CSC 580: Cryptography and Security in Computing


This page will list all the non-textbook readings that students are responsible for in CSC 580. Note that some readings are for graduate students only, while others are for all students in the class. Note: some papers are not publicly available due to copyright, and in that case links go through the UNCG library proxy - this will directly access the paper if you are on a UNCG IP address, and otherwise it will ask you to log in with your UNCG account. Non-UNCG people trying to follow these links: Sorry... Try googling the title to see if other versions are publicly available.

Readings for All Students

This reading list is a "work in progress" - additional readings may be added throughout the course of the semester, and deadlines for completing readings will be announced in class.

  • (Optional, but helpful!) A (relatively easy to understand) primer on elliptic curve cryptography

    This is a technical-press article that gives a good overview not just of elliptic curve cryptography (ECC) but also of general public key crypto leading up to ECC. Written for readers that are technically astute but who are not cryptographers, this is a nicely written introduction to the important ideas behind ECC.

  • (Required) Matt Green, The Many Flaws of Dual_EC_DRBG (from Matt's blog, "A Few Thoughts on Cryptographic Engineering")

    This is a nice description of the flaws and possible backdoor that is in the Dual_EC_DRBG pseudorandom number generator that is included in the NIST SP800-90A document ("Recommendation foRandom Number Generation Using Deterministic Random Bit Generators"). Some additional information on how vulnerabilities are reflected in use of Dual_EC_DRBG in real-world cryptographic libraries is given in the report On the Practical Exploitability of Dual EC in TLS Implementations (this is not required reading).

  • (Required) Roger Dingledine, Nick Mathewson, and Paul Syverson. "Tor: The Second-Generation Onion Router," USENIX Security Symposium, 2004, pp. 21ff.

    This is the original "design document" that described Tor. The design has grown and evolved since then, but this still provides a good overview. For people that want the most up-to-date Tor specifications, see the Tor Project Documentation Page.

  • Case Study: (Required) T. Kohno, T., A. Stubblefield, A.D. Rubin, D.S. Wallach. "Analysis of an electronic voting system," IEEE Symposium on Security and Privacy, 2004, pp.27-40.

    This is an excellent audit of a system in which security should have been paramount, an electronic voting machine used in real elections, but which was full of security-breaking implementation flaws. This paper illustrates just how easy it is for implementers with poor understanding of security concepts to make an insecure system, and how important it is to pay attention to the details. Note: The link goes to a version on Avi Rubin's web site - this version is formatted differently than the "official" version, and may or may not contain exactly the same content.

Readings for Graduate Students

The following readings are required of graduate students, who will write short reports on each research reading. These are all research papers, and go a little deeper technically than the readings above for all students. Note that while this course is an introduction to cryptography, these papers focus more on correct implementation and use of cryptography -- pure crypto research papers, as exemplified by the top-tier CRYPTO conference, typically have a depth that is beyond what is expected in this first, introductory course. Graduate students who are interested in the field are encouraged to take a look at some of these papers, and perhaps dive into some of this depth in their class project.