ECE 498

Subject offerings of new and developing areas of knowledge in electrical and computer engineering intended to augment the existing curriculum. See Class Schedule or departmental course information for topics and prerequisites. Course Information: 0 to 4 undergraduate hours. 0 to 4 graduate hours. May be repeated in the same or separate terms if topics vary.

Course goals

(In Fall 2020, will be ECE407 Applied Cryptography)

Course Director: Andrew Miller soc1024@illinois.edu

http://soc1024.ece.illinois.edu/teaching/ece498ac/fall2019/

https://my.ece.illinois.edu/courses/description.asp?ECE498

Cryptography is not just a technical field, but a societally important tool with “an intrinsically moral dimension”[1]. Similar to other courses in Computer Security, students develop a mindset of “thinking like an attacker” to identify flaws in systems designed to protect sensitive information, while still respecting regulations on unauthorized use (Computer Fraud and Abuse Act)[2]. Cryptography implementations are typically covered by responsible Vulnerability Disclosure policies in accordance with professional standards [3], however applying such policies requires making decisions that tradeoff the right of the users to be informed versus the utility of patching the vulnerability without revealing it to attackers. There have also been many challenging public policy debates involving, for example, the right of the public to use cryptography for privacy and free speech, versus the benefit that weakened cryptography may have in facilitating law enforcement investigations or government intelligence [4]. In order to discuss the above issues, this course develops an ethical framework (rights based versus utility based ethics).

[1] https://web.cs.ucdavis.edu/~rogaway/papers/moral.html

[2] https://www.law.cornell.edu/uscode/text/18/1030

[3] https://ethics.acm.org/integrity-project/ask-an-ethicist/ask-an-ethicist-vulnerability-disclosure/

[4] https://www.eff.org/cases/bernstein-v-us-dept-justice

Abstract algebra and number theory

- Apply Lagrange’s theorem to derive facts about the existence of prime-order subgroups (1)

- Understand vulnerabilities due to checking group membership (1,6)

- Use bijection or counting arguments to complete proofs of simulatability properties (6)

Randomness, pseudorandomness, indistinguishability

- Identify the reductions between one way functions, pseudorandom generators, pseudorandom functions (1)

- Identify the reductions between Diffie Hellman problems and discrete log problems (6)

- Generate counterexamples to incorrect PRF or encryption scheme constructions (1,2)

- Identify the reductions between one time security, semantic security / chosen plaintext security, adaptive / chosen ciphertext security (6)

Zero knowledge proofs

- Complete simulation proofs for zero knowledge protocols (1,2,6)

- Use counting arguments to complete proofs of knowledge / extractability (6)

- Use Camenisch Stadler notation to describe the goals of a zero knowledge proof scheme (2)

- Understand the random oracle model and its use in Fiat-Shamir non-interactive protocols (1)

- Apply zero knowledge proofs or signatures of knowledge to provide authentication in an application setting (1,2,3,6)

Hash functions, commitments, authenticated data structures

- Given a hash-based authenticated data structure, prove its security by reduction to collision resistance (6)

- Apply the commit and reveal technique to ensure input independence in applications (1,2)

- Design and prove the security of schemes using commitments and proofs of committed values (2,6)

Symmetric encryption and authentication

- Construct and prove security symmetric key encryption schemes from pseudorandom functions (1,2,6)

- Construct and prove security of symmetric key authentication schemes from pseudorandom functions (1,2,6)

- Use encryption and message authentication codes to provide security for client-server applications (1,2)

Public Key Encryption and signatures

- Construct a digital signature scheme in Random oracle model (1,2,6)

- Use hybrid game proof strategy to prove security of public key encryption (1,6)

Two-party and multi-party computation (garbled circuits, secret sharing)

- Use hybrid game proofs to analyze the security claims (privacy, integrity) of a protocol (1,6)

- Formulate the security goals for an application using the ideal functionality model (1,3,6)

- Identify flaws in implementation due to improper composition or invalid assumptions (1,3,6)

- Adapt a protocol from semi-honest security to adaptive security using zero knowledge proofs or cut-and-choose (1,6)

Searchable Encryption and Outsourced Storage

- Explain the leakage model of searchable encryption schemes (3,6)

- Explain statistical attacks on searchable encryption (3,6)

- Explain the simulation-based security definition for oblivious RAM (3)

Cryptography Implementation

- Read documentation of cryptographic libraries and identify the security choices (3,4,6,7)

- Identify pitfalls in translating a high level protocol design to implementation (2,6,7)

- Explain and quantify optimization strategies in garbled circuit protocols (1,3,6)

- Understand the goals and rationale of standardization processes (e.g., the SHA-3 competition) (4)

Byzantine fault tolerance

- Understand fault models and timing models in the distributed computing model (1)

- Read documentation of fault tolerant protocols and identify the corresponding fault and timing model (3,6,7)

- Use signatures and authentication to improve fault tolerance (2)

Cryptography in Context

- Incorporate cryptographic techniques in protocol designs involving untrusting clients and distributed services, and analyze their security (2,4,5,6)

- Interpret responsible disclosure policies for cryptographic systems (4)

- Identify the technical concepts underlying policy decisions involving cryptography (Clipper chip, mandated key lengths) (4,6)

9/29/2019