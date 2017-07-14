This brings us to the end of the six weeks course. I had a lot of fun teaching this course and I hope you enjoyed it too. I really love this material and I always enjoy teaching it. Before we say our farewells, please do a quick review of the topics that we discussed and see what's left to cover. So here's a brief diagram of the primitive that we discussed in the class. If you remember in week one we started off by discussing pseudorandom generators and stream ciphers. In week two we talked about block ciphers and we said that the right way to think about block cipher is as pseudorandom permutations and pseudorandom functions. We said that using counter mode we can convert a block cipher into a PRG. And we said that using the GGM construction. We can construct block ciphers from pseudorandom generators. Then in week three, we talked about data integrity. In particular, we talked about MACs and we looked at various constructions of MACs from pseudorandom functions like the CMAC, the HMAC, the PMAC constructions and so on. We also discussed collision resistance and we said that collision resistance can be used for data integrity where one has access to read-only memory. Basically, you would hash the data using a collision resistance hash function; write the hash into read-only memory. And then later, when you want to verify authenticity of your data, you just compare its hash to whatever is written in read-only memory. Then in week 4 we talked about how to combine integrity and confidentiality, in particular we kinda talk about to combine encryption and MACs to build what we called Authenticated Encryption and I told you that really in practice, the only foremost Symmetric Encryption that you're allowed to use is Authenticated Encryption. Basically, encryption that's only secure against eavesdropping attacks is not generally secure, you must always also guard against tampering and as a result, you should only be using Authenticated Encryption modes to do Symmetric Encryption. So that was the end of week four. And then for weeks five and six, we switched topics and talked about key exchange and public key encryption. In particular, in week five we talked about Trapdoor Functions and the Diffie-Hellman Protocol [within??] the Mathematics that are necessary to explain how those things work. And then in week six we talked about how public key encryption can be built from trapdoor functions and, the Diffie-Hellman Protocol. I wanna emphasize that the key exchange protocols that we saw in week five are only secure against eavesdropping and should never be used in practice. In fact in week eight we're gonna see authenticated key exchange protocols and those are the ones that are actually used in the wild for example in SSL and other protocols like that. But, the ones that we saw in week five should never actually be deployed in the real world. The only reason we looked at those simple key exchange mechanisms was as motivation for trapdoor functions and Diffie-Hellman groups. Now as you know there are four more weeks to the full crypto course which we're gonna do at a later time. In week seven we're gonna talk about digital signatures and how to authenticate data in a way that anyone can verify that the data is authentic. Then we're gonna talk about authenticated key exchanges as I said then we're gonna talk about user authentication, how to manage passwords, one time passwords, challenge-response protocols. Then we'll talk about various privacy mechanisms. How to authenticate yourself without revealing where you are, How to sign in a way it doesn't reveal who you are and so on and so forth. And in this part of the building blocks for some of these mechanisms, actually, we'll talk about zero-knowledge protocols which is kind of a general purpose tool that's used very widely in cryptography. But let's just say that crypto goes way beyond this core topics and in fact, there are many, many more topics that I would love to tell you about if there was enough time. So I made this kind of a short list here and this isn't even an exhaustive list. There are many other things that I would like to tell you about and so if there's enough demand, I might even run an advanced crypto class which is usually what I do for graduate students which would cover these more advanced topics but that would actually take place sometime next year so stay tuned and I will send announcements on when that's coming. So my final words of course remember my main message from this class. And that crypto is a tremendous tool but you should always be careful when you use it. If you implement crypto incorrectly, the system will work perfectly fine. It would be no way to tell that anything is wrong except when attacker is trying to attack the system, it might be easily breakable. And so crypto is one of these things where a little bit of knowledge is quite dangerous. It's quite important to make sure you get the implementation correctly and one way to do that is to make sure that always other people review your code and your designs to find any bugs in the crypto implementation or even more general bugs in the system design. And finally I'll leave you with these parting words, that you should never ever invent your own ciphers or your own modes and you should never even implement your own ciphers or your own modes. Try to stick to the standards as much as possible. Try to stick to standard implementations of those algorithms as much as possible and if you have to deviate from that, then just make sure there's sufficient third party review of what you've done. Okay, so I will say my farewell here. And let me say that the final exam will be made available on week seven, basically, a week after the week six lectures become public. The final exam will cover material for all six weeks and it'll pretty much be the same format as the problem sets. I hope everybody will do well in the exam and we will send certificates once all those course work is complete and I hope to see you in the next iteration of this course whenever that's made available. So farewell, and as always, please submit your comments and suggestions on the forum. I read all of your posts and they're very, very helpful in improving the course. Hope to see you in the fall.