4003-482-01/4005-705-01 Cryptography
Undergraduate Team Project

Investigation
Team Formation
Team Proposal
Team Deliverables
Team Presentations
Grading
Absences
Late Submissions
Plagiarism

The team project is to implement, analyze, and speed up the implementation of a cryptographic function.

1. You must pick a cryptographic function, either a block cipher, a stream cipher, a one-way hash function, or a message authentication code (MAC).

   1. Each team must pick a different function. As team proposals are submitted, I will post links to them on the course web site so you can see what other teams have picked. If you pick the same function as another team who submitted their proposal earlier, I will not accept your proposal and you will have to pick a different function.

   2. You are not allowed to pick a function covered in class. Why? Because one of this project's objectives is to expose you to additional functions beyond those covered in class. The following functions will be covered in class and are prohibited:
      • Block ciphers -- AES, DES, PRESENT, Threefish, Triple-DES
      • Stream ciphers -- RC4, Salsa20, Trivium
      • Hash functions -- CubeHash, MD5, SHA-1, SHA-2, Skein
      • MACs -- SipHash

   3. You are not allowed to pick a public key algorithm, or any algorithm that requires big-integer arithmetic. Why? Because it is too difficult to implement such algorithms in a way that permits achieving one of this project's objectives, namely improving the algorithm's performance.

   4. To find a cryptographic function that interests you, I suggest scanning books in the library or listed in the Bibliography. The Handbook of Applied Cryptography and Applied Cryptography, 2nd Edition are especially useful as sources of ideas.

2. You must write an implementation of your function's algorithm. I will be showing examples in class.

   1. You must implement your function from scratch, based on its published specifications. You may not use any existing implementation as part of your project.

   2. You may use whatever language you wish. However, you must be able to generate a running time profile of your program (see below).

   3. For a block cipher, your function must implement this Java interface or its exact equivalent in another language: BlockCipher.java (download)

   4. For a stream cipher, your function must implement this Java interface or its exact equivalent in another language: StreamCipher.java (download)

   5. For a hash function, your function must implement this Java interface or its exact equivalent in another language: HashFunction.java (download)

   6. For a MAC, your function must implement this Java interface or its exact equivalent in another language: Mac.java (download)

3. You must write a program to measure the running time of your function's implementation. I will be showing examples in class.

   1. The measurement program must access the function solely through the interface specified above.

   2. For a block cipher, the measurement program must set an all-zero-byte key, perform N encryptions of an all-zero-byte plaintext block, and report the total running time. N must be specified by the user.

   3. For a stream cipher, the measurement program must set an all-zero-byte key and/or nonce, encrypt a series of N zero bytes, and report the total running time. N must be specified by the user.

   4. For a hash function, the measurement program must hash a series of N zero bytes, compute the message digest, and report the total running time. N must be specified by the user.

   5. For a MAC, the measurement program must set an all-zero-byte key, hash a series of N zero bytes, compute the message digest, and report the total running time. N must be specified by the user.

4. You must use the measurement program to measure the running time of your function's implementation, including a running time profile.

   1. I will be discussing in class how to do running time measurements and profiles. However, I only plan to describe how to do it in Java. If you use another language for your implementation, you'll have to figure out for yourself how to do running time measurements and profiles in that language.

   2. You must specify N, the number of repetitions, so that the total running time is at least 100 seconds.

5. You must change all or part of your function's implementation to reduce the running time.

   1. You must analyze the running time profile and change the lines of code where the implementation is spending most of its time. It is not acceptable to just guess at what to change without using evidence from the running time profile.

   2. You must change the function's implementation from Step 2, not the measurement program from Step 3.

6. You must use the measurement program to re-measure the running time of your function's changed implementation, including a running time profile, to verify that your changes did in fact reduce the running time.

