This brings us to the end of the six weeks course. I had a lot of fun teaching this
course and I hope you enjoyed it too. I really love this material and I always
enjoy teaching it. Before we say our farewells, please do a quick review of the
topics that we discussed and see what's left to cover. So here's a brief diagram
of the primitive that we discussed in the class. If you remember in week one we
started off by discussing pseudorandom generators and stream ciphers. In week two
we talked about block ciphers and we said that the right way to think about block
cipher is as pseudorandom permutations and pseudorandom functions. We said that using
counter mode we can convert a block cipher into a PRG. And we said that using the GGM
construction. We can construct block ciphers from pseudorandom generators. Then
in week three, we talked about data integrity. In particular, we talked about
MACs and we looked at various constructions of MACs from pseudorandom
functions like the CMAC, the HMAC, the PMAC constructions and so on. We also
discussed collision resistance and we said that collision resistance can be used for
data integrity where one has access to read-only memory. Basically, you would
hash the data using a collision resistance hash function; write the hash into
read-only memory. And then later, when you want to verify authenticity of your data,
you just compare its hash to whatever is written in read-only memory. Then in week 4
we talked about how to combine integrity and confidentiality, in particular we
kinda talk about to combine encryption and MACs to build what we called Authenticated
Encryption and I told you that really in practice, the only foremost Symmetric
Encryption that you're allowed to use is Authenticated Encryption. Basically,
encryption that's only secure against eavesdropping attacks is not generally
secure, you must always also guard against tampering and as a result, you should only
be using Authenticated Encryption modes to do Symmetric Encryption. So that was the
end of week four. And then for weeks five and six, we switched topics and talked
about key exchange and public key encryption. In particular, in week five we talked
about Trapdoor Functions and the Diffie-Hellman Protocol [within??] the
Mathematics that are necessary to explain how those things work. And then in week
six we talked about how public key encryption can be built from trapdoor functions and,
the Diffie-Hellman Protocol. I wanna emphasize that the key exchange protocols
that we saw in week five are only secure against eavesdropping and should never be
used in practice. In fact in week eight we're gonna see authenticated key exchange
protocols and those are the ones that are actually used in the wild for example in
SSL and other protocols like that. But, the ones that we saw in week five should
never actually be deployed in the real world. The only reason we looked at those
simple key exchange mechanisms was as motivation for trapdoor functions and
Diffie-Hellman groups. Now as you know there are four more weeks to the full crypto
course which we're gonna do at a later time. In week seven we're gonna talk about
digital signatures and how to authenticate data in a way that anyone can verify that
the data is authentic. Then we're gonna talk about authenticated key exchanges as
I said then we're gonna talk about user authentication, how to manage passwords,
one time passwords, challenge-response protocols. Then we'll talk about various
privacy mechanisms. How to authenticate yourself without revealing where you are,
How to sign in a way it doesn't reveal who you are and so on and so forth. And in this part
of the building blocks for some of these mechanisms, actually, we'll talk about
zero-knowledge protocols which is kind of a general purpose tool that's used very
widely in cryptography. But let's just say that crypto goes way beyond this core
topics and in fact, there are many, many more topics that I would love to tell you
about if there was enough time. So I made this kind of a short list here and this isn't
even an exhaustive list. There are many other things that I would like to tell you
about and so if there's enough demand, I might even run an advanced crypto class
which is usually what I do for graduate students which would cover these more
advanced topics but that would actually take place sometime next year so stay
tuned and I will send announcements on when that's coming. So my final words of
course remember my main message from this class. And that crypto is a tremendous
tool but you should always be careful when you use it. If you implement crypto
incorrectly, the system will work perfectly fine. It would be no way to
tell that anything is wrong except when attacker is trying to attack the system,
it might be easily breakable. And so crypto is one of these things where a
little bit of knowledge is quite dangerous. It's quite important to make
sure you get the implementation correctly and one way to do that is to make sure
that always other people review your code and your designs to find any bugs in the
crypto implementation or even more general bugs in the system design. And finally
I'll leave you with these parting words, that you should never ever invent your own
ciphers or your own modes and you should never even implement your own ciphers or
your own modes. Try to stick to the standards as much as possible. Try to
stick to standard implementations of those algorithms as much as possible and if you
have to deviate from that, then just make sure there's sufficient third party review
of what you've done. Okay, so I will say my farewell here. And let me say that
the final exam will be made available on week seven, basically, a week after the
week six lectures become public. The final exam will cover material for all six weeks
and it'll pretty much be the same format as the problem sets. I hope everybody will
do well in the exam and we will send certificates once all those course work is
complete and I hope to see you in the next iteration of this course whenever that's
made available. So farewell, and as always, please submit your comments and
suggestions on the forum. I read all of your posts and they're very, very helpful
in improving the course. Hope to see you in the fall.
Dan BonehProfessor
