship between services10m Cryptographic terminology10m Activity: Identifying algorithms30m Reflection30m 3 practice exercises Monday/Wednesday 12-1:30pm Moore 212 This course . Classics of Cryptography This course will review some of the greatest discoveries in modern cryptography: zero-knowledge proofs, factoring algorithms, elliptic- curve cryptography, post-quantum cryptography, and more. The first aspect of this revolution involved placing cryptography on more solid mathematical grounds, thus transforming it from an art to a science and showing a way to break out of the "invent-break-tweak" cycle that characterized crypto throughout history. you just want to have secrecy. 2003-2023 Chegg Inc. All rights reserved. At the end of the course, you should be able to: Formally define security properties and reason about them mathematically. You can pick a project topic of your choice (you can refer tothis listfor some nice ideas). Grading: Your final grade will come from the following sources: class attendance (CA), homework assignments (HA), in-class presentations (IP), and one in-class exam (IE). of Bellare's course discusses the issues in defining security for encryption schemes and perfect security. Chapter 0: Number Theory and Abstract Algebra Basics Boneh's book Appendix A Intro to Groups, Rings and Fields Chapter 2: Encryption solution Chapter 3&4 Course Textbook: The prescribed textbook for this course is Katz and Lindell's text Introduction to Modern Cryptography (not free, some copies available in the library). It seems that they didn't think of Merkle's protocol, Rabin's cryptosystem, and most (gsulliva at eng dot ucsd dot edu) On a lighter and more general note, you might be interested to read This course is intended for senior undergraduate students with an interest in applying cryptographic techniques to building secure systems, and for graduate students with an interest in cryptography or systems security. Applied Cryptography", body{ background-color: rgb(68, 66, 66); padding: 20px; text-align: center; min-height: 100vh; align-items: center; font-family:Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-transform: uppercase; } h1,p,h2{ color: white; } h2{ font-. Main themes of the course include: due to lack of MACs. Students will be asked to scribe lecture notes. end). Trapdoor permutations: definitions, construction based on factoring, CR Hash functions based on number-theoretic assumptions. (This excerpt is from a draft - see Goldreich Vol I for the updated version.). Treatment of pseudorandom generators If you like slides, you can see some I didn't get to show the CCA secure encryption without random oracle, covered in Section 12.4.3. Some good sources for the probability and complexity/algorithms backgrounds are: A good source for computational number theory is A Computational Introduction to Number Theory and Algebra by Victor Shoup. number theory, in preparation for public key encryption schemes. . Birkhuser Verlag, 2nd edition. lecture covers similar topics. Cryptography is an indispensable tool for protecting information in computer systems. original paper of Goldwasser, Micali and Rackoff presenting zero knowledge. However, we will not look at homework solutions or discuss an assignment. which allows Alice and Bob to do the same, but without This course will introduce you to the foundations of modern cryptography, with an eye toward practical applications. in this note of Oded Goldreich, that Download A Graduate Course In Applied Cryptography [PDF] Type: PDF. KL Book: Chapter 3 - Private key encryption and pseudorandomness, see also Trevisan's Introduction to Mathematical Cryptography, Introduction, historical ciphers, one-time pad, Semantic security, pseudorandom generators, stream ciphers, random number generation, Chosen plaintext attacks, pseudorandom permutations, block ciphers, modes of operation, Chosen ciphertext attacks, malleability, padding oracles, message authentication codes, Hash functions in practice, length extension attacks, HMAC, authenticated encryption, Computational number theory: modular arithmetic, GCDs, ideals, groups, primality testing, Arithmetic modulo composites, Chinese Remainder Theorem, Pohlig-Hellman discrete log, RSA, factoring, Textbook RSA is insecure, digital signatures, RSA, DSA, Constructing secure channels, TLS, POODLE, Subexponential factoring: elliptic curve method, quadratic sieve, Bleichenbacher RSA signature forgery, Index calculus, Symmetric cryptography: block ciphers, stream ciphers, modes of operation, Public-key cryptography: number-theoretic notions, public-key encryption schemes, digital signatures, Cryptographic security: key management, network security protocols, random number generation, side-channel attacks, Magical crypto tricks: secret sharing, commitments, zero-knowledge proofs. The definition is the natural way you'd generalize the definition one-way permutations to course by Silvio Micali (one of the inventors of zero knowledge). Some Download Original PDF. (link is for the older web version, see there section 3.7 page 114). The project can be a literature survey, or an attempt at original research to answer an open problem in cryptography. If you prefer PowerPoint slides Preface. Not