CS 519/ECE 599 (Special Topic):  Applied Cryptography

Course Information Objectives and Syllabus | Prerequisites | Course Schedule and Materials | Announcements and Deadlines Research Projects |  In-class Presentations | Take-Homes   | Grading | 

Winter  2017
School of Electrical Engineering and Computer Science
Oregon State University

Course Information


Dr. Attila A. Yavuz


Kelley Engineering Center 3065



URL: http://web.engr.oregonstate.edu/~yavuza/


HOV 101 


MW 2:00 – 3:20 PM

Office hours:

Tuesday 4:00 – 6:00 PM 

Course Objectives and Syllabus

This course covers essential concepts of cryptographic primitives, applied cryptography tools, specialized authentication methods and digital signatures. This course also focuses on the latest security and privacy issues in applied cryptography domain such as Privacy Enhancing Technologies and their applications.  Finally, this course explores the state-of-art applied cryptography research problems and solutions via literature survey and research projects. Remark that this is a research-oriented course, in which students are expected to read  research papers, conduct surveys on recently emerging topics in applied cryptography  domain, and finally develop original solutions to important problems. By the end of this course, successful students will have a good understanding of applied cryptography and network security essentials, which will help them as a differentiating factor to obtain competitive R&D positions in industry. Furthermore, the students will gain experience on conducting research and writing (preliminary) papers in applied cryptography  domain. The objective is to encourage/prepare interested students to purse advanced degrees in security and privacy fields.



An Introduction-Level security course is recomended.   A good programming knowledge on C/C++ and/or Java is recommended. However, these prerequisites will not be enforced, and open to discussion.  Please contact with  the instructor if you have doubts. 

Course Schedule and Materials

The details of scheduling and course material (e.g., research papers, slides) will be provided as the course progresses. The material will be provided (generally) a few days advance. Students are strongly suggested to read research papers and slides before coming to the class. The material will be non-trivial and prior reading/familiarity will be very helpful.

Recommended Material to Recap:  Assuming you have already taken crypto/security classes, please recap on  cryptographic hash functions, block-ciphers, encryption modes, basic number theory including multiplicative inverse, cyclic-multiplicative groups, generators, totient-functions, RSA, DH, Elgamal, Schnorr signatures. These are the minimum background information you will need.

Recommended Books:  

Remark: The below schedule, topics and paper/presentations are tentative, it will be updated frequently, please check accordingly:

Date Topics Research Papers and  Supplementary Materials Slides
 Objectives and Vision,
discussion on the course content and Syllabus

Only slides MAIN: Intro

The below links are for backup and background if needed

DLP-based Constructions and More on Signatures

Advanced Authentication and Digital Signatures I

RSA, Condensed-RSA

Practical and Immutable Signature Bouquests

Hardware-Accelerated Authentication and RA

Structure-Free Compact Authentication (SCRA)

Anand A. Mudgerikar, Ankush Singla, Ioannis Papapanagiotou and Attila A. Yavuz, “HAA: Hardware-Accelerated Authentication for Internet of Things in Mission Critical Vehicular Networks”, International Conference for Military Communications (IEEE MILCOM 2015), to appear, October 2015

Attila A. Yavuz
, "Practical Immutable Signature Bouquets (PISB) for Authentication and Integrity in Outsourced Databases", 27th Annual Conference on Data and Applications Security and Privacy (DBSec 13), Lecture Notes in Computer Science (LNCS), Volume 7964,  July 2013.



SCRA is on the board with BLS signatures
Privacy Enhancing Technologies (I)
Searchable Encryption

     Broadcast Authentication (I)
         a) TESLA Variants I-IV
         b) EMSS

     Group Key Management
a) GDH-1-2-3
        b) Tree-based GHD
        c) Logical Key Hiearchy (LHK)
        d) Iolus

Attila A. Yavuz and Jorge Guajardo, “Dynamic Searchable Symmetric Encryption with Minimal Leakage and Efficient Updates on Commodity Hardware”, Selected Areas in Cryptography (SAC) 2015, Sackville, New Brunswick, Canada, August 2015.

Thang Hoang, Attila A. Yavuz and Jorge Guajardo, “Practical and Secure Dynamic Searchable Encryption via Oblivious Access on Distributed Data Structure”, in Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC '16), Los Angeles, California, USA.

A. Perrig, R. Canetti, D. Song, and D. Tygar, “Efficient Authentication and Signing of Multicast Streams over Lossy Channels,” in Proc. of IEEE Security and Privacy Symposium, May 2000.

A. Perrig, R. Canetti, D. Song, and D. Tygar, “Efficient and Secure Source Authentication for Multicast,” in Proceedings of Network and Distributed System Security Symposium, February 2001

\M. Steiner, G. Tsudik, and M. Waidner, "Diffie-Hellman Key Disttribution Extended to Group Communication", in Proceedings of the 3rd ACM Conference on Computer and Communications Security, pages 31--37, 1996.

