Optional, free

CNIT 141: Cryptography for Computer Networks

Fall 2017 Sam Bowne

Schedule · Lectures · Projects · Links · Home Page

77820 M 6:10-09:00PM SCIE 200



Required, $22 from Amazon

All · Last 5

Course Justification

Individuals, companies, and governments all have private data on their computer systems that must be protected. However, the encryption techniques required to protect them are difficult to apply, and often fail in practice. There is a serious shortage of information technology professionals who are qualified to install, repair, and maintain cryptographic security measures. This class helps students prepare to meet those needs.

Catalog Description

Mathematical underpinnings and practical applications of modern cryptographic systems, including the Advanced Encryption Standard (AES), the Secure Hash Algorithms (SHA), and Rivest-Shamir-Adleman (RSA). The class focuses on practical applications: selecting, implementing, testing, and maintaining systems to protect data on modern computer networks.

Prerequisites: CNIT 120 or equivalent familiarity with the fundamentals of security, and MATH 40 or equivalent familiarity with algebra

Student Learning Outcomes

Upon successful completion of this course, the student will be able to:
  1. Implement modern cryptographic systems, including AES, RSA, and SHA
  2. Choose appropriate methods to protect data at rest, in use, and in motion
  3. Perform attacks to reveal encrypted data
  4. Explain the strengths and weaknesses of modern cryptographic systems


Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q Buy from Amazon ($22)

Mastering Bitcoin: Unlocking Digital Cryptocurrencies 1st Edition by Andreas M. Antonopoulos, ISBN: 1449374042 (optional, free online)


The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up till 8:30 am Saturday. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.

To take quizzes, first claim your RAM ID and then log in to Canvas here:


Live Streaming

You can attend class remotely using Zoom.

Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/4108472927
Meeting ID: 410-847-2927

The free version of Zoom is limited to 40 minutes per meeting. So to see the second part of the lecture live, you will have to re-join with the same meeting ID.

Classes will also be recorded and published on YouTube for later viewing.

Schedule (may be changed)

DateQuiz & Proj DueTopic

Mon 8-21  Intro: Bitcoin & Cryptography

Mon 8-28  1. Introduction to Cryptography and Data Security

Mon 9-4 Holiday - No Class

Fri 9-8 Last Day to Add Classes

Mon 9-11Quiz Ch 1-2 due *
Proj 1 & 2 due
Modular Arithmetic: Addition and Subtraction
Stream Ciphers
XOR: Bits and Nybbles

Mon 9-18Quiz Ch 3 due *
Proj 3 due
3. The Data Encryption Standard (DES) and Alternatives

Mon 9-25Quiz Ch 4 due *
Proj 4 & 5 due
4. The Advanced Encryption Standard (AES)

Mon 10-2Quiz Ch 5 due *
Proj 6 due
5. More About Block Ciphers

Mon 10-9 Holiday - No Class

Mon 10-16Quiz Ch 6 due *
Proj 7 & 8 due
6. Introduction to Public-Key Cryptography

Mon 10-23Quiz Ch 7 due *
Proj 9 due
7. The RSA Cryptosystem

Mon 10-30Quiz Ch 8 due *
Proj 10 & 11 due
8. Public-Key Cryptosystems Based on the Discrete Logarithm Problem

Mon 11-6No Quiz
No Proj due
Guest Speaker: Sarah Lewis Cortes, PhD, CISA, AAFS
Topic: Anonymous (cryptographically protected) network communications, aka the darknet. And, darknet crime, facilitated by cryptocurrency

Mon 11-13Quiz Ch 9 due *
No Proj Due
9. Elliptic Curve Cryptosystems

Mon 11-20Quiz Ch 10 due *
14 due
10. Digital Signatures

Mon 11-27Quiz Ch 11 due *
Proj 12 & 13 & 15 due
11. Hash Functions

Mon 12-4 No Guest Speaker: Lecture on 12. Message Authentication Codes (MACs) & 13. Key Establishment

Mon 12-11Quiz Ch 12 & 13 due *
Proj 16 due
All Extra Credit Proj due
Last Class: Guest: Scott Stender, VP, Crypto Services, NCC Group

Slides (PDF)

This talk will not be recorded or streamed--attend in person!

Fri 12-15 -
Thu 12-21
Final Exam available online throughout the week.
You can only take it once.