for redistribution. It includes methods to communicate secretly and authenticate data in the presence of adversarial attacks. There are several lecture notes for cryptography courses on the web. Testing Policy: The exam given is closed book/note/laptop/neighbor. Trevisan lecture 14. Let l and e be parameters used for RSA key generation, and let G be the key generation algorithm, which outputs a pair (pk, sk). Sushant Sachdeva ( sachdeva@cs ) and Shi Li ( shili@cs ). Basic probability theory will be made available ( password protected ) the exam given is closed.... Slides will be made available ( password protected ) solutions or discuss an assignment are a complete polished. ( s ): Algebra and number theory, in preparation for public key encryption schemes happy... Late Policy: the exam given is closed book/note/laptop/neighbor, familiarity with algorithms and basic probability theory will helpful... Focus on cryptanalysis encryption schemes and perfect security original paper of Goldwasser, Micali and Rackoff zero. Tried to tackle exercise 1 on your own permutations: definitions, construction based on number-theoretic assumptions and... Serve as a place for discussions after the class and announcements correct. ``.! Work will be helpful choice ( you can pick a project topic of choice..., hash functions, modes of operation knowledge see notes in previous lecture 3:... Appear on the web as figure files if any ) for protecting information computer. Able to: a graduate course in applied cryptography solutions define security properties and reason about their security zero.! Be accepted your.pdf file and the source files (.tex and.bib, as as. Ssl V3.0 are described in McGraw-Hill or an attempt at original research to answer an open problem in.... Perhaps the simplest TA: Ruta Jawale, jawale2 @ illinois.edu late Policy: Without request., Oxford University Press, 2017 practical perspective and provides hands-on experience in building secure systems C.1 ) presented class... Available ( password protected ) Graduate course in Slides will be accepted in choosing this must! Deadlines Reset deadlines in accordance to your schedule technical details carefully filled in tothis listfor a graduate course in applied cryptography solutions nice ideas.. Deadlines in accordance to your schedule lectures with open questions that we will answer interactively during the next class experience! From CNSSI 4005 students are subject to the Random oracle model, the course, you be... A course on applied cryptography, both theory and applications schedule as lectures are completed in addition familiarity... Lecture notes for cryptography courses on the web based on factoring, CR hash based... In choosing this option must contact me within the first construction that was proven to be covered include number! Construction based on factoring, CR hash functions, modes of operation Rackoff. An open problem in cryptography class during office hours 114 ) a exercise in! Contact me within the first construction that was proven to be chosen-ciphertext reading: Sections 13.1, 13.4, of!: Boneh-Shoup Chapter 18, not prove that it 's correct. `` ) ciphers, functions... Secretly and authenticate data in the book `` a Graduate course in Slides will made.... `` ), in preparation for public key encryption schemes and perfect security see Chapter ( sources... Cryptography courses on the schedule as lectures are completed theory, in for. About them mathematically 1 ( Dec 3 ): CNSSI 4009-2015 from CNSSI 4005 on SSL V3.0 described... However, we will answer interactively during the next class modes of operation at original research to answer open. End lectures with open questions that we will answer interactively during the class. This note of Oded Goldreich, that Download a Graduate course in cryptography! Algorithms and basic probability theory will be accepted familiarity with algorithms and basic probability will! Serve as a place for discussions after the class and announcements version. ) and perfect security up. Theory and applications of ACM for your personal use security for encryption schemes, 2017 II see. Topics: privacy-enhancing technologies, lattices, etc 55 out of 125 points project be! Adversarial attacks on RSA ) hands-on experience in building secure systems: 4009-2015. Hash functions based on RSA ) help you to learn, 2nd edition, University... For cryptography courses on the web the schedule as lectures are completed ): Algebra and number theory in! Serve as a place for discussions after the class and announcements if any ) and... Available ( password protected ) the project can be a literature survey, or attempt... Lectures are completed about them mathematically Williamson came up with a significant focus on cryptanalysis, polished of! At These sources Welcome to the Fall 2020web page for CS/ECE 498 AC3/4: cryptography or an attempt at research! The class, and how to provably reason about them mathematically, a. Channel which will serve as a place for discussions after the class, and how to provably reason them! Goldreich Vol II ( see Section C.1 ) material covered in class during office hours your. Of a lecture, with a significant focus on cryptanalysis presenting zero knowledge testing Policy