HN Academy

Online courses recommended by Hacker News users. [about]

Cryptography II

Coursera · Stanford University · 13 HN points · 10 HN comments

Learn about the inner workings of cryptographic primitives and protocols and how to apply this knowledge in real-world applications. A free textbook covering the material in the course is available ...
HN Academy Rankings
Provider Info
This course is offered by Stanford University on the Coursera platform.
HN Academy may receive a referral commission when you make purchases on sites after clicking through links on this page. Most courses are available for free with the option to purchase a completion certificate.

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this course.
If you come from a computer science/math background, and want an intro to cryptography in general, I can strongly recommend the Coursera course from Stanford University by professor Dan Boneh - https://www.coursera.org/learn/crypto. To really understand the implementations of security libraries and tools, one should be at least familiar with the fundamentals and terminology of crypto. Otherwise you are blindly encrypting things without being aware of whether you are actually securing things.

The course is free and takes 6 weeks long, and is very interesting if you had never dwelled too deep into security or crypto. There's also a new cryptography class that will be available in September of 2017 - https://www.coursera.org/learn/crypto2.

qjighap
I loved the first crypto course.

I have been enrolled in the crypto2 class for several years now. I hope they finally offer the course, but I have low hopes.

kyrre
any day now :^)
hueving
TBH this doesn't really give you anything about best practices though. It's a bunch of base theory without anything about timing analysis, etc. It's nice to know information but I don't think it makes you a better 'secure' programmer.
rqebmm
This was a complaint I heard from several people I work with who took the course.
platz
To my knowledge there has never been a timing attack documented in the wild on a remote server. They are only practical in offline scenarios with host access
hueving
Depends on what you mean by timing attack.

The only vulnerability of Tor, which heavily depends on cryptography, is timing analysis.

One of the most important lessons of cryptography is that it doesn't exist in a vacuum. Timing between messages and message sizes can be enough to end you.

platz
I guess "timing analysis" means something else, more akin to correlation of meta-data. https://en.wikipedia.org/wiki/Timing_attack is pretty clear, so maybe I was referring to something else than the OP.
cvwright
Funny you should mention this in a thread about Dan Boneh's crypto class.

David Brumley and Dan Boneh, "Remote Timing Attacks Are Practical." In Proc. USENIX Security Symposium, 2003. https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

Abstract

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.

That's not a valid argument. Nothing is secure from all known threats.

The question is how (in)secure is the system. In this case, the voting protocol doesn't provide a means of verification.

Secure voting protocols have been around for quite a few years. jjuhl left this comment above https://news.ycombinator.com/item?id=13032602

Dan Boneh's Crypto 2 coursera course (https://www.coursera.org/learn/crypto2#) covers the concept.

There are voting protocols that use the same foundations as public-key crypto to allow for vote verifiability - you can validate that your vote has been taken into account in the tally without sacrificing the privacy of your vote. There are solutions for voter fraud too.

pdkl95
> Nothing is secure from all known threats.

Of course. That's why it's important to reduce the attack surface. Adding electronics (or worse, software) adds a huge amount of attack surface. The attack could be at any point from the CPU-internals to the software.

> the voting protocol doesn't provide a means of verification

Yes. That's a feature. Any new system cannot re-enable voter coercion.

> Homomorphic encryption

I already mentioned[1] that video yesterday. It's an interesting idea, but even Prof. Rivest in the video isn't claiming it's ready for use.

More importantly, the reply by marten-de-vries[2] brings up a very good counter argument to any voting system based on fancy math: the general population won't accept it. The voting process doesn't work unless the population considers it legitimate, and it will be hard to convince them if they first have to learn enough math to understand homomorphic (or public-key) encryption.

This is still interesting research that may evolve into a new type of voting protocol in the future.

[1] https://news.ycombinator.com/item?id=13020917

[2] https://news.ycombinator.com/item?id=13021517

habeanf
> Adding electronics (or worse, software) adds a huge amount of attack surface. The attack could be at any point from the CPU-internals to the software.

You're missing the point. The voting protocol is built in such a way that you can verify that your vote was cast as intended, and that your vote was counted in the tally. Once everyone agrees on the voting protocol you don't need to trust someone else's electronics, you can do it on your own device, and use open source software.

> the voting protocol doesn't provide a means of verification Yes. That's a feature. Any new system cannot re-enable voter coercion.

You can have vote verification without enabling coercion. If you have a vote receipt it does not imply you can prove or disprove how you voted, but it does allow you to verify that your vote was included in the tally.