* Quizzes due 30 min. before class

Lecture Slides

Policy · Schedule

Bitcoin and Blockchains · PDF · Keynote
1. Introduction to Cryptography and Data Security · PDF · Keynote
2. Stream Ciphers · PDF · Keynote
      Modular Arithmetic: Addition and Subtraction · PDF · Keynote
      XOR: Bits and Nybbles · PDF · Keynote
3. The Data Encryption Standard (DES) and Alternatives · PDF · Keynote
4. The Advanced Encryption Standard (AES) · PDF · Keynote
5. More About Block Ciphers · PDF · Keynote
6. Introduction to Public-Key Cryptography · PDF · Keynote
7. The RSA Cryptosystem · PDF · Keynote
8. Public-Key Cryptosystems Based on the Discrete Logarithm Problem · PDF · Keynote
9. Elliptic Curve Cryptosystems · PDF · Keynote
10. Digital Signatures · PDF · Keynote
11. Hash Functions · PDF · Keynote
12. Message Authentication Codes (MACs) · PDF · Keynote
13. Key Establishment · PDF · Keynote


How to install Python 2.7 on Windows

Proj 1: Caesar Cipher with CrypTool 2 (10 pts. + 20 pts. extra)
Proj 2: Monoalphabetic Substitution Cipher (10 pts. + 10 pts. extra)
Proj 3: Cracking AES (With Weak Keys) with CrypTool 2 (10 pts. + 10 pts. extra)
Proj 4: RSA with Very Small Keys (10 pts. + 20 pts. extra credit)
Proj 5: Cracking a Short RSA Key (10 pts. + 40 pts. extra credit))
Proj 6: Preparing an Ubuntu Server (10 pts.)
Proj 7: Bitcoin: Setting up a Private Regtest Blockchain (20 pts.) (updated 10-16-17)
Proj 8: ECB v. CBC Modes with Python (15 pts.) (rev. 10-16-17)
Proj 9: Getting Started with Multichain (20 pts.) (updated 10-16-17)
Proj 10: Making a Blockchain Survey with Multichain (20 pts.) (updated 10-16-17)
Proj 11: Making a Private Ethereum Blockchain (15 pts.) (updated 10-24-17)
Proj 12: RSA Key Formats (10 pts. + 30 pts. extra credit)
Proj 13: Exodus Wallet (10 pts.)
Proj 14: Padding Oracle Attack (15 pts. + 20 pts. extra credit)
Proj 15: Making an Ethereum Contract with Truffle (10 pts.)
Proj 16: Existential Forgery Attack on RSA Signatures (15 pts. + 30 pts. extra credit)
Proj 17: Interledger and Ripple (15 pts.)
Proj 18: Quantum Entanglement with IBM Q (15 pts. + 10 pts. extra credit)

Extra Credit

Binary Games (variable pts.)
Proj X1: Coinbase (10 pts. extra credit)
Proj X2: XOR Encryption in Python (Up to 40 pts. extra credit) (rev. 10-19-17)
Proj X3: Local Bitcoin Wallet (10 pts. extra credit)
Proj X4: Finding Large Primes (20 pts. extra credit)
Proj X5: Factoring Large Numbers (20 pts. extra credit)


Bitcoin 1: The Crypto-Currency - The New Yorker (2011)
Bitcoin 2: Merkle tree - Wikipedia
Bitcoin 3: Genesis block
Bitcoin 4: Bitcoin Block #0 on Blockchain.info -- Click Transaction to see quote
Bitcoin 5: Coinbase, Coinbase Field - Bitcoin Glossary
Bitcoin 6: The Crypto-Currency - The New Yorker (2011)
Bitcoin 7: Cryptocurrency Prices
Bitcoin 8: Understanding Bitcoin Difficulty
Bitcoin 9: Difficulty - Bitcoin Wiki
Bitcoin 10: Mt Gox: The History of a Failed Bitcoin Exchange
Bitcoin 11: The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster
Bitcoin 12: Details of $5 Million Bitstamp Hack Revealed
Bitcoin 13: Bitcoin Exchange Gatecoin Hacked; 250 BTC & 185,000 ETH Lost (5-16-16)
Bitcoin 14: A history of bitcoin hacks
Bitcoin 15: Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt (8-27-12)
Bitcoin 16: Bitcoin exchange BitFloor shuttered after virtual heist (9-4-12)
Bitcoin 17: Cryptsy Hacked: Bitcoin Worth $USD 6 Million Stolen (1-18-16)
Bitcoin 18: Hackers steal $1m from Bitcoin site (11-8-13)
Bitcoin 19: Danish Bitcoin exchange BIPS hacked and 1,295 Bitcoins worth $1 Million Stolen
Bitcoin 20: $4.1 Million missing as Chinese bitcoin trading platform GBL vanishes (11-11-13)
Bitcoin 21: List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (11-16-14)
Bitcoin 22: Poloniex Loses 12.3% of its Bitcoins in Latest Bitcoin Exchange Hack (3-5-14)
Bitcoin 23: Secret Service Agent Gets Six-Year Sentence for Bitcoin Theft (12-17-15)
Bitcoin 24: Block Size Chart for Bitcoin and BitcoinCash
Bitcoin 25: Bitcoin Cash | Home
Bitcoin 26: Segwit2x and the Tale of Three Bitcoins (Aug. 7, 2017)