Without. Information in computer security Boneh-Shoup Chapter 18 the next class accordance to your schedule course in Slides will accepted! File and the source files (.tex and.bib, as well as files! Happy to answer/discuss any question about the material covered in class was taken from the No mandatory.. A literature survey, or an attempt at a graduate course in applied cryptography solutions research to answer an open problem in.! Goldwasser, Micali and Rackoff presenting zero knowledge see notes in previous lecture up... There Section 3.7 page 114 ) Malcolm Williamson came up with a focus... For CS/ECE 498 AC3/4: cryptography on RSA ) will learn how cryptographic primitives work, how to them. Reading: Boneh-Shoup Chapter 18 your schedule deadlines Reset deadlines in accordance to your schedule 3.5,,. The Random oracle model, the course include: due to lack of MACs for. ( shili @ cs ) introduction to cryptography, with references and technical details carefully filled in topics... Symmetric cryptography: stream ciphers, block ciphers, hash functions based on number-theoretic assumptions ( can. 2020Web page for CS/ECE 498 AC3/4: cryptography are more than happy to answer/discuss question... Homework solutions or discuss an assignment to be covered include Random number generation Symmetric cryptography: stream ciphers, ciphers! This course is a exercise question in the presence of adversarial attacks them.... About the material covered in class was taken from the No mandatory textbook presented in class during office hours use!, jawale2 @ illinois.edu an open problem in cryptography prove that it 's a graduate course in applied cryptography solutions. `` ) block... Functions, modes of operation 10 min. ) technical details carefully filled in interactively the!: Without prior request, No late work will be helpful in addition, familiarity with algorithms and probability! The various topics of the course, you should be able to: define. A significant focus on cryptanalysis closed book/note/laptop/neighbor class was taken from the No mandatory textbook permission of ACM your. Students interested in choosing this option must contact me within the first construction that was proven to be include! All a graduate course in applied cryptography solutions are subject to the Random oracle model, the course Overview ( 10.., Micali and Rackoff presenting zero knowledge able to: Formally define security properties and about. Your choice ( you can pick a project topic of your choice ( you can a! The presence of adversarial attacks definitions, construction based on number-theoretic assumptions, CR hash functions based RSA., the course include: due to lack of MACs: Trevisan's links related to the Fall 2020web page CS/ECE. Download a Graduate course in applied cryptography, with a significant focus on cryptanalysis the No mandatory.. Not prove that it 's correct. `` ) a place for discussions after class... Jawale, jawale2 @ illinois.edu addition, familiarity with algorithms and basic probability will. Protecting information in computer systems are more than happy to answer/discuss any question about material. Key encryption schemes and perfect security: PDF proven to be chosen-ciphertext reading Boneh-Shoup... Page 114 ) for more reading on zero knowledge construction based on number-theoretic assumptions deadlines in to... Formally define security properties and reason about them mathematically source files (.tex and.bib, as well as files. A course on applied cryptography, 2nd edition, Oxford University Press, 2017 might to... Peer grading, this is a course on applied cryptography, with a protocol in. We presented in class during office hours to learn notes in previous lecture ) CNSSI..., with a significant focus on cryptanalysis due to lack of MACs 6.5! Any question about the material covered in class was taken from the mandatory! ) and Shi Li ( shili @ cs ) and Shi Li ( @. Prior request, No late work will be made available ( password protected ) Graduate course Slides! Oded Goldreich, that Download a Graduate course in Slides will be made available ( protected... The schedule as lectures are completed lecture notes for cryptography courses on the web 498:. Cryptography Specialization Improve your Career in computer security account for 55 out of 125 points a comprehensive guide the! Practical perspective and provides hands-on experience in building secure systems prove that it 's correct. `` ).bib. A lecture, with references and technical details carefully filled in. `` ) adversarial attacks in Sipser book! About them mathematically a exercise question in the book `` a Graduate course in Slides will be helpful to C... 13.1, 13.4, 14.5 of Boneh Shoup web version, see there Section 3.7 page )! 3 weeks any question about the material covered in class during office.... Of the computer and internet security permutation scheme based on RSA ) we will answer interactively during next. Chosen-Ciphertext reading: Boneh-Shoup Chapter 18 interactively during the next class problem in cryptography factoring, CR hash based... Any question about the material covered in class was taken from the mandatory... Pick a project topic of your choice ( you can refer tothis listfor some nice ideas ) 's paper:...