Manifest: Monday 11 September 2000 and Wednesday 13 September

Assignments Due
Beginning of class today	Problem Set 1
Monday, 18 September	Projects Preliminary Proposal

Readings
Read before 13 September:

• Stallings, Chapter 4.3 and 4.4: Blowfish and RC5 (you don't need to read about the other block ciphers)
• Bruce Schneier, John Kelsey, et. al., The Twofish Team's Final Comments on AES Selection. Twofish, based on Blowfish, is one of the five finalist candidates to replace DES.
• Ron Rivest, et. al., The RC6 Block Cipher. RC6 is an AES finalist based on RC5. You may skip sections 3 and 4.

Read before 18 September: Stallings, Chapter 6 Questions
September 11:

• What are vulnerabilities in the DES key schedule?
• What are the advantages and disadvantages of different block cipher modes of operation: Codebook, Cipher Block Chaining, Cipher Feedback, Output Feedback?
• How does a meet-in-the-middle attack work?
• How secure is Triple DES?
• What are side channel attacks?

September 13:

• What is AES? How has the state of cryptology changes since the DES Program?
• What are the characteristics of a modern block cipher?
• What are the criteria for choosing a good block cipher?
• How do RC5 and RC6 work?
• How do Blowfish and Twofish work?

The only way to get the NSA to admit to the ability to break a given algorithm is to encrypt something so valuable that its public dissemination is worth the admission. Or, better yet, create a really funny joke and send it via encrypted e-mail to shady characters in shadowy countries. NSA employees are people, too; I doubt even they can keep a good joke secret.

Bruce Schneier (lead designer of Blowfish and Twofish), Applied Cryptography.

University of Virginia Department of Computer Science CS 551: Security and Privacy on the Internet

David Evans evans@virginia.edu