Recent Announcements:

• 11 Dec. The time and place for the review session is 2:30-3:45 pm, Sunday, December 14, in AKW 500 (our regular classroom). Please make sure your Yale ID cards are valided for after-hours building access or else make other arrangements to get in since AKW is locked on weekends.

• 11 Dec. Several announcements:

  • The final exam will be given on Monday, December 15, at 2:00 pm in room LC 317. Note that "LC" refers to "Linsly-Chittenden Hall, 63 High St", which is on Old Campus. (In case of any discrepancy, the Yale College Fall 2008 Exam Schedule is authoritative.)

  • The final is a "2-hour" exam, which means you will be given 2 1/2 hours to work it. Format will be like the midterm: some choice of problems, closed book, calculators permitted but no PDA's, laptops, or other devices with text storage capabilities, graphing calculators are okay if the memory is cleared before the exam --- check this out with the TA before the start of the exam.

  • Study guide for final examination (.pdf) is now available.

  • The TA will hold a review session on Sunday, Dec. 14, at a time and place to be announced.

• 9 Dec. Notes for yesterday's lecture 24 are now available.

• 2 Dec. Problem Set 7 (.pdf) is available. It is due before midnight on Friday, December 12.

• 1 Dec. Material on today's lecture on pseudorandom sequence generation is available in lecture notes 22 and, with somewhat greater detail, in handout 17.

• 19 Nov. I thought you might be interested in seeing cryptography in the making. The Technology Review article, "An Algorithm with No Secrets", describes the process that is currently underway to replace the current Secure Hash Algorithm 2 (SHA-2) with a newer, more secure hash algorithm to be known as SHA-3.

• 19 Nov. Problem Set 6 (.pdf) is available. It is due before midnight on Wednesday, December 3.

• 17 Nov. The notes from last week's lecture 19 are available. Section 85 corrects an error in the general chaining method that I presented in class. The correct definition of s₁ is h(0^t0m₁), not h(0^t1m₁) as given in class. This correction is needed in case 2 of the proof.

• 14 Nov. It seems that the posted sample ciphertext file for PS5, cipher.txt, did not correspond to the given key files. As some people correctly pointed out, it was obviously bad since it contained integers that were longer than the number n in the public key file. I've replaced it with a (hopefully) correct one.

  Because of this error, I'm giving a 2-day extension. The new due date for Problem Set 5 is before midnight on Sunday, November 16.

• 11 Nov. Two remarks about problem set 5:

  1. I've placed some sample data in the Zoo course directory /c/cs467/assignments/ps5/:

     pub.txt	sample public key
     priv.txt	sample private key
     plain.txt	sample plain text file (with comments)
     cipher.txt	sample cipher text file
     decrypted.txt	result of decrypting cipher.txt

     Note: Do not try to view these files with your browser. They are not in HTML format, and the whitespace used to separate numbers gets lost. Rather, log into the Zoo and access them directly.

  2. I did some more experiments with the openssl BN_rand() function. I am happy to report that it worked as advertised, including for bit lengths less than 16. I don't know what was going on when I observed the problems that I reported in class yesterday, but probably my own program had some bug that was causing BN_rand() to misbehave or making me think that it was misbehaving when it actually wasn't. No matter, it does seem to be okay after all.

• 10 Nov. The security of QR Probabilistic Encryption depends on the fact that the ciphertext is chosen uniformly from Q_n¹¹ when m=0 and uniformly from Q_n⁰⁰ when m=1. I revised the last paragraph of section 67 of lecture notes 15 (revision 2) to make this a little clearer.

• 9 Nov. Xueyuan has prepared detailed solutions to problem set 4 (.pdf).

• 6 Nov. I fixed a typo in the definition of discrete log. This was in section 58 of lecture notes 14, which now stand at revision 2.

• 5 Nov. Problem Set 5 (.pdf) is available. It is due before midnight on Friday, November 14. I also corrected two links in lecture notes 13; hence, the change in revision number.

• 4 Nov. I've posted solutions to the midterm exam (.pdf).

• 4 Nov. I've posted notes for the last two lectures. See Section 69 for the proof that I messed up in class of the fact that if a is a quadratic residue modulo both p and q, then it is a quadratic residue modulo their product.

• 28 Oct. The date of the final exam this year, Dec. 15, falls on Monday, not Tuesday. Somebody finally pointed out that it's been wrong on this web site all term. I've corrected it below. Sorry for any confusion.

• 27 Oct. A minor error has been fixed in solutions to problem set 3 (.pdf). The handout number of the corrected version is #11 (rev. 2).

• 27 Oct. Three brief announcements:

  1. Problem Set 4 (.pdf) is available. It is due before midnight on Monday, November 3.

  2. Xueyuan has prepared detailed solutions to problem set 3 (.pdf).

  3. Announcements prior to the midterm have been moved to the Old Announcements page.

• ---

• 3 Sep. A final examination will be given at the officially scheduled time, Monday, December 15, 2:00 pm. Those enrolled under the graduate number CPSC 567a are also expected to take the final exam. Please take this into account when making your end-of-term travel plans. I do not plan to give an early exam for the convenience of those who want to leave campus early.