   1. You must use the same value of N as in Step 4.

7. You must write a program to perform your function on the contents of a file. I will be showing examples in class.

   1. The program must access the function solely through the interface specified above.

   2. For a block cipher or stream cipher, the program must encrypt or decrypt the contents of the input file, storing the result in an output file. The input file, output file, key, and nonce must be specified by the user.

   3. For a hash function, the program must print the digest of the contents of the input file. The input file must be specified by the user.

   4. For a MAC, the program must print the digest of the contents of the input file. The input file and key must be specified by the user.

40% of the graded work for the course will be done in a two- or three-person team. You get to pick your own partners. You must do the following by 11:59pm Thursday 14-Mar-2013:

1. Pick your partners. I would strongly prefer three persons on each team. I will accept two persons on a team if necessary; for example, if N ≢ 0 (mod 3), where N is the number of undergraduate students in the class.

2. Pick a name for your team.

3. Set up a web site for your team. You may use the web site in your CS account (public_html directory) or another publicly accessible web site. The web site should list the team name and the team members.

4. Post your team proposal on your web site. See Team Proposal below.

5. Send me an email giving the team name, the names of the team members, the email addresses of the team members, and the URL of the team web site.

Team formation is worth 4% of your final course grade. If you complete the above steps by the deadline, you will get 4%. Otherwise, you will get 0%; furthermore, I will assign you arbitrarily chosen partners.

Write a proposal for your team project. The proposal must be at most two pages long. The proposal must be in the form of a PDF file. Post the proposal on the home page of your team web site. The proposal must include the following information:

1. The cryptographic function you will implement.

2. Complete citations to the function's published specifications.

3. Complete citations to any other papers, books, web sites, etc. with information about your function that you plan to use.

I will not accept your team proposal unless it appears on the home page of your team web site. I will not drill down past the home page to try to find your team proposal. If your web hosting provider doesn't let you put documents on the home page, host your web site somewhere else.

You must post the following items on the home page of your team web site. These team deliverables will be graded and must be posted by 11:59pm Thursday 02-May-2013.

• A final report, in the form of a PDF file, including:
  • A description of the algorithm(s) of your cryptographic function, including plenty of diagrams to show how the algorithm(s) work.
  • Examples of inputs and outputs of your two programs.
  • Source code for your original cryptographic function implementation.
    • The source code must appear in the PDF file.
    • The only source code included must be the class or classes that implement the cryptographic function interface specified above.
    • The source code must be annotated with comments that clearly and completely describe what each part is doing.
  • The original running time measurements and profile of your software.
  • An analysis of the original measurements, identifying changes that would reduce the running time.
  • Source code for your revised cryptographic function implementation.
    • The source code must appear in the PDF file.
    • The only source code included must be the class or classes that implement the cryptographic function interface specified above.
    • The source code must be annotated with comments that clearly and completely describe what each part is doing, and that point out what was changed from the original version.
  • The revised running time measurements and profile of your software.
  • An analysis of the revised measurements, describing the effect of the changes.
  • A developer's manual for your software (i.e. exact instructions for how to compile the software).
  • A user's manual for your software (i.e. exact instructions for how to run the software, how to use the UI if any, etc.).
  • A discussion of what you learned from the project.
  • A discussion of possible future work.
  • A statement of what each individual team member did on the project.
  • List of references.

• All software design descriptions, source code, test cases, input files, output files, test results, and so on that you developed during your investigation. These must be posted in a single archive file, either a JAR file, a ZIP file, or a TAR GZIP file.

I will not accept your team deliverables unless they appear on the home page of your team web site. I will not drill down past the home page to try to find your team deliverables. If your web hosting provider doesn't let you put documents on the home page, host your web site somewhere else.

The team will give two presentations in class, one during week 6, the other during week 10, as shown on the Course Schedule. Specific dates and times for each team's presentations will be assigned later. The presentations will cover the same material as in the team report.

For each presentation, the team must give prepared slides (using PowerPoint, OpenOffice, or the like) and must respond to questions from the audience. All team members must participate in the presentation. The team must also post the prepared slides on the home page of the team web site before giving the presentation in class, along with any other supporting materials. The prepared slides must be posted in the form of a PDF file. You may also post the prepared slides in other formats.

