**John Voight**

I was the GSI for Cryptography, Math 195, Section 2, for Spring 2002.

**Course Info:**

**Course:**Cryptography**Instructor:**Hendrik Lenstra**Lectures:**Tuesday and Thursday, 11:10 a.m. - 12:30 p.m.**Room:**81 Evans Hall**Course Control Number:**54966**Instructor's Office:**879 Evans**Instructor's Email:**hwl@math.berkeley.edu**Instructor's Office Hours:**Tuesday and Thursday, 2:00 - 3:00 p.m.**GSI:**John Voight**GSI's Office:**1095 Evans**GSI's Email:**jvoight@math.berkeley.edu**GSI's Office Hours:**Monday, 11:00 a.m. - 12:00 p.m.**GSI's Web Page:**http://www.math.berkeley.edu/~jvoight/**Prerequisites:**Mathematical maturity appropriate for an upper division course.**Syllabus:**The purpose of the course is to provide the student with a good understanding of what is important in modern cryptography. The course will cover conventional encryption techniques, such as the Digital Encryption Standard (DES), but the emphasis will be on public-key cryptosystems, including the Rivest-Shamir-Adleman system (RSA) and systems relying on the use of elliptic curves. The necessary background from number theory will be developed in the course.**Required Text:**William Stallings,*Cryptography and Network Security: Principles and Practice*, Second edition, 1999.**Grading:**TBA. Weekly homework will count for 50% of the grade.**Final Exam:**Group 12, Wednesday, May 22, 2002, 8:00-11:00 a.m. (Eek!)

**Homework:**

A word about the homework: Be sure to show your work or explain how you got your answer. I was nice on this homework, but in the future correct but incomplete homeworks will only receive partial credit.

Also, cooperation on homework is permitted (and encouraged), but if you work together, do not take any paper away with you--in other words, you can share your thoughts (say on a blackboard), but you have to walk away with only your understanding. In particular, write the solution up on your own.

**HW #1**(Due January 29): Four problems from 2.1-2.6. For this first homework, since there may be difficulty getting the textbook, I typed up the problems:**HW #2**(Due February 5): 2.7-2.10:**HW #3**(Due February 12): 7.8, 7.9(a)(b)(c), 2.11, 2.12:**HW #4**(Due February 19): 3.4', 2.13, 3.14:**HW #5**(Due February 26): 3.15, 3.1, 3.3, 3.16:**HW #6**(Due March 5): 6.2, 6.3, 6.4, 6.7:**HW #7**(Due March 12): 6.22, 6.23, 6.24:**HW #8**(Due March 19): F1, F2, F3, F4:**HW #9**(Due April 2): F5, F6, F7:**HW #10**(Due April 9): R1, R2, R3:**HW #11**(Due April 16): R4, R5, R6:**HW #12**(Due April 23): 6.14, 7.17, 6.25, 6.26:**HW #13**(Due April 30): 6.20(a), 6.27, 7.18, 7.19:**HW #14**(Due May 7): 6.28, 6.29, 6.30, 6.31:

Solutions are also available by request.

**Notes:**

**Conventional Encryption Techniques (01/24/02-01/29/02)**

**The Euclidean Algorithm (01/31/02)**

**Hill Cipher, Rings, and Some Linear Algebra (02/05/02-02/07/02)**

**Hill Cipher (Continued): Computing the Inverse of a Matrix (02/12/02)**

**DES: The Feistel Cipher (02/14/02)**

**DES and SDES (02/19/02-02/21/02)**

**RSA (Continued): Computational Issues (02/28/02)**

**RSA (Continued): When the Exponent is Leaked (03/05/02)**

**Finite Fields (03/12/02-03/14/02) (Revised 03/17/02)**

**Finite Fields (Continued): How to Construct (03/19/02-03/21/02)**

**Rijndael Cipher (04/02/02-04/04/02)**

**Rijndael Cipher (Continued): Discussion (04/09/02)**

**Discrete Logarithms and Diffie-Hellman (04/11/02-04/16/02)**

**Discrete Logarithms (Continued) (04/18/02-04/25/02)**

**Elliptic Curve Cryptography (04/30/02-05/02/02)**

**Elliptic Curve Cryptography (Continued) (05/07/02-05/09/02)**

Also, here is a note (thanks to Alex Gonzalez) concerning words whose negative is also an English word:

**Final Exam:**

Here is the policy for the other 50% of the grade. The final will be a take-home final. You will be given the exam in class on Tuesday, May 7, and it will be due on the day before the final exam, Tuesday, May 21, by 3:00. (Note: This has changed since the first announcement.) The exam will consist of two sections. The first section will consist of homework-like problems which you are to complete with no outside assistance. The problems will be include some easier computational problems, with perhaps some proofs of simple statements. The second section will consist of harder problems, of which you will choose a few (about 3) from a list of approximately ten. The problems in the second section will be some mix of more complicated computations, proofs, and discovery-research. You may work in groups of no more than 3 if you like, but only on the problems in the second section--you must complete the problems in the first section on your own. As always, if you work together, do not take any paper away with you--in other words, you can share your thoughts (say on a blackboard), but you have to walk away with only your understanding. In particular, write the solution up on your own. The final will count for 50% of your grade, along with 50% from homework.

Here are the solutions for the final exam.

**Math 195 Take-Home Final Solutions**

**Anonymous Comment:**

Anonymous comments were sent during the course, including suggestions, complaints, just about anything. You can also ask questions about the course material that you don't feel are being answered in class or about the direction of the course. Let us know what you are enjoying and what you would change. You can read the comments that were submitted.

**Links:**

- Lenstra has written a one-page summary of the Rijndael cipher, which you can find on his web page.
- There is a really sweet website for the textbook. It includes some handouts on some mathematical and cryptographic subjects as well as a host of many other things (including errata!).
- Check out ICCIP: Illinois Center for Cryptography and Information Protection. They have a challenge problem posted; it would be pretty clutch if together the class could figure it out!
- Here is the official publication for the Rijndael cipher, as well as the Rijndael webpage. We will be talking about it soon in class.
- There was a departmental colloquium talk on Thursday, February 28, given by Dan Boneh on "Fast variants of the RSA cryptosystem": see his web site.

This page was last modified on Thursday, January 23, 2003.