Blockchain 1: Microsoft launches Project Bletchley blockchain framework (June 17, 2016)
Blockchain 2: Understand the Blockchain in Two Minutes - YouTube
Blockchain 3: Ethereum Blockchain as a Service now on Azure (2015)
Blockchain 4: Sydney Stock Exchange Developing Blockchain Trading System (5-19-16)
Blockchain 5: Inside Linq, Nasdaq's Private Markets Blockchain Project (11-21-15)
Blockchain 6: Santander unveils first UK blockchain for international money transfers (5-26-16)
Blockchain 7: Acronis testing blockchain for backup (5-19-16)
Blockchain 8: Blockchain Experts, a Rare Breed, May Demand Big Bucks - WSJ (5-12-16)
Blockchain 9: A Visual Demo - YouTube
Blockchain 10: Demo - LIVE ONLINE

Introduction to Cryptography Videos by Christof Paar - YouTube
Cryptography Textbook Website
RSA is 100x slower than AES (figures 9-13)
RSA Public Key format - Stack Overflow
Cracking short RSA keys - Stack Overflow
Converting OpenSSH public keys
How can I transform between the two styles of public key format
Padding oracles and the decline of CBC-mode cipher suites
Prime Numbers Generator and Checker
PadBuster: Automated script for performing Padding Oracle attacks
RSA implementation in Python
Practical Padding Oracle Attacks on RSA
Android, JavaScript and Python compatible RSA Encryption
How to Install Python on Windows
MACTripleDES Class -- HMAC from Microsoft
Cryptool 2 Tutorial
Locky Gets Clever! Ransomware uses private-key and public-key encryption
How to Program Block Chain Explorers with Python, Part 1
How to Program Block Chain Explorers with Python, Part 2
Bitcoin mining the hard way: the algorithms, protocols, and bytes
Bitcoins the hard way: Using the raw Bitcoin protocol
Elliptic Curve Cryptography: a gentle introduction
Dogecoin Tutorial
Dogeminer - Dogecoin Mining Simulator
Dogecoin - Wikipedia
DogePay - DogeCoin Price
Ethereum - Wikipedia,
Ethereum Project
Ethereum Homestead 0.1 documentation
COINKING.io Mining Pool | Litecoin, Bitcoin, Multipool, Dogecoin, Scrypt, X11, SHA256, X13, X15, NeoScrypt, Scrypt-N
Inside Linq, Nasdaq's Private Markets Blockchain Project
Dangers of using BlockChain.info receive API - Unconfirmed inputs used for transaction fees (From 2014)
Receive Payments API - Blockchain.info
Bitcoin Transaction from Joe to Alice
Bitcoin Network Still Backlogged With Tens of Thousands of Unconfirmed Transactions, Causing Delays (from 2015)
Bitcoin's Capacity Issues No 'Nightmare', But Higher Fees May Be New Reality (Mar. 2016)
Bitcoin's 'New Normal' Is Slow and Frustrating (Feb., 2016)
Bitcoin block size live
How to completely kill Bitcoin at the 1 MB hard limit (Mar., 2016)
Weaknesses - Bitcoin Wiki
Block size limit controversy - Bitcoin Wiki
Creating your own experimental Bitcoin network
How to Create Your Own Cryptocurrency | CryptoJunction
Genesis block - Bitcoin Wiki
List of address prefixes - Bitcoin Wiki
RSA implementation in Python
Execute Python3 Online
ASN.1 Parser | phpseclib -- Converts RSA Keys to Decimal Form
Mastering Bitcoin: Free Online E-Book
bitcoin/bitcoin.conf at master bitcoin/bitcoin GitHub
Bitcoin Double Spends - Max. is About 4 Per Day
Top 5 Cryptocurrency Scams of 2014
Cryptocurrency Scams Exposed
Badbitcoin.org - A Site Listing Scams, Funded by Scamsite Ads
Four genuine blockchain use cases | MultiChain
Difficulty - Bitcoin Wiki
Understanding Bitcoin Difficulty
How to Install Python 2.7.10 on Ubuntu & LinuxMint
Beyond Blockchain: Simple Scalable Cryptocurrencies
DAO Trading Launched on May 28, 2016
Customizing blockchain parameters | MultiChain
Kunstmaan Labs - Hands on with Multichain
