Wonderful Cryptography

Topics for a motivational "introduction to

cryptography" lecture

The following are some suggested topics for a motivational "introduction to cryptography" lecture
for a non-specialized audience. The choice criteria are as follows: convey ideas of some technical
or theoretical depth; provide a feeling for the scope of cryptographic research; maximize novelty
and intellectual stimulus; motivate things by relating them to common objects and tasks. Of
course, the specific choice of topics and pace would depend on the target audience.

If you have any suggestions for additions or corrections, please contact me (./).

BREAKING A CIPHER YOU KNOW NOTHING ABOUT

Differential fault-analysis of unknown ciphers using asymmetric bit flip faults.
Eli Biham, Adi Shamir 1997, Differential fault analysis of secret key
cryptosystems, proc. CRYPTO 1997, 513-525, LNCS 1294, Springer-Verlag,
1997. [ps] (http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-
get.cgi/1997/CS/CS0910.revised.ps)

BREAKING CIPHERS USING A MICROPHONE

Survey of side-channel attacks (faults, EM, power, timing, diffuse visible light, acoustic,
cache). Examples from diffuse CRT reflections, acoustic cryptanalysis and CRT TEMPEST.
Markus G. Kuhn, Compromising emanations: eavesdropping risks of computer
displays, technical report UCAM-CL-TR-577, Cambridge, 2003 [web]
(http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.html)
Erik Thiele, Tempest for Eliza, 2001 [web] (http://www.erikyyy.de/tempest/)
Daniel Genkin, Adi Shamir, Eran Tromer, RSA Key Extraction via Low-
Bandwidth Acoustic Cryptanalysis, proc. CRYPTO 2014, part I, LNCS 8616, 444-
461, 2014. [pdf] (http://www.cs.tau.ac.il/%7Etromer/papers/acoustic-
20131218.pdf) [web] (https://www.cs.tau.ac.il/~tromer/acoustic/)
... OR BICYCLE CHAINS
Special-purpose factoring devices: Carissan's, Lehmer's, TWINKLE.
Special-purpose cryptanalytic devices an annotated taxonomy [web]
(http://theory.csail.mit.edu/~tromer/cryptodev/)

HOW TO LEAK A SECRET

Digital signature, ring signatures and ring authentication (sans implementation).
Ronald L. Rivest, Adi Shamir, and Yael Tauman, How to Leak A Secret, proc.
Asiacrypt 2001, 552-565, LNCS 2248, Springer-Verlag, 2001. [pdf]
(http://theory.lcs.mit.edu/%7Erivest/RivestShamirTauman-
HowToLeakASecret.pdf)
Moni Naor, Deniable ring authentication, proc. CRYPTO 2002, 481-498, LNCS
 2442, Springer-Verlag, 2002. [web]
(http://www.wisdom.weizmann.ac.il/%7Enaor/PAPERS/denring_abs.html)

HOW TO SIGN YOUR MAIL WITHOUT REALLY MEANING IT

Deniable signatures, as special case of ring signatures. The problem with deniability when
the recipient can plausibly deny knowledge of his own secret key leads to:

HOW TO PROVE THINGS WITHOUT REVEALING YOUR SOURCES

The concept of zero-knowledge, exemplified by Kid Cryptography and graph 3-colorability
(or Hamiltonicity).
Moni Naor, Yael Naor and Omer Reingold, Applied kid cryptography, Journal
of Craptology, vol. 0 no. 1, 1999. [ps]
(http://www.mat.dtu.dk/people/Lars.R.Knudsen/craptology/crv0n1-3.ps) [web]
(http://www.wisdom.weizmann.ac.il/%7Enaor/PUZZLES/waldo.html)
Zero-knowledge explained via an "Ali Baba and a magical cave" metaphor:
Jean-Jacques Quisquater, Louis Guillou, Marie Annick, Tom Berson, How to
explain zero-knowledge protocols to your children, proc. CRYPTO 1989,
628-631, Springer-Verlag, 1989. [pdf]
(http://pages.cs.wisc.edu/~mkowalcz/628.pdf)
ROMANTIC APPLICATIONS OF PLAYING CARDS
The concept of secure multiparty computation, exemplified by the 5-card protocol for secure
evaluation of AND (consider using a lazy suzie instead of oblivious cuts). Any function can be
securely computed with a sufficiently large deck of cards.
Bert den Boer, More efficient match-making and satisfiability the five
card trick, proc. Eurocrypt '89, LNCS 434, 208, 2000. [springer]
(http://www.springerlink.com/openurl.asp?genre=article&issn=0302-
9743&volume=434&spage=208) (http://www.springerlink.com/openurl.asp?
genre=article&issn=0302-9743&volume=2567&spage=254)
Anton Stiglic, Computations with a deck of cards, Theoretical Computer
Science, vol. 259 no. 12, 671678, 2001. [pdf]
(http://crypto.cs.mcgill.ca/%7Estiglic/Papers/cards.pdf)

VOTING USING PEZ CANDY

More secure computation, using a PEZ dispenser: the 3-candy protocol for AND and the 13-
candy protocol for 3-party voting. Any function can be securely computed given enough
candy!
Jozsef Balogh, Janos Csirik, Yuval Ishai, Eyal Kushilevitz, Private computation
using a PEZ dispenser, Theoretical Computer Science , vol. 306 no. 1-3, 69-84,
2003. [ps] (http://www.cs.technion.ac.il/%7Eyuvali/pubs/BCIK03.ps)

I haven't personally presented the following yet, but I believe they can also work well:

THE DVD THAT BREAKS YOUR CIPHER

Time/memory tradeoffs.