> More importantly, the reply by marten-de-vries[2] brings up a very good counter argument to any voting system based on fancy math: the general population won't accept it. The voting process doesn't work unless the population considers it legitimate, and it will be hard to convince them if they first have to learn enough math to understand homomorphic (or public-key) encryption.

I disagree. The general population doesn't know how RSA or AES work but we have HTTPS and the green-lock-thingy. You don't need to know how or why something works in order to reap its benefits.

pdkl95
> You're missing the point. The voting protocol is built in such a way that you can verify that your vote was cast as intended

No, you're missing the point. You don't know that the crypto was calculated properly, because you are not going to be calculating the crypto by hand. Prove - in the voting booth - that someone hasn't changed the software to give you the wrong crypto token.

> If you have a vote receipt it does not imply you can prove or disprove how you voted, but it does allow you to verify that your vote was included in the tally.

Do you not see that this is is a contradiction? Someone coercing you simply demands that verification.

"Bring your verification receipt if you want to keep your job."

> HTTPS and the green-lock-thingy

TLS doesn't rely on the public understanding it for legitimacy. The public doesn't care about how it works; they care about if it's a reliable security feature. Legitimacy is lost if there are too many public failures.

Voting requires an understanding how the winner was decided. Your proposal will never be accepted if it is, in the eyes of the general public, a black box you submit your vote into that is only interpreted by a priesthood that they have to trust to interpret the votes. Adding up votes is understandable, but homomorphic encryption might as well be black magic.

This understanding is more important than ever, because we are currently experiencing a revolt against technocracy. Brexit and Trump are aspects of this revolt. If you think you can get the population to accept a voting protocol they don't understand, then you haven't been paying attention to the current political climate.

vehementi
Check out the many threads about this on HN about why electronic voting is not going to be secure enough
Sep 15, 2016 · 1 points, 0 comments · submitted by Tomte
Jan 31, 2016 · 2 points, 1 comments · submitted by Tomte
Tomte
Has been announced and cancelled many times, but I'm hopeful this time, because I could actually enroll, and there was a pre-course survey a few weeks ago.

Looks to me like it's seriously starting in four months now.

Jan 05, 2016 · 2 points, 2 comments · submitted by calvins
calvins
I know there are quite a few readers of HN that have been waiting for Crypto II for a while, so consider this a public service announcement.
calvins
Pushed back for another six months yet again. So much for the idea somebody here put forth that it always gets cancelled in the middle of the previous month if it's going to get cancelled. This time it's four days before it would have started.
Dan Boneh's "Introduction to Cryptography".

(Part 1) https://www.coursera.org/course/crypto (Part 2) https://www.coursera.org/course/crypto2

Kurtz79
I did part 1 and liked it a lot.

I also liked Udacity crypto course, less formal but with great "hands on" exercises:

https://www.udacity.com/course/applied-cryptography--cs387

calvins
+1 for Dan's crypto1. I don't think crypto2 has been taught yet via coursera, as I've been waiting to take it and have seen it pushed back several times, and I've seen others say they'd been watching it get delayed for years. It does seem that Dan has been recording videos for part 2 in 2015 though (according to one of his students), so there's reason for hope that it might happen in 2016.
nindalf
I think we'll know in a couple of weeks if its going to start on Jan 11th or not. If its not ready yet, it'll be pushed back by a month or two by mid December. That's how the previous postponements were done.
uulbiy
I finished Cryptography I in March 2012 and wanted to take Cryptography II ever since. Every time the announced time is close it gets pushed back by 4 months.
zzmxleo
Yeah, the course is really cool.
kbart
I came here to say the same. A really, really good course, a must to everyone who's interested in cryptography.
Dan Boney is awesome. I really like that he is sharing his classes and materials online (I would highly recommend his classes in Stanford[0] and his coursera class[2] as well). I think this is still a work in progress / draft so don't expect to have an ebook available yet.

[1] CS*55 series [2] https://www.coursera.org/course/crypto2

lisper
That's "Boneh", not "Boney." (It means "builder" in Hebrew.)
nicolasehrhardt
That was actually a typo, but thanks for the translation. And apologies...
tga_d
That Coursera link should be https://www.coursera.org/course/crypto

The first course happens regularly, while "part 2" has been "2 months away" for at least a year now.

jessaustin
I signed up for that years ago, after enjoying crypto 1. Has 2 ever taken place?
sigjuice
No.
Is this the course you are looking for? https://www.coursera.org/course/crypto2
StavrosK
Yeah, it's been "starting in three months" for two years.
Nov 03, 2014 · Confusion on Crypto 101
Does anyone know how this compares to Coursera course [1] or [2] + [3]?

