ECS 189A: Cryptography — Course Information — Spring 2011
I am Phil Rogaway.
My research is in cryptography, the topic of this class.
My office is 3009 Kemper,
my email is firstname.lastname@example.org, and my homepage is
Office hours will be posted and kept up to date on my homepage.
Viet Tung Hoang is the TA for the class. We only have a few hours
per week of Tung’s time, so mostly he’ll be grading your homeoworks.
Our course meets MWF 2:10-3:00 pm in 146 Robbins.
This is a four-unit class. Unfortunately, because
it is listed as a 189A, we have no means of making sure you sign up for the
class with the correct number of units. You need to do this on your own: if you are enrolled
for the class with a number of units other than four, you need to go online and change it.
Our course is currently over-enrolled. My experience is that attrition usually
takes care the issue. I would expect, in the end, everyone to get in;
I usually do whatever is needed to ensure that this happens.
If you’re not yet properly enrolled, just make sure you’ on the waiting list and that you attend
every class. We’ll figure out how to get everyone enrolled during the second week of the term.
Follow the obvious link from my homepage
to our class web page at
It is important that you check the web page regularly. It is there
that homeworks and announcements will magically appear.
I expect to lecture on some or all of the following topics:
introduction - blockciphers - symmetric encryption -
pseudorandom permutations and pseudorandom functions -
symmetric encryption - hash functions - message authentication codes -
authenticated encryption - asymmetric encryption - digital signatures
entity authentication - authenticated key exchange -
interactive proofs - zero knowledge - protocols.
Course material is subject to change depending on
my mood and depending on student interests.
You should communicate with me about what you are interested in.
I intend the class to be accessible to juniors and seniors in CS, CSE, or math.
I would say that having some mathematical maturity, and a bit of cleverness and
the ability to communicate clearly, are prerequisites.
Having taken ECS 120 (Theory of Computation) and/or ECS 122A (Algorithms)
will serve you well, but I wouldn’t go
so far as to say that either is necessary.
It is likely that a lot of student will come to this class from an interest in
That’s great, but I want to make clear that cryptography and computer security
tend to involve very different ways of thinking about problems.
Prof. Matt Bishop will be teaching
a Computer Security class, ECS 153, this term.
The material is complementary; there isn’t much overlap.
Understanding Cryptography for the class, by
Christof Paar and Jan Pelzl.
I’ve never tried using it (natural enough, since I’ve never
tried to teach an undergraduate cryptography class before) and can’t yet tell you yet how
closely I will follow it.
If I’m liking the book, and you are, we will try to cover its contents; if not,
I will drift away from it, as is my usual habit.
A lot of modern cryptography isn’t well covered in books, but here are some that may be
Cryptography Engineering by Neils Ferguson, Bruce Schneier, and Yoshi Kohno;
(2) Handbook of Applied Cryptography
by Alfred Menezes, Paul van Oorschot, and Scott Vanstone (available free on-line);
Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell;
(4) Foundations of
Cryptography, Volume 1 and
Foundations of Cryptography,
Volume 2, by Oded Goldreich;
Introduction to Modern Cryptography by Mihir Bellare and Phil Rogaway (course notes); and
Lecture Notes on Cryptography by Shafi Goldwasser and Mihir Bellare (course notes).
I expect to base grading on approximately
30% final, and
20% oral exam,
15% classroom attendance and participation.
As the last category suggests, it is important to show up.
For homework problems, you may give or receive ideas
as long as you do a joint writeup for the particular problem or
acknowledge who contributed ideas.
If you work closely with one or more person on a problem, then
you should turn in a single writeup for that problem
(I will separately record your score for each problem).
Sorry, late homeworks will not be accepted.
Possibly more than others, I care about the quality of your exposition;
your writing is your art.
Your goal is to find short, correct, and elegant, solutions.
Make each sentence beautiful and make each word count.
During the second half of the course I will schedule each of you to come
see me for a half-hour time slot.
You can think of this oral exam as the midterm, or something in lieu of a midterm.
I may ask you to read something in advance of these discussions.
There will be a standard written final.
In recent years I have taken to confessing up front that I probably
won’t be able to recognize you if I see you outside the context of this class.
Please believe that it is absolutely not personal. It doesn’t mean that I am not interested in
you as a person, or even that I don’t know who you are, at some other level.
I have a new trick that simultaneously lets me
call on people by name
and lets me keep track of
who who is/isn’t coming to class:
students put a little card on their desk with their name on it.
(This also helps you out, should you forget your own name.)
I know it’s kind of lame, but I tried it for a class I taught last Fall,
and it seemed to work pretty well.
Cryptography is a strange area—stranger than most would imagine.
I hope you like this odd and arcane world.
Phil Rogaway’s homepage