Manifest: Wednesday 12 September 2001

Assignments Due
Friday, 14 September	Carl Landwehr's talk (Olsson 009, 3:30pm)
Before 21 September	Email or talk to me about your project topic ideas
Wednesday, 26 September	Problem Set 2
Monday, 1 October	Projects Preliminary Proposal

Readings

• B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, T. Kohno, M. Stay. The Twofish Team's Final Comments on AES Selection, May 2000.

You don't need to attempt to understand all the gory details of these two papers, but you should read them to get an idea of what goes into a modern block cipher design:

• Ronald L. Rivest, M.J.B. Robshaw, R. Sidney, Y.L. Yin, The RC6 Block Cipher, 1998. RC6 was an AES finalist
• Joan Daemen, Lars Knudsen, Vincent Rijmen. The Block Cipher SQUARE, Fast Software Encryption, 1997. The AES winner, Rijndael, was closely based on SQUARE.

Questions

• What are the advantages and disadvantages of different block cipher modes of operation: Codebook, Cipher Block Chaining, Cipher Feedback, Output Feedback?
• How does a meet-in-the-middle attack work?
• How secure is Triple DES?
• What are side channel attacks?

The design took advantage of certain cryptanalytic techniques, most prominently the technique of differential cryptanalysis, which were not known in the published literature. After discussions with NSA, it was decided that disclosure of the design consideration would reveal the technique of differential cryptanalysis, a powerful technique that can be used against many ciphers. This in turn would weaken the competitive advantage the United States enjoyed over other countries in the field of cryptography.

Don Coppersmith, DES designer

University of Virginia Department of Computer Science CS 588: Cryptology - Principles and Applications

David Evans evans@virginia.edu