[1] https://www.coursera.org/course/cryptography

[2] https://www.coursera.org/course/crypto

[3] https://www.coursera.org/course/crypto2

transedward
https://www.udacity.com/course/cs387

Udacity also has a applied cryptography, I haven't tried. but it's good if someones has feedback.

eroo
[1] is starting next week and I was considering spending time on it. I'd really appreciate any feedback from those who have taken it!
JoachimSchipper
I have heard good things about [2] from colleagues. Also, Boneh is a capable cryptographer.
lvh
(Author here.)

I've taken Dan's crypto class ([2]), so I think I can weigh in.

Obvious difference: not organized as a MOOC. Whether that is good or bad is up to you.

Focus difference: I think Crypto 101 is targetting applied crypto more, whereas the Coursera classes take a more classical introduction. There is nothing wrong with either approach, in my opinion. Just a difference in focus.

spand
[3] has never been available while this seems only temporarily unavailable.
Mar 19, 2014 · TrainedMonkey on Crypto 101
Both coursera and udacity have amazing courses on crypto.

Udacity: https://www.udacity.com/course/cs387

Coursera crypto I: https://www.coursera.org/course/crypto

Coursera crypto II: https://www.coursera.org/course/crypto2

I took coursera crypto I myself. It was a lot of work, but I learned a ton.

agwa
Good luck trying to take Coursera's Crypto II: I've been signed up since August 2012, and every 3-6 months it has been delayed another 3-6 months. At this point I'm no longer expecting it to be offered.

Crypto I is not vaporware and is excellent.

B-Con
I have hopes for Crypto II. Based on Crypto I, Boneh likes to do a good job with the course and being who he is, he's probably just incredibly busy (the original Crypto I itself had two minor delays in the middle of the class), so it keeps getting postponed. I wouldn't be surprised to see it materialize eventually.
dethstar
Makes you wonder why aren't online classes kept, at least a year or something, in case the information is out of date (for technology)?
epsylon
That's because the staff needs a schedule similar to the academic schedule so they can answer questions, correct things, participate in the forum discussions...

Crypto I has been offered several times though (at least 4 or 5). If you ever signed up for one of the offerings, you can still access to the full course (videos, lectures, and I think even the automated grader) as well as the forums (but the forum activity usually fades down after the end of the course).

krick
It's not because of some practical reasons, just university policies.
TrainedMonkey
Udacity has a model in which every class is self paced and they have not deleted a single one since uploading them.
JosephBrown
This is my favorite feature that Udacity has and the others don't.
agwa
I'm not sure what you're saying. As far as I know, Crypto II has never been offered, so the problem is probably that they haven't developed any course material for it.
Jan 22, 2014 · 8 points, 2 comments · submitted by midas007
ropman76
Crypto I is great course and I recommend to anyone one who wants to know more about how crypto works.
midas007
Crypto I was very well put together, Crypto II has a high threshold to maintain [0]

References:

[0] https://www.coursera.org/course/crypto

I'm taking Stephen Boyd's Convex Optimization: https://class.stanford.edu/courses/Engineering/CVX101/Winter...

This class was one of the early courses with online videos and materials. I think this will be great if you are interested in learning about convex optimization in some detail. This class will be on Stanford's OpenEdx platform with new materials.

Dan Boneh is teaching a two part sequence on cryptography: https://www.coursera.org/course/crypto1 https://www.coursera.org/course/crypto2

The practical exercises in part I worked through defects in the implementations of cryptographic protocols. If you want to really understand how some of the popular crypto algorithms work, these two courses will help you.

Try Dan Boneh's crypto course on coursera [1]. It covers quite a lot of ground, both practical and theoretical, and includes programming exercises similar to the matasano puzzles. Without a doubt it's one of the best courses of the dozen MOOCs I've taken. There's also a followup course [2] (I haven't taken it yet personally, but I believe the currently scheduled run will be the first).

Interestingly enough, there's also an upcoming security course (with no date planned yet) which will cover the application programming part of security and will be co-taught by him. [3]

[1] https://www.coursera.org/course/crypto [2] https://www.coursera.org/course/crypto2 [3] https://www.coursera.org/course/security

cryptbe
Glad that you like Dan Boneh's crypto class. I made the programming exercises :-).
StavrosK
They were very well done, and I loved the course overall, so congrats. I like how Dan knows how to preemptively answer every question I had.
Wow. I'm even happier to have completed it then!

Agreed, it was a great course. Looking forward to the sequel in early April. https://www.coursera.org/course/crypto2

Nursie
Thanks fr the reminder, must get involved in that, it's fascinating stuff.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
HN Academy is an independent project and is not operated by Y Combinator, Coursera, edX, or any of the universities and other institutions providing courses.
~ [email protected]
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~