Fall 2023 COMP-547

Cryptography & Data Security

Prof. Claude Crépeau

 ME

• Prof. Claude Crépeau

• McConnell-110N • For all class matters
please use:
• (514) 398-4716 [email protected]
• Of ce Hours:
Wednesdays 13:30-16:30 [email protected]
fi
 (To Be Con rmed)

• Tomas Langsetmo • Ziyue Xin

• McConnell 107 • McConnell 307
• Of ce Hours:
Mondays 10:30-12:00
• Of ce Hours:
Fridays 12:30-14:00

• For all class matters please use:

[email protected]
fi
fi
fi
 YOU

• B.Science: 37 • M.Science: 20
• B.Arts: 6 • Exchange: 5
 COMP-547 Fall 2023 — Weekly Schedule
Mon 08:30 Tue 08:30 Wed 08:30 Thu 08:30 Fri 08:30
Mon 09:00 Tue 09:00 Wed 09:00 Thu 09:00 Fri 09:00
Mon 09:30 Tue 09:30 Wed 09:30 Thu 09:30 Fri 09:30
Mon 10:00 Tue 10:00 Wed 10:00 Thu 10:00 Fri 10:00
Tomas
Mon 10:30 Tue 10:30 Wed 10:30 Thu 10:30 Fri 10:30

MC-107
Mon 11:00 Tue 11:00 Wed 11:00 Thu 11:00 Fri 11:00
ofMon
ce 11:30
hours Tue 11:30 Wed 11:30 Thu 11:30 Fri 11:30
Mon 12:00 Tue 12:00 Wed 12:00 Thu 12:00 Fri 12:00
Mon 12:30 Tue 12:30 Wed 12:30 Thu 12:30 Ziyue
Fri 12:30
Mon 13:00 Tue 13:00 Wed 13:00 Thu 13:00 MC-307
Fri 13:00
Mon 13:30 Tue 13:30 Wed 13:30 Thu 13:30 of Fri
ce13:30
hours
Mon 14:00 Tue 14:00 Claude
Wed 14:00 Thu 14:00 Fri 14:00
Mon 14:30 Tue 14:30 MC-110N
WED 14:30 Thu 14:30 Fri 14:30
Mon 15:00 Tue 15:00 of 15:00
Wed ce Thu 15:00 Fri 15:00
Mon 15:30 Tue 15:30 hours
Wed 15:30 Thu 15:30 Fri 15:30
Mon 16:00 Claude
Tue 16:00 Wed 16:00 Claude
Thu 16:00 Fri 16:00
Mon 16:30 TR-1080
Tue 16:30 Wed 16:30 TR-1080
Thu 16:30 Fri 16:30
Mon 17:00 lecture
Tue 17:00 Wed 17:00 lecture
Thu 17:00 Fri 17:00

MC = McConnell TR=Trottier
fi
fi
fi
COMMUNICATIONS
WWW:
via myCourses

email:
[email protected]

Ed Discussion:
via myCourses
 COMP-547
Cryptography & Data Security
Description:(4 credits; 3 hours) This course presents
an in-depth study of modern cryptography and data
security. We investigate four important subjects of
cryptography:
๏ key distribution, ๏ data authentication,
๏ data encryption, ๏ user identi cation.

The basic information theoretic and computational

security of classical and modern cryptographic
systems are analyzed. The course is self-contained
and all necessary math background will be covered.
fi
 • Class notes (course web page)

COMP-547: textbook
Maple™ software • Katz and Lindell’s book
aterial
Mandatory Textbook:
web page)Introduction to Modern Cryptography 3rd Edition
by Jonathan Katz and Yehuda Lindell
Chapman & Hall / CRC Press, Dec 2020
nd Lindell’s book
 COMP-547 : EVALUATION
Your nal grade will be calculated as
• 60% for 4 assignments (15% each)
• 40% for the nal exam
• The exam is
open book — open documentation .
"In the event of extraordinary circumstances beyond the
University’s control, the evaluation scheme in a Course is
subject to change, provided that there be timely
communications to the students regarding the change."
fi
fi
 COMP-547 : Collaborations
• We greatly encourage you to discuss the assignment
problems with each other.
• However, these discussions should not go so far that you
are sharing code or giving away the answer.
•A rule of thumb is that your discussions should be
considered public in the sense that anything you share
with a friend should be sharable with any student in the
class.
• We ask you to indicate on your assignments the names
of the persons with whom you collaborated or discussed
your assignments (including the TA’s and instructor).
 COMP-547 : Grades
Policy on re-grading

• If you wish us to re-grade a question on an exam (or

assignment), we will do so. However, to avoid grade ratcheting,
we reserve us the right to re-grade other questions on as well.
Policy on nal grades