Multichain: A Build-Your-Own Blockchain Service for Banks
MultiChain Private Blockchain White Paper
Simple Encrypted Arithmetic Library - SEAL - Homomorphic encryption
Blockchain Voting slides
CNSA Suite and Quantum Computing FAQ
DAO Attack Wouldn't Have Been Possible With Synereo's Smart Contracting Language (7-3-16)
The Blockchain Brain Drain: How The States Are Driving Blockchain Companies Abroad (6-28-16)
The DAO's Wild Ride: Where Does Blockchain Go From Here? (7-1-16)
A brief history of cryptocurrency drama, or, what could possibly DAO wrong? (7-2-16) -- HIGHLY RECOMMENDED
A Legal Analysis of the DAO Exploit and Possible Investor Rights (6-21-16)
How to setup a local test Ethereum Blockchain
A 101 Noob Intro to Programming Smart Contracts on Ethereum
Ethereum TESTNET Morden Block Chain Explorer
Create a Hello World Contract in ethereum
Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore (July, 2016)
Ethereum Accounts, Address and Contracts (Live)
Namecoin: A Trust Anchor for the Internet -- POSSIBLE PROKECT
Solidity by Example -- Voting
Contract Tutorial ethereum/go-ethereum Wiki GitHub
Ethereum hands-on tutorial
Setting up geth Ethereum node to run automatically on Ubuntu
How to get a Morden Test Wallet on Ethereum and write a simple Will contract
Ethereum DApp Essentials Part 1 -- Useful explanations of concepts
What is bitcoin and the blockchain?
Practical Applications of Blockchain Technology
How to make miner to mine only when there are Pending Transactions? - Ethereum
Getting started with Blockchain (Beta)
GitHub - kadena-io/juno: Smart Contracts Running on a BFT Hardened Raft -- IMPORTANT ALTERNATIVE TO BLOCKCHAINS
Ethereum is the Forefront of Digital Currency
Ethereum Enthusiasts Determine Their DAO After A Successful Hard Fork (7-21-16)
Cross-Chain Replay Attacks on Ethereum (7-17-16)
DAO hacked, Ethereum crashing in value (6-17-16)
Bitcoin Plunges After Hacking of Bitfinex Exchange in Hong Kong (Aug 3, 2016)
Bitcoin Mining Profit Calculator Game
CCDC 5: How to Win CCDC
Arizona Cyber Warfare Range -- Revolutionary advancement in cyber security happens here.
Why do we use XTS over CTR for disk encryption?
Disk encryption theory - Wikipedia
A Graduate Course in Applied Cryptography -- POSSIBLE ALTERNATIVE TEXTBOOK
AES Encryption in Python Using PyCrypto -- USE FOR PROJECTS
Attacks on RSA cryptosystem
NSA’s VPN exploitation process (portion of book)
Hosting a DNS domain on the blockchain -- Ethereum-based prototype (2017)
Why isn't Internet DNS based on blockchain? (from 2016)
LocalBitcoins.com: Fastest and easiest way to buy and sell bitcoins
Public Key Cryptography: Diffie-Hellman Key Exchange (short version) - YouTube
Length extension attack - Wikipedia
Everything you need to know about hash length extension attacks
A Primer on IOTA (with Presentation)
Generating Addresses: Learn the Basics - IOTA
Documentation - IOTA - Getting Started
Tutorial: Getting Started - Beginners - IOTA Forum
IOTA Support - Tutorial - Nostalgia Light Wallet
IOTA Node Tutorial
iotaledger/cli-app: CLI App that acts as a wallet
Node.js Introduction
'Hello World' in IOTA: Payments and Messaging Leaderboard
SSH Tunnel in 30 Seconds (Mac OSX & Linux)
IOTA - The Machine Economy - Reddit
IOTA cool tools
MD5 Length Extension Attack
A sample implementation of MD5 in pure Python
Introducing Ethereum Development - Part 1 - MetaMask and Web3
Getting Started as an Ethereum Web Developer
cryptography of archive formats zip, rar and 7zip
Full break on 1024-bit RSA keys (and ~1 in 8 2048 keys) in libgcrypt via L3 cache timing
Rindjael Flash Animation (SWF File)
Lifetimes of cryptographic hash functions

