This brings us to the end of the six weeks course. I had a lot of fun teaching this

course and I hope you enjoyed it too. I really love this material and I always

enjoy teaching it. Before we say our farewells, please do a quick review of the

topics that we discussed and see what's left to cover. So here's a brief diagram

of the primitive that we discussed in the class. If you remember in week one we

started off by discussing pseudorandom generators and stream ciphers. In week two

we talked about block ciphers and we said that the right way to think about block

cipher is as pseudorandom permutations and pseudorandom functions. We said that using

counter mode we can convert a block cipher into a PRG. And we said that using the GGM

construction. We can construct block ciphers from pseudorandom generators. Then

in week three, we talked about data integrity. In particular, we talked about

MACs and we looked at various constructions of MACs from pseudorandom

functions like the CMAC, the HMAC, the PMAC constructions and so on. We also

discussed collision resistance and we said that collision resistance can be used for

data integrity where one has access to read-only memory. Basically, you would

hash the data using a collision resistance hash function; write the hash into

read-only memory. And then later, when you want to verify authenticity of your data,

you just compare its hash to whatever is written in read-only memory. Then in week 4

we talked about how to combine integrity and confidentiality, in particular we

kinda talk about to combine encryption and MACs to build what we called Authenticated

Encryption and I told you that really in practice, the only foremost Symmetric

Encryption that you're allowed to use is Authenticated Encryption. Basically,

encryption that's only secure against eavesdropping attacks is not generally

secure, you must always also guard against tampering and as a result, you should only

be using Authenticated Encryption modes to do Symmetric Encryption. So that was the

end of week four. And then for weeks five and six, we switched topics and talked

about key exchange and public key encryption. In particular, in week five we talked

about Trapdoor Functions and the Diffie-Hellman Protocol [within??] the

Mathematics that are necessary to explain how those things work. And then in week

six we talked about how public key encryption can be built from trapdoor functions and,

the Diffie-Hellman Protocol. I wanna emphasize that the key exchange protocols

that we saw in week five are only secure against eavesdropping and should never be

used in practice. In fact in week eight we're gonna see authenticated key exchange

protocols and those are the ones that are actually used in the wild for example in

SSL and other protocols like that. But, the ones that we saw in week five should

never actually be deployed in the real world. The only reason we looked at those

simple key exchange mechanisms was as motivation for trapdoor functions and

Diffie-Hellman groups. Now as you know there are four more weeks to the full crypto

course which we're gonna do at a later time. In week seven we're gonna talk about

digital signatures and how to authenticate data in a way that anyone can verify that

the data is authentic. Then we're gonna talk about authenticated key exchanges as

I said then we're gonna talk about user authentication, how to manage passwords,

one time passwords, challenge-response protocols. Then we'll talk about various

privacy mechanisms. How to authenticate yourself without revealing where you are,

How to sign in a way it doesn't reveal who you are and so on and so forth. And in this part

of the building blocks for some of these mechanisms, actually, we'll talk about

zero-knowledge protocols which is kind of a general purpose tool that's used very

widely in cryptography. But let's just say that crypto goes way beyond this core

topics and in fact, there are many, many more topics that I would love to tell you

about if there was enough time. So I made this kind of a short list here and this isn't

even an exhaustive list. There are many other things that I would like to tell you

about and so if there's enough demand, I might even run an advanced crypto class

which is usually what I do for graduate students which would cover these more

advanced topics but that would actually take place sometime next year so stay

tuned and I will send announcements on when that's coming. So my final words of

course remember my main message from this class. And that crypto is a tremendous

tool but you should always be careful when you use it. If you implement crypto

incorrectly, the system will work perfectly fine. It would be no way to

tell that anything is wrong except when attacker is trying to attack the system,

it might be easily breakable. And so crypto is one of these things where a

little bit of knowledge is quite dangerous. It's quite important to make

sure you get the implementation correctly and one way to do that is to make sure

that always other people review your code and your designs to find any bugs in the

crypto implementation or even more general bugs in the system design. And finally

I'll leave you with these parting words, that you should never ever invent your own

ciphers or your own modes and you should never even implement your own ciphers or

your own modes. Try to stick to the standards as much as possible. Try to

stick to standard implementations of those algorithms as much as possible and if you

have to deviate from that, then just make sure there's sufficient third party review

of what you've done. Okay, so I will say my farewell here. And let me say that

the final exam will be made available on week seven, basically, a week after the

week six lectures become public. The final exam will cover material for all six weeks

and it'll pretty much be the same format as the problem sets. I hope everybody will

do well in the exam and we will send certificates once all those course work is

complete and I hope to see you in the next iteration of this course whenever that's

made available. So farewell, and as always, please submit your comments and

suggestions on the forum. I read all of your posts and they're very, very helpful

in improving the course. Hope to see you in the fall.