• We will use the same rules and formula for calculating the nal
grade for everyone. We understand that your performances may
be in uenced by many factors, possibly out of your control.
However, that is the only way we can be fair. The only exceptions
will be medical exceptions. In that case, I will require a medical
note, which has to be also reported to McGill, and to be
informed as early as possible. Failure to comply to these rules,
may results in the impossibility to invoke a medical exception.
fl
fi
fi
 COMP-547 : Assignments
Policy on Assignments
• Due date/time, location/mode for returning
your solutions, and accepted formats will be
announced in class and indicated on the
course web page.
• Failure to return your assignment in time will
result in penalties or even absence of grading.
Late submission of 24h or less may receive a
penalty of 20%. In all other cases, your
assignment shall be refused and not graded.
 COMP-547 : Assignments
• Importantly, solutionsthat do not follow the requested
format will receive a penalty. By default, we only accept
PDF or TEXT les. Images must be embedded in a PDF. Do
not compress your les. All les must open on LINUX
SOCS workstations.
• The quality of the presentation of your solutions is very
important. Unreadable material, cryptic notations, or bad
organization will results in penalties, and potentially even an
absence of grading. If you scan your hand-written solutions,
it is your responsibility to ensure that you submit a high-
luminosity, contrast, focus and
quality image (i.e. excellent luminosity
.
resolution ). The clarity of your explanations will also be an
integral part of your grade.
fi
fi
fi
 COMP-547 : @McGill
McGill Policies
• In accordance with McGill University’s Charter of
Students’ Rights, students in this course have the right
to submit in French as well as in English any written
work that is to be graded.
• McGill University values academic integrity. Therefore,
all students must understand the meaning and
consequences of cheating, plagiarism and other
academic offenses under the Code of Student Conduct
and Disciplinary Procedures.
See this link: http://www.mcgill.ca/students/srr/
McGill Policies — Use of Generative AI

• Students are encouraged to make use of technology, including

generative arti cial intelligence tools, to contribute to their
understanding of course materials.

• Students are not encouraged, unless otherwise stated, to make

use of arti cial intelligence tools, including generative AI, to
help produce assignments. We believe that working through
the assignments on your own will help you gain a better
understanding of the course material and will better prepare
you not only for the other course examinations, but also for
the subsequent CS courses, internships, research
opportunities, and jobs. However, students are ultimately
accountable for the work they submit. Any content produced
by an arti cial intelligence tool must be cited appropriately.
Many organizations that publish standard citation formats are
now providing information on citing generative AI (e.g., MLA:
https://style.mla.org/citing-generative-ai/ ).
fi
fi
fi
 COMP-547 : @McGill
McGill Communication Policies
• The University is committed to maintaining teaching and
learning spaces that are respectful and inclusive for all.
To this end, offensive, violent, or harmful language arising
in course contexts may be cause for disciplinary action
under the Article 10 of the Code of Student Conduct
and Disciplinary Procedures and Section 2.7 of the
Policy on Harassment, Sexual Harassment, and
Discrimination Prohibited by Law.
 COMP-547 : @McGill
Post-COVID-Pandemic Public Health issues
• The Quebec government ( https://www.quebec.ca/en/
health/health-issues/a-z/2019-coronavirus ) provides the
following guidelines for educational institutions (as of
August 2023). Wearing masks is not required, however, if
you are experiencing cough, sore throat, or nasal
congestion it is recommended that you wear a mask
and, as much as possible, keep your distance from
others and advise them you may be contagious. In the
case of a fever, remain at home.
 Fall 2023 COMP-547
Cryptography & Data Security

Prof. Claude Crépeau

COMP-547 Fall 2023
Cryptography & Data Security

Claude Crépeau
 tasks
Encryption Authentication Identification Quantum
security
Quantum
Symmetric MVM Wegman-Carter Simple
Key
Informational One-Time PAD Universal Hash Solutions
Distribution
from PRBG from PRBG from PRBG
Symmetric Q-Attacks,
from PRFG from PRFG from PRFG
Computational Q-Safety
DES, AES, etc DES, AES, etc DES, AES, etc
RSA, ElGammal, Guilloux-
Asymmetric Q-Attacks,
Blum- RSA, DSA, etc Quisquater,
Computational Q-Safety
Goldwasser Schnor, etc

DONE IN PROGRESS TO DO GIVE UP

 Classical

Cryptography
Information

Theoretical

Cryptography
Information Theoretical Cryptography

• • • • •

Key Distribution

Encryption

Authentication

Identification
• • • • •
Will you marry me ?
 Will you marry me ?