VISUAL CRYPTOGRAPHY
Moni Naor, Adi Shamir, Visual cryptography, proc. Crypto 94, LNCS 950, 112,
 Springer-Verlag, 1995. [ps]
(http://www.wisdom.weizmann.ac.il/%7Enaor/PAPERS/vis.ps)
In Moni Naor's puzzles web site [web]
(http://www.wisdom.weizmann.ac.il/%7Enaor/PUZZLES/visual.html)

PLAYING POKER OVER THE PHONE

Mental poker (continuing the above theme of multiparty computation).
Adi Shamir, Ronald L. Rivest, Leonard M. Adleman, Mental poker, The
Mathematical Gardner, 37-43, Prindle, Weber, and Schmidt, 1981. [pdf]
(http://theory.lcs.mit.edu/%7Erivest/ShamirRivestAdleman-MentalPoker.pdf)

PLAYING CARD GAMES AGAINST YOURSELF

Discreet solitary games (continuing the above theme of computation using cards).
Claude Crpeau, Joe Kilian, Discreet solitary games, proc. Crypto 93, LNCS 773,
319330, Springer-Verlag, 1994. [springer]
(http://springerlink.metapress.com/openurl.asp?genre=article&issn=0302-
9743&volume=773&spage=319) (http://www.springerlink.com/openurl.asp?
genre=article&issn=0302-9743&volume=2567&spage=254)

COMPARING INFORMATION WITHOUT LEAKING IT

(Continuing the above (index.html#cardcomp) theme of multiparty computation.)
Ronald Fagin, Moni Naor, Peter Wrinkler, Comparing information without
leaking it, Communications of the ACM, vol. 39 no. 5, 7785, 1996 [ps]
(http://www.wisdom.weizmann.ac.il/%7Enaor/PAPERS/comp.ps)
In Moni Naor's puzzles web site [web]
(http://www.wisdom.weizmann.ac.il/%7Enaor/PUZZLES/compare.html)

COMPUTING WITH SCRAMBLED CIRCUITS

Secure two-party computation using Yao's scrambled circuits (continuing the above
(index.html#cardcomp) theme of multiparty computation).
Yehuda Lindell, Benny Pinkas, A proof of Yao's protocol for secure two-
party computation, ECCC TR04-063, 2004. [web] (http://eccc.uni-trier.de/eccc-
reports/2004/TR04-063/Paper.pdf)

ARE CODE HIDING AND DIGITAL RIGHT MANAGEMENT FUNDAMENTALLY POSSIBLE?

The (im)possibility of program obfuscation.
Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai,
Salil Vadhan, Ke Yang, On the (im)possibility of program obfuscation, proc.
Crypto '01, LNCS 2139, 118, Springer-Verlag, 2001. [ps]
(http://www.math.ias.edu/%7Eboaz/Papers/obfuscate.ps) [ppt]
(http://www.math.ias.edu/%7Eboaz/Papers/obfuscate.pps) [web]
(http://www.math.ias.edu/%7Eboaz/Papers/obf_informal.html)

HOW TO MAKE SPAMMERS PAY

Fighting spam using hash-cash and memory-bound proofs of work.
Cynthia Dwork, Moni Naor, Pricing via processing or combatting junk mail,
proc. Crypto '92, LNCS 740, 139147, Springer, 1992 [ps]
(http://www.wisdom.weizmann.ac.il/%7Enaor/PAPERS/mem.ps) [web]
 (http://www.wisdom.weizmann.ac.il/%7Enaor/PAPERS/pvp_abs.html)
Martn Abadi, Mike Burrows, Mark Manasse, Ted Wobber, Moderately hard,
memory bound functions. proc. Annual Network and Distributed System
Security Symposium, 2003 [pdf] (http://research.microsoft.com/research/sv/sv-
pubs/memory-final-ndss.pdf)

BREAKING REPEATED ENCRYPTION

Slide attacks on block ciphers with arbitrary number of rounds.
Alex Biryukov, David Wagner, Slide attacks, proc. International Workshop on
Fast Software Encryption, LNCS 1636, 245-259, Springer-Verlag, 1999. [ps]
(http://www.cs.berkeley.edu/%7Edaw/papers/slide-fse99.ps)

Other educational resources in cryptography:

CRYPTOOL
CrypTool is an interactive "cryptographic laboratory", developed as an open-source project
initiated by Deutsche Bank. It offers visualization of concepts and data in many fundamental
cryptographic objects and methods, including: popular encryption algorithms and protocols,
several cryptanalysis methods (from breaking Vigenre ciphers to lattice attacks on RSA),
side-channel attacks and random-number generators. See its screenshots
(http://www.cryptool.org/content/view/23/48/lang,en/) for some examples.
CrypTool, web site, http://www.cryptool.org (http://www.cryptool.org/)
(Original version for Windows, most stable and actively developed.)
Cryptool 2.0, web site, http://cryptool2.vs.uni-due.de (http://cryptool2.vs.uni-
due.de/)
(In progress: improved UI using C# and Visual Studio 2008.)
JCrypTool, web site, http://jcryptool.sourceforge.net
(http://jcryptool.sourceforge.net/)
(In progress: a platform-independent version using Java and Eclipse.)

Acknowledgments. I am indebted to Boaz Barak, Alex Biryukov, Moni Naor, Tal Rabin and Adi
Shamir for valuable suggestions, and to Yossi Vardi and the rest of the KinnerNet 2005 participants
for providing the perfect motivation for preparing my first such talk.