ECS 127: Cryptography — Course Information — Spring 2016

Read everything on this handout. Not all of the information is standard. This includes the severe academic misconduct policy described below.

This is a course in modern cryptography. The subject spans math, modeling, theory, security, and public policy. Here is the official course description.

Your Instructor

Teaching Assistants

There are two TAs for this class: TA office hours will be posted and kept up to date on the course homepage.

Class Meetings

Additionally, you can go to either of two discussion sections: I expect Section 2 will have much lower attendance: go there if you want a more intimate experience. Each week, the same person will cover both sections. Discussion sections should be considered optional unless I indicate otherwise. Discussion section begins week-2; there is no discussion on Monday, 2016.03.28, the first day of class.

Classroom Conduct

Course Webpage

Follow the obvious link from my homepage to our class web page at It is important that you check the web page regularly: it is there that homeworks and announcements will magically appear.


The official prerequisite is ECS 20 or Math 108. That really is a lower bound; you need to have a level of mathematical maturity consistent with having taken, and understood, a reasonable course in discrete math. Having taken (and learned) ECS 120 (Theory of Computation) and/or ECS 122A (Algorithms) is desirable too, but it’s not a prerequisite. I would expect that everyone in this class is capable of writing a small program, although I haven’t decided if I will give you any chance to use this skill.

Some students will come in to the class from an interest in computer security. That’s great, but I want to make clear that cryptography and computer security involve very different skills and ways of thinking. This class is primarily as a theory class (as hinted at by the second digit of the course number), even if the theory we talk about is particularly applicable and motivated by practice.


I expect to lecture on most or all of the following topics: introduction - blockciphers - symmetric encryption - pseudorandom permutations and pseudorandom functions - symmetric encryption - hash functions - message authentication codes - authenticated encryption - asymmetric encryption - digital signatures entity authentication - authenticated key exchange - interactive proofs - zero knowledge - SSL/TLS - crypto policy (with a U.S. focus) - ethical issues. Course material is subject to change depending on my mood and student interests.

Your primary resource is what I say in lecture. You do not want to miss any lectures, as material may be hard to get anywhere else. If you miss a class, I suggest you try to find a student who attended (and understood) that class to explain it to you.

There is no assigned text, but here are a variety of books or resources that you may find useful. Links to these appear on the course homepage.


I expect to compute grades as: Problem sets are graded so that all numbered questions count equally.

I may adjust the above if it seems appropriate for some reason.

If you miss the quiz or the midterm for a documented medical reason, I will re-weight things towards final. If you miss the final, however, you will get an F. You will also get an F if you are found by SJA to have engaged in academic misconduct (see below). Note that since ECS 127 is rarely taught, with no plan to teach it again in 2016-17, if you should somehow end up with an F, it is unlikely you will have an opportunity to repeat the class.

Homework Rules

Homeworks are due at 11:59 on the indicated day. They are turned in using the gradescope website.

With the granularity of a problem set, you may, if you wish, work with one partner. Alternatively, you can work alone. If you choose to have a partner on a problem set, the two of you comprise a team and you must turn in a single writeup. Use gradescope to indicate both authors of a solution.

For homework writeups, I care about the quality of writing as well as the quality of thinking. Your goal is to find short, correct, and elegant solution. Make it beautiful. Please do not turn in an incorrect solution to a problem that you understand to be incorrect. I prefer writeups to be typeset, ideally in LaTeX. But you can neatly print if you prefer. If you don’t typeset, I recommend a scanner instead of taking a photograph with a phone: if it’s not easy to read, it is, by definition, not right.

I discourage interacting on homeworks with anyone except your partner (if you have one), a TA, or me. If you’re a non-native speaker and your English skills are not than near-native, please do not partner with another non-native speaker with a similar challenge (on the other hand, you might try to partner with someone with strong English skills who is willing to help you in this direction).

Late problem sets are not accepted.

If you think that a homework was misgraded, you may request a regrade, using gradescope, within three days of when grades are posted. Indicate clearly what you think was incorrectly graded. Scores can go up or down. Because it consumes a great deal of TA time, please limit your use of the use the regrade option to cases where you believe that an actual error was made, not a discretionary matter in assigning points.

If you think the quiz or midterm was misgraded, please write a note on the cover of the exam to indicate which problem(s) you think misgraded, and give it to the professor within one week of when the exam was returned.

Academic Misconduct and Associated Grading Policy

  1. Exams: These are closed book / closed notes / closed neighbor. Bring picture ID. Any device that can be powered off must be powered off for the duration of the exam. You may not sit next to someone you know. In that sentence, “next to” means to your left, right, directly behind, or diagonally behind; and “someone you know” means that they’re a friend or someone you’ve worked with (in this class or some other) or someone you have some arrangement with concerning cheating. If you see anything inappropriate during an exam, please report it immediately by going to see me or a TA.
  2. Homeworks: You may not look at any problem set solution of any course anywhere. You may look at non-problem-set materials as long as you acknowledge any idea you used. That said, looking for directly relevant materials in books or the like is the wrong way to go about trying to solve any homework problem I would give. The thing you need to use is on your shoulders.
  3. Uploading materials: Uploading course materials for further redistribution to sites like “coursehero” is not only an instance of academic misconduct, but it is also illegal.
  4. Cheat-implies-F. I report all instances of suspected academic misconduct to SJA. If SJA finds that you were involved in misconduct, I will assign you an F grade in the class. This is in addition to whatever SJA does (e.g., a warning letter, deferred dismissal, or dismissal). By taking this class with me, you are agreeing to this nonstandard grading policy.
The cheat-implies-F policy isn’t because I’m mean (at least I don’t think I’m mean!), nor because I see things as black-and-white (I don’t). It’s because I, and lots of other CS faculty, have been having major problems with student cheating. Cheating is unfair to honest students; it makes a mockery of the academic ethos, which depends on the honest reporting of work; and that it may foreshadow dishonesty in ones professional career as a computer scientist, where the consequences of dishonesty include risks to public safety and well being.

Parting thoughts

Cryptography is a wonderfully strange area—stranger and more wonderful than most would imagine. One thing I hope to do is to give you a bit of a sense of what the research frontiers look like for this field. This may be your first hint as to what research looks like in any computer science area.

I am shocked by the number of people signed up for this class. One explanation is that current events like the Apple/FBI battle have increased interest in the subject. I think that's a perfectly good reason to be here, and I will try to make sure that we cover the technical side of this and any other important current events. Another explanation is that the difficulty of getting into classes is driving people to sign up for anything, even a theory-heavy class like cryptography that they’d rather not take. If that’s you, I hope you get into something else, for this is definitely an elective class.

Phil Rogaway's homepage