Divorce your wife first !

 Will you marry me ?

Divorce your wife first !

» Decryption
»
Encryption
The papers are in the mail...
»
Will you marry me ?
» marry me ?
 Will you marry me ?

Divorce your wife first !

» Decryption
»
Encryption
The papers are in the mail...
»
Will you marry me ?
» marry me ?

OK, I will !
 Key
Distribution
» »
Encryption
Will you marry me ?
Will you marry me ?

Will
you
mary
me?
Will you marry me ?
Will you marry me ?
Will you marry me ?
Will you marry me ?
Will you marry me ?
 Will you marry me ?

Will
you
mary
me?
 » Decryption
»
Encryption

»
Will you marry me ?
» marry me ?
 » Decryption
»
Encryption

»
Will you marry me ?
» marry me ?
 » Decryption
»
Encryption

»
Will you marry me ?
» marry me ?
 » Encryption
»
Decryption

»
Divorce your wife
» your wife first !
 » Encryption
»
Decryption

»
Divorce your wife
» your wife first !
 » Encryption
»
Decryption

»
Divorce your wife
» your wife first !
» »
» »
 Symmetric Encryption

Encryption

P K C

Decryption

Information Theoretical Security

Symmetric Encryption

Ceasar’s Cipher
 VERNAM’s Cipher

m
1
0
1
0
0
1
0
0
1
1
1
1
1
0
0
1
 VERNAM’s Cipher

m
1
0
1
0
0
1
0
Frank Miller
0
1
1
1
1
1
0
0
1
 VERNAM’s Cipher

m
1
0
1
0
0
1
0 Joseph Mauborgne
Frank Miller
0
1
1
1
1
1
0
0
1
 VMVM—Cipher
ERNAM’s Cipher .

m
1
0
1
0
0
1
0 Joseph Mauborgne
Frank Miller
0
1
1
1
1
1
0
0
1
 VMVM—Cipher
ERNAM’s Cipher .

m⊕
⊕k
1 1
0 1

Encryption
1 1
0 0
0 0
1 1
0 1
0 0
1
1
⊕
1
1
1 0
1 1
1 0
0 1
0 1
1 1
 VMVM—Cipher
ERNAM’s Cipher .

m⊕
⊕ k= c
1 1 0
0 1 1

Encryption
1 1 0
0 0 0
0 0 0
1 1 0
0 1 1
0 0 0
1
1
⊕=
1
1
0
0
1 0 1
1 1 0
1 0 1
0 1 1
0 1 1
1 1 0
 VMVM—Cipher
ERNAM’s Cipher .

m⊕
⊕ k= c c
1 1 0 0
0 1 1 1

Encryption
1 1 0 0
0 0 0 0
0 0 0 0
1 1 0 c 0
0 1 1 1
0 0 0 0
1
1
⊕=
1
1
0
0
0
0
1 0 1 1
1 1 0 0
1 0 1 1
0 1 1 1
0 1 1 1
1 1 0 0
 VMVM—Cipher
ERNAM’s Cipher .

m⊕
⊕ k= c c⊕k
1 1 0 0 1
0 1 1 1 1

Encryption
1 1 0 0 1
0 0 0 0 0
0 0 0 0 0
1 1 0 c 0 1
0 1 1 1 1
0 0 0 0 0
1
1
⊕=
1
1
0
0
0
0
⊕
1
1
1 0 1 1 0
1 1 0 0 1
1 0 1 1 0
0 1 1 1 1
0 1 1 1 1
1 1 0 0 1
 VMVM—Cipher
ERNAM’s Cipher .

m⊕
⊕ k= c c ⊕ k=m
1 1 0 0 1 1
0 1 1 1 1 0

Encryption
1 1 0 0 1 1
0 0 0 0 0 0
0 0 0 0 0 0
1 1 0 c 0 1 1
0 1 1 1 1 0
0 0 0 0 0 0
1
1
⊕=
1
1
0
0
0
0
⊕=
1
1
1
1
1 0 1 1 0 1
1 1 0 0 1 1
1 0 1 1 0 1
0 1 1 1 1 0
0 1 1 1 1 0
1 1 0 0 1 1
KEY
 CIPHERTEXT - 1

