W4261 Introduction to Cryptography:
Relevant Links
Here we include links to news stories, papers, and documents that may
be of interest. This is not intended as a comprehensive list
in any way. The choices were made following student interest,
questions that came up in class, homework, or office hours.
- Correspondence regarding cryptography between John Nash
and the NSA: In 1955, John Nash was in correspondence
with the NSA, which was declassified by the NSA in 2012. Nash
proposed a novel enciphering scheme, which on its own is not
secure according to current, modern crypto best practices
(which developed decades later); see, e.g.,
an attack
presented by Adi Shamir and Eldad Zinger. However, Nash was
well ahead of his time, and set forth important pricinples
that now underpin modern computational complexity theory and
cryptography. In particular, he proposes a natural definition
for "[security] in a practical sense --- that exponential
computational effort is required for an enemy to recover a
secret key" (this was before computational complexity theory
was developed!). You can view
the original
letters, or
their transcription,
made
by Mike
Rosulek.
- Recent Cryptography Awards
-
Shafi
Goldwasser
and Silvio
Micali won
the 2012
ACM Turing Award for Advances in Cryptography. The Turing award is known as
the "Nobel prize for computer science" (it was
just
announced that the prize went up from $250,000 to
$1,000,000). They received it
for "pioneering the field of provable security, which laid
the mathematical foundations that made modern
cryptography possible" (read the whole citation above --
they came up with many of the things we study in class!).
- Previous Turing awards related to cryptography were given
to Manuel
Blum
(1995), Andrew
Chi-Chih Yao
(2000), Rivest,
Shamir,
and Adleman
(2002). Michael
Rabin also did important work in cryptography, although
his Turing award is from an earlier time, and focuses on his
invention of non-deterministic finite automata.
- Very
recently, Craig
Gentry received the MacArthur Fellowship (aka "the genius
award"), $625,000, for his breakthrough results in
cryptography, including fully homomorphic encryption.
- Some attacks (among many) on practical systems:
- POODLE
attack: September 2014 padding oracle attack
against SSL3.
- An
attack on Google maps over SSL, exploiting the fact that
encryption always leaks information about the length of the
plaintext (as we mentioned in class and showed in recitation).
- Bar-Ilan Winter School on Symmetric
Cryptography:
Last year, Bar Ilan university organized a winter school on
symmetric key encryption in theory and in practice.
Details are available
here,
including slides and youtube videos for each of the
lectures. In
particular, Kenny
Paterson presented a description and attacks on
the TLS protocol, including padding oracle attacks
such as BEAST mentioned in class (and similar to
POODLE), RC4 attacks, and much more.
- eSTREAM project:
The eSTREAM project was a multi-year effort, running from 2004
to 2008, to promote the design of efficient and compact stream
ciphers suitable for widespread adoption.
As a result of the project, a portfolio of new stream ciphers
was announced in April 2008.
The eSTREAM portfolio was revised in September 2008, and
currently contains seven stream ciphers, including
Trivium
that was mentioned in class.
The project website can be
found here.
- SHA3: NIST's
SHA-3 Competition,
and
their final round report,
where Keccak was
selected from the five hash function finalists.
- "New Directions in Cryptography", by Diffie and Hellman:
The 1976 paper by Diffie and Hellman
solves the key exchange problem by introducing
public key encryption and the Diffie-Hellman key exchange protocol.
It also introduces digital signatures,
and shows how it can be implemented using public key cryptography.
- Recommended Key Lengths:
See http://www.keylength.com/
for recommendations of various groups regarding key length
choices. These include, among others, the recommendations of NIST
(US National Institute of Standards and Technology) as well as
ECRYPT II (European Network of Excellence in Cryptology II).
Back
to Course Main Page