You will project your slides using the classroom's PC projector. You may use your own laptop. If you don't have a laptop, borrow one.

Cover the following items in your first presentation. You will have a maximum of 15 minutes for your presentation.

• Introduce the team members.
• Describe the algorithm(s) of your cryptographic function. Include plenty of diagrams to show how the algorithm(s) work.

Cover the following items in your second presentation. You will have a maximum of 15 minutes for your presentation.

• Introduce the team members.
• Briefly describe your cryptographic function.
• Describe the source code for your original cryptographic function implementation.
• Give the original running time measurements and profile of your software.
• Give an analysis of the original measurements, identifying changes that would reduce the running time.
• Describe the source code for your revised cryptographic function implementation.
• Give the revised running time measurements and profile of your software.
• Give an analysis of the revised measurements, describing the effect of the changes.
• Discuss what you learned from the project.
• Discuss possible future work.

20% of your final course grade is based on the quality of your team's results as recorded in your team's final deliverables posted on your team web site. All team members will receive the same grade for results. I will grade the deliverables as follows:

• [28 points] Team Report
  Each of these items will be assigned points as follows:
  2 = Satisfactory
  1 = Needs improvement
  0 = Missing
  • A description of the algorithm(s) of your cryptographic function
  • Examples of inputs and outputs of your two programs
  • Source code for your original cryptographic function implementation
  • The original running time measurements and profile of your software
  • An analysis of the original measurements
  • Source code for your revised cryptographic function implementation
  • The revised running time measurements and profile of your software
  • An analysis of the revised measurements
  • A developer's manual for your software
  • A user's manual for your software
  • A discussion of what you learned from the project
  • A discussion of possible future work
  • A statement of what each individual team member did on the project
  • List of references
• [10 points] Software deliverables (source code, etc.)
  10 = Satisfactory
  8 = Needs minor improvements
  6 = Needs major improvements
  0 = Missing
• [38 points] Total

16% of your final course grade is based on the quality of your two team presentations. All team members will receive the same grade for each presentation. I will grade each presentation on a scale of 0 to 10 points, with 10 = outstanding, 1 = unacceptable, and 0 = absent. However, if your prepared slides are not posted on the home page of the team web site in the form of a PDF file before giving the presentation in class, I will deduct 5 points from your team project presentation grade.

I will add your grade for each presentation and the deliverables, along with any comments I have, to your encrypted grade file. See the Course Policies and the Encrypted Grades for further information.

If you are absent from class when one of your team presentations is scheduled, you will receive a grade of zero for the presentation unless before the start of the class when the presentation is scheduled you make an alternate arrangement with me. I am normally willing to permit this only for absences due to illness or unforeseen personal emergency. However, if you feel you have a valid reason for your absence, please discuss it with me. Appointments, job interviews, career fairs, vacations, trips home, and other scheduled activities are not valid excuses for absence. You have an obligation to this course, and you must schedule other activities so as not to interfere with class sessions.

If your team deliverables are not posted on your team web site by the deadline, your team deliverables will be late and will receive a grade of zero. You may request an extension for posting your team deliverables. See the Course Policies for my policy on extensions.

The team proposal, team presentations, and team deliverables must be entirely your team's own work. I will not tolerate plagiarism. If in my judgment any team product is not entirely your team's own work, you will automatically receive, as a minimum, a grade of zero for the assignment. See the Course Policies for my policy on plagiarism.

Cryptography • 4003-482-01/4005-705-01 • Spring Quarter 2013

Course Page

Alan Kaminsky • Department of Computer Science • Rochester Institute of Technology • 4486 + 2220 = 6706

Home Page

Copyright © 2013 Alan Kaminsky. All rights reserved. Last updated 01-Mar-2013. Please send comments to ark­@­cs.rit.edu.