Manifest: Monday 6 September 2000

Assignments Due
Monday, 11 September	Problem Set 1
Monday, 18 September	Projects Preliminary Proposal

News
RSA Security released the RSA algorithm into the public domain today (the patent was due to expire on September 20th). See http://www.rsasecurity.com/news/pr/000906-1.html for the press release. We will cover RSA in two weeks. Readings
Read before 11 September: Stallings, Chapter 4.1: Triple DES

Read before 13 September:

• Stallings, Chapter 4.3 and 4.4: Blowfish and RC5 (you don't need to read about the other block ciphers)
• Bruce Schneier, John Kelsey, et. al., The Twofish Team's Final Comments on AES Selection. Twofish, based on Blowfish, is one of the five finalist candidates to replace DES.
• Ron Rivest, et. al., The RC6 Block Cipher. RC6 is an AES finalist based on RC5. You may skip sections 3 and 4.

Optional reading for more information: (see web version for links)

• Electronic Frontier Foundation's DES Cracker Project

Questions

• What are the advantages and disadvantages of block ciphers?
• What are diffusion and confusion and what are they important?
• How does a Feistel cipher work?
• How secure is DES?

DEAR SIR -- A favorable and a confidential opportunity offering by Mr. Dupont de Nemours, who is revisiting his native country gives me an opportunity of sending you a cipher to be used between us, which will give you some trouble to understand, but, once understood, is the easiest to use, the most indecipherable, and varied by a new key with the greatest facility of any one I have ever known. I am in hopes the explanation inclosed will be sufficient. Let our key of letters be [some figures which are illegible] and the key of lines be [figures illegible] and lest we should happen to lose our key or be absent from it, it is so formed as to be kept in the memory and put upon paper at pleasure; being produced by writing our names and residences at full length, each of which containing 27 letters is divided into two parts of 9. letters each; and each of the 9. letters is then numbered according to the place it would hold if the 9. were arranged alphabetically, thus [so blotted as to be illegible]. The numbers over the letters being then arranged as the letters to which they belong stand in our names, we can always construct our key. But why a cipher between us, when official things go naturally to the Secretary of State, and things not political need no cipher. 1. matters of a public nature, and proper to go on our records, should go to the secretary of state. 2. matters of a public nature not proper to be placed on our records may still go to the secretary of state, headed by the word `private.' But 3. there may be matters merely personal to ourselves, and which require the cover of a cipher more than those of any other character. This last purpose and others which we cannot foresee may render it convenient and advantageous to have at hand a mask for whatever may need it. But writing by Mr. Dupont I need no cipher. I require from him to put this into your own and no other hand, let the delay occasioned by that be what it will.

From Thomas Jefferson's letter to the U.S. Minister to France (Robert R. Livingston), Washington, Apr. 18, 1802.

University of Virginia Department of Computer Science CS 551: Security and Privacy on the Internet

David Evans evans@virginia.edu