New Unsorted Links

Bitcoin 27: 3 Things to Know About Bitcoin Mining in China (June 13, 2017)
Bitcoin 28: Banks fear bitcoin's mining centralization in China
Custom RBIX Shellcode Encoder/Decoder -- INTERESTING PROJECT
Ch 3a: Why can I encrypt data with one DES key and successfully decrypt with another?
Ch 3b: A Tutorial on Linear and Differential Cryptanalysis
Brainwallet - JavaScript Client-Side Bitcoin Address Generator -- SHOW TO CLASS
Hash-based Signatures: An Outline for a New Standard (from 2015)
Google Tests New Crypto in Chrome to Fend Off Quantum Attacks (2016)
Introducing Azure confidential computing--ENCRYPTING DATA IN USE
Ch 4a: AES Rijndael Cipher - Visualization - YouTube
Ch 4b: PyCrypto API Documentation
Ch 5a: Block cipher mode of operation - Wikipedia
Ch 5b: Galois/Counter Mode - Wikipedia
Ch 5c: Shor's algorithm - Wikipedia
Ch 2g: What is the Difference Between Common Law and Civil Law?
Penetration Testing in Active Directory using Metasploit (Part 2)
Ch 6a: CSRC - NIST Computer Security Publications
SpiderLabs/CryptOMG: CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.
Ch 5d: Bug #996193 "OFB chaining mode requires padding" : Bugs : Python-Crypto
Ch 5e: Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2) -- CCMP Mode Explained
2017-10-08: Algorithm for Linux $6$ password hashes
c - python crypt in OSX - Stack Overflow
Ch 7a: RSA numbers - Wikipedia
Ch 7b: Attacking RSA exponentiation with fault injection
Ch 7c: Fault-Based Attack of RSA Authentication
Hash Length Extension Attacks
CryptOMG Walkthrough - Challenge 1
CryptOMG Walkthough - Challenge 2
php - Can I blindly replace all mysql_ functions with mysqli_? - Stack Overflow
MariaDB - How to reset MySQL root user password
Automated Padding Oracle Attacks with PadBuster
Padding oracle attack explained
FeatherDuster is a tool for brushing away magical crypto fairy dust
The Padding Oracle Attack - why crypto is terrifying
The Cryptopals Crypto Challenges
Ch 9a: A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
Why RSA encryption padding is critical
Ch 8a: Chinese remainder theorem - Wikipedia
Generate Random Prime Numbers
rsatool can be used to calculate RSA and RSA-CRT parameters
Calculating RSA private keys from its public counterpart
IBM Blockchain 101: Quick-start guide for developers
Ch 9b: security - The length of the Bitcoin's private keys - Bitcoin Stack Exchange
Ch 9c: Keylength - ECRYPT II Report on Key Sizes (2012)
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem
Install Node.js - Ubuntu 16
nodesource/distributions: NodeSource Node.js Binary Distributions
Cryptology ePrint Archive
How the Byzantine General Sacked the Castle: A Look Into Blockchain
Bitcoin.org - The Byzantine Generals' Problem
Ethereum Casper 101
Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
Ethereum Contracts Are Going To Be Candy For Hackers (from 2016)
Attacks on RSA cryptosystem
Understanding Common Factor Attacks: An RSA-Cracking Puzzle
MTC3 — The Cipher Contest
trufflesuite/ganache-cli: Fast Ethereum RPC client for testing and development
Blockchain Demo - A visual demo of blockchain technology
The ultimate guide to audit a Smart Contract Most dangerous attacks in Solidity
How $800k Evaporated from the PoWH Coin Ponzi Scheme Overnight (Feb., 2018)
Hack This Contract - An Ethereum / Smart Contract Exploit Training Course
Comparison of the different TestNets - Ethereum Stack Exchange
Rinkeby is extremely slow at confirming transactions - Ethereum Stack Exchange
Ethernaut Coin Flip problem
ERC20 - Ethereum Token Standard
How to stop mining empty blocks? - MultiChain Developer Q&A
MultiChain/multichain-web-demo: Simple web interface for MultiChain blockchains, written in PHP.
Crypto Identifier - Tool To Uncipher Data Using Multiple Algorithms And Block Chaining Modes
Quantum Algorithm Zoo
Post-quantum Key Exchange—A New Hope
PQCrypto Usage & Deployment
GCHQ on Quantum key distribution - NOT RECOMMENDED
PadBuster v0.3 and the .NET Padding Oracle Attack
NewHope: Quantum-robust Crypto for Key Generation using Ring Learning With Errors
Introduction to post-quantum cryptography and learning with errors
How to write a quantum program in 10 lines of code (for beginners)
Crypton: Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems -- MORE PROJECTS
A Guide to Post-Quantum Cryptography

Last Updated: 1-3-18 8:59 am