KEY
 CIPHERTEXT - 1

KEY
 CIPHERTEXT - 1

KEY
 CIPHERTEXT - 1

KEY

CIPHERTEXT - 2
 CIPHERTEXT - 1

KEY

CIPHERTEXT - 2
 CIPHERTEXT - 1

KEY

CIPHERTEXT - 2
 CIPHERTEXT - 1

KEY

CIPHERTEXT - 2
CIPHERTEXT - 1

CIPHERTEXT - 2
CIPHERTEXT - 1

CIPHERTEXT - 2
CIPHERTEXT - 1

CIPHERTEXT - 2
 VERNAM’s
One-Time Pad
m1 ⊕ k= c1 c1 ⊕ k=m1
m2 ⊕ k= c2 c2 ⊕ k=m2

c1

c2

c1 ⊕ c2 = m1⊕ m2
 »
»
»»
»» »
»»
»
»
»»»
»» »
»»»
»»

»
»»
»
»
»

»
»
»

»
» »
»
»»
»
»

»»
»»

»
»
»

»
»
»
»
»

»
»
»
»

»
»
»
»
»
»

»
»
»
»
» »
»

»
» »
»
»
» »
» »
»
»
» » »
»
»»
» » »
»
»
»» » » »

»
» »
»
»
» »
»
»» »» »
»
» » »
»
»
»»
»» »
»
»» »
»
»»
»»»»
»
 »
»»
»
»
»
»
»
»
»
»»
»
»
»
»
»
»
»
»
»
»
»
»
»
»

»
»»»
»»
»
»
»»»»
»»»
»»
»
»»
»»»
»
Authentication
 A
Auutth
heen
nttiic
caattiio
onn

me ?

irst !

he mail...

» »
Verification Authentication
Verification Authentication

VALID
VALID » marry me ?
marry me ?
»your me ?
your me ?
 A
Auutth
heen
nttiic
caattiio
onn

me ?

irst !

he mail...

» »
Verification Authentication
Verification Authentication

VALID
VALID » marry me ?
marry me ?
»your me ?
your me ?
 A
Auutth
heen
nttiic
caattiio
onn

me ?

irst !

he mail...

» »
Verification Authentication
Verification Authentication

VALID
VALID » marry me ?
marry me ?
»your me ?
your me ?
 Authentication

me ?

irst !

he mail...

» »
Will you marry me ?
Will you marry me ?

Will
you
mary
me?
 Will
Will you marry me ?
you
mary
me?
Will
you
Will you marry me ?
mary
me?
 Will you marry me ?

Will
you
mary
me?
Will you marry me ?
 Symmetric Authentication

(m, )
» »
Authentication Verification
:= A (m) = A (m) ?
» »
 Symmetric Authentication

(m, )
» »
Authentication Verification
:= A (m) = A (m) ?
» »
 Symmetric Authentication

(m, )
» »
Authentication Verification
:= A (m) = A (m) ?
» »
 A
Auutth
heen
nttiic
caattiio
onn

» »
Verification Authentication
Verification Authentication

»
VALID
INVALID
marry me ?
marry me ?
»your me ?
your me ?
 A
Auutth
heen
nttiic
caattiio
onn

» »
Verification Authentication
Verification Authentication

»
VALID
INVALID
marry me ?
marry me ?
»your me ?
your me ?
 A
Auutth
heen
nttiic
caattiio
onn

» »
Verification Authentication
Verification Authentication

»
VALID
INVALID
marry me ?
marry me ?
»your me ?
your me ?
 A
Auutth
heen
nttiic
caattiio
onn

» »
Authentication Verification
Authentication Verification

»
No, I never
No, I never »
No, I never me ?
No, I never me ? INVALID
INVALID
 A
Auutth
heen
nttiic
caattiio
onn

» »
Authentication Verification
Authentication Verification

»
No, I never
No, I never »
No, I never me ?
No, I never me ? INVALID
INVALID
 A
Auutth
heen
nttiic
caattiio
onn

» »
Authentication Verification
Authentication Verification

»
No, I never
No, I never »
No, I never me ?
No, I never me ? INVALID
INVALID
 Symmetric Authentication

Authentication

M K T

Verification

Information Theoretical Security

 Impersonation

(m,t)

Substitution

(m,t) (m',t')

Information Theoretical Security

 Wegman-Carter
One-Time Authentication

» »?
⊕ = ⊕ =
?
tag

tag
⊗ ⊗
message

key

key
message
 Wegman-Carter
One-Time Authentication

» »?
⊕ = ⊕ =
?
tag

tag
⊗ ⊗
message

key

key
message
identification
 One-Time Identification

ALICE

»
OK

» »
 Impersonation

ALICE ALICE

»
OK OK
 Impersonation

ALICE ALICE

»
»

OK OK
 Impersonation

ALICE ALICE

»
»

OK OK

ALICE ALICE
»

OK »OK
 One-Time Identification

ALICE

»
OK

» »
ALICE
»

» OK »
AMATEUR
COMP-547 Fall 2023
Cryptography & Data Security

Claude Crépeau