Y. Kim. A. Perrig and G. Tsudik, "Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups." In Proceedings of the 7th ACM Conference on Computer and Communications Security (ACM CCS 2000), ACM Press, Nov. 2000.

Suvo Mittra, "Iolus: a framework for scalable secure multicasting," InProceedings of the ACM SIGCOMM '97, pages 277 - 288, 1997.

D. Wallner, E. Harder, R. Agee, "Key Management for Multicast: Issues and Architectures," IETF RFC 2627, June 1999.

 Chung Kei Wong, Mohamed Gouda, Simon S. Lam, "Secure group communications using key graphs," InProceedings of SIGCOMM '98, Pages: 68 - 79.

Searchable Encryption



     Mr. Richard Kramer

ESIGN and Other RSA Alterative Signature Schemes


         Privacy Enhancing Technologies (II)

      Oblivious Random Access Memory (ORAM)
       a) Basic ORAM
       b) Partition ORAM
       c) Path ORAM
       d) Novel ORAM Constructions with Improved Constants
       Oblivious Dynamic Symmetric Searchable Encryption
a) A multi-server apprach 

Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs.J. ACM 43, 3 (May 1996), 431-473. 

E. Stefanov, E. Shi, and D. Song. Towards practical Oblivious RAM. In Proc. NDSS, 2011.

Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: an extremely simple oblivious RAM protocol. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13).

Oblivious DSSE is on the board
Dr. Jesse Walker


Slides and board Blockciphers
TBA Student projects will be presented TBA

Unless otherwise specified, described  papers and presentations are given by the Instructor with the exceptions of "Selected Topics Presentations" and" Research Project Presentations", which are given by students. Responsible students and topics will be announced later (please see respective (prospective) deadlines).

How to obtain research papers
: Unless otherwise specified, you can obtain them from the ACM Digital Library or the IEEE Digital Library. OSU has subscriptions to both, so all you have to do is (1) be using an OSU IP# and you can just go to the ACM Digital Library or IEEE Xplore directly, or (2) if you're working from elsewhere, go to the OSU Library e-journals access page, make your way to the ACM Digital Library or the IEEE Digital Library, and be ready to type in your ONID username and password.

Announcements and Deadlines:

Research Projects and Survey/Scouting Topics

Discussed in detail in Introduction class and office hours.

Potential topics include development and deployment of DSSE schemes in mobile and parallizable environments, implementation of advanced ORAM constructions, quantum-computer resilicient r-time signatures, efficient digital signatures, and cost/benefit analysis of PETs.

In-class presentation assignments 

The objective of this assignment is twofold:

(i) To identify critical technology trends and innovation paths in network security, it is very important to know where to look for the state-of-art developments. This assignment will enable students to learn the top venues in security and privacy field and perform scouting activities on important topics.

(ii) Students will gain experience on presenting advanced  research topics and  papers, which is an invaluable skill for both industry and academia.

Potential topics include but not limited to:

Paper Selection: The Instructor will assign a topic to a student from the above list. The student then may select one or two papers of that they prefer from top cryptography or network security conferences/journals. The papers must be discussed with the Instructor beforehand:

Please look for Rank 1 or Rank 2 only. The selected paper(s) must  be recently (e.g., 2012-2015)  published, unless it is a fundamental paper.


Another  useful list is:


In-class presentations are an essential part of this course and will be evaluated strictly. There are several aspects that will help  students to deliver a good presentation:

Evaluation Criteria: Responsibilities of the presenter (not just a presentation, but a lecture!): Note that 75-80 minutes is a plenty of time. Instead of presenting two papers independently, the presenter must follow a strategy that will turn these paper presentations into a cohesive lecture. That is, if needed, the presenter may present only one paper, but before that spend half hour on required preliminaries and math concepts, which are needed to fully understand the paper. In addition to this, the presenter must prepare the following: Note: Depending on the size of class, the students may give just one or two  presentations. The grades for such case will be adjusted fairly. 

Remark: Students must send their "selected paper" latest by TBA  to the instructor for consent and feedback. The slides of the presentation  must be provided to the instructor a week (or earlier) before from the actual presentation so that it will be made available in course website. 

Take-Home Assignments

Optional: Students must work individually unless otherwise specified. For the collaborative problems (if it is assigned), you may form a team of 2 person (only students in this class) to work together. After discussing the problems, please write up your answers individually. Indicate the names of the other members in your team.



The basic grading policy is as follows:

    • In-class paper presentations (35% each presentation, total %30,  extra credit is possible)
    • Research project (55%) (extra credit is possible for successful deliveries, may supersede survey/scouting report for promising progress) --> Please see Syllabus
    • Class attendance, participation/discussions (%10)
    Take-home assignments (. %) (optional, late take-homes are not accepted)

Grading will work in favor of the student as long as she/he shows a full commitment, which is quantified by regular progress and deliveries.