18-733 Spring 2016 Course Wrapup

Kyle Soska – April 29th, 2016

The Story of 18-733

• Applied Cryptography is normally taught by professor Gligore

• This semester professor Gligore was on sabbatical, professor Datta taught instead

My Involvement In 18-733

• Around the new year professor Datta was looking for a TA

• I had taken 18-733 in Spring of 2014

• I have already finished by TA requirements as a PhD student

• I agreed to TA under the condition that I would have an ability to make class material, give lectures, etc.

The Story of 18-733

• Normally, the course is a bit more mathematically rigorously – At the level of the number theory, HW3

• Grade is based off of 5 homeworks, and two exams – Each homework is 4 or 5 questions, all proofs

– Each exam is half proofs have true/false questions

• Recitation component of the course is unused

The Story of 18-733

• In previous offerings of the course, the first half is roughly the same to what we did – One Time Pad, PRGs, PRP, PRF, Symmetric Key

Crypto, Block Ciphers, MAC, Public Key Crypto, Digital Signatures, etc.

• No programming questions

• There was a mid-term exam

The Story of 18-733

• The second half of the course took 2-3 lectures to cover each of the following topics – Zero Knowledge

– Secure Multi-party computation

– Homomorphic Cryptography

• No programming project

• Final Exam

Goals for 18-733 Spring 2016

• We wanted to expose the class to contemporary research in Applied Crypto – Riffle, Riposte, Anonymous Credentials, Bitcoin,

Tor, Scantigrity, Passwords, etc.

• Introduce contemporary constructions of cryptographic building blocks – Elliptic Curves

– Salsa20

Goals for 18-733 Spring 2016

• Wanted to make the course truly “Applied”

– Add programming components to compliment the homeworks

– Add a course programming project

• Decided to remove the exams in order to focus more on the homeworks

– This allows us to make the homeworks more involved

– This allows the students to not worry about exams

Goals for 18-733 Spring 2016

• Making the course entirely based off of homework grades causes the homeworks to be very important – Missing a homework or handing a homework in

late would be devastating to your grade

• Remedied this in two ways – Take best 4 of 5 homeworks

– Add very generous late policy

Desired Outcomes

• Be able to read and understand applied cryptography academic papers

– Be able to attend talks and seminars on applied cryptography and understand and appreciate the contribution

• Have the empirical knowledge needed to integrate and apply cryptography in the workforce

Course Evaluations

• Please submit a course evaluation!

– In particular please leave comments at the end

• This course is very different from previous offerings, good opportunity to compare and contrast the pros and cons of each style

My Contributions

• Created and graded all 5 homeworks and the programming project

• Created all of the recitations

• Created 3 lectures, invited a friend to give a guest lecture, gave one of Dan Boneh’s lectures

Homework & Grading

• Each homework (and the project) should take about 20 hours

• Should contain information related to, but not explicitly found in the lectures – The homework assignments should support the

lectures from class, not reiterate them

• Test your ability to formalize proofs, read and understand papers, implement and break crypto

Homework & Grading

• Gamify programming problems – Break 10-time pad cipher

– Factor RSA modulus with close primes

– Oracle padding attack

– Break discrete logs with ‘half’ oracle

– Meet in middle attack

– Find hash collisions in SHA256-18 & certificate forgery

– Break vulnerable ECDSA implementation

Homework & Grading

• Homeworks should be hard – Getting full credit on a homework should be a serious accomplishment

– Students who put in a lot of time and energy should get an

opportunity to stand out

– Don’t want to make the homeworks so hard as to be discouraging

– No partial credit, answers are either right or wrong, no leniency offered towards “fishing for partial credit”

• Support for the homework should be accessible through Piazza

Homework & Grading

• Homework should be graded in a timely manner – Given the late policy, the earliest that I could returns

homeworks was exactly 1 week after they were due

• Solutions should be available and comprehensive, easy to understand – Released a solution .pdf exactly one week after each

assignment was due

– Went over solutions and grading approach in recitation

Homework & Grading

• Transparency with the grades for the course

– Plots of the distribution of grades for each assignment in recitation

– Plots of the mid-semester grades in class

– Plots of the final grades now (Homework 5 not included)

0

0.2

0.4

0.6

0.8

1

1.2

33 38 43 48 53 58 63 68 73 78 83 88 93 98

Class Mid-Semester Grades: CDF

A+ A B C C- D or Lower

0

0.2

0.4

0.6

0.8

1

1.2

62 67 72 77 82 87 92% of points earned

Class Final Grades*: CDF

A+ B C or Lower A+ A B-

Recitations

• Roughly half of the recitations support the homework assignments directly

• The other half of the recitations support the lectures – Salsa20 – Elliptic Curves – Semantic Security Review – Reduction Proofs Review – Number Theory Review – Etc.

Lectures

• Concerns of Big Brother

• Anonymous Credentials

• Strongly Anonymous Communication

• Crypto Magic makes an appearance in all of these areas and has very strong implications!

Final Thoughts

• Please fill out your course evaluations!

– Particularly leave comments at the end

• There is no corresponding evaluation for TAs

– Can submit anonymous comments on Piazza

– Can submit comments to professor Datta

– Can submit to me directly if you are brave enough