Final Project

There are three options for the final project. Each gives students the opportunity to explore an aspect of cryptography in greater depth. You only need to do one of these. You may work with a partner on the project. The projects are described below.

Important Dates:
Monday Week 9: Commit to one of the options. Submit your choice on this form: Link TBD.
Friday Week 10: Program demonstrations, research presentations during class.
Monday Week 11: Final due date. All write-ups, papers, presentations, program are due by 11:59 PM.

Virtual Election Booth

Read Section 6.1: Secure Elections in Applied Cryptography, 2nd Edition, by Bruce Shneier, 1996. This project implements the secure election protocol for Voting with Two Central Facilities described in this document. (You may find the document in Kit.) The implementation will provide a secure way for people to vote online, which eliminates the hassle of physically being present at designated election locations. Since computerized voting will not replace general elections unless there is a protocol that both maintains individual privacy and prevents cheating, the ideal protocol must meet these requirements:

Only authorized voters can vote.
No one can vote more than once.
No one can determine for whom anyone else voted.
No one can duplicate anyone else's votes.
No one can change anyone else's vote without being discovered.
Every voter can make sure that his vote has been taken into account in the final tabulation.
And sometimes:
Everyone knows who voted and who didn't.

Your design should use two central facilities: Central Tabulating Facility (CTF) and Central Legitimization Agency (CLA). CLA's main function is to certify the voters. Each voter will send a message to the CLA asking for a validation number, and CLA will return a random validation number. The CLA retains a list of validation numbers as well as a list of validation numbers' recipients to prevent a voter from voting twice. Then, the CLA completes its task by sending the list of validation number to the CTF. CTF's main function is to count votes. CTF checks the validation number against the list received from the CLA. If the validation number is there, the CTF crosses it off (to prevent someone from voting twice). The CTF adds the validation number to the list of people who voted for a particular candidate and adds one to the tally. After all the votes have been received, the CTF publishes the outcome.

Your program should create a simulation of this protocol, in which the election runs for a given amount of time, and users communicate with the CLA and CTF Of course, all messages passed between the various parties should be encrypted and signed, to prevent someone from impersonating someone else or intercepting transmissions. Encryption should be done using AES (with CBC or CTR mode) and signing should be done using RSA. You may work with a partner. You may want to consider choosing a partner based on more than just who you are friends with since you all have different experiences to contribute - some of you are better at understanding specifications and translating them into algorithms to be coded, some of you are better at testing code, some of you may never be able to find times to meet, etc.

Your program should be well-documented, which includes, but is not limited to:

Program documentation: name(s) of group members, program description, purpose, etc, at the beginning of each file,
Comments before every function,
Comments inside more complex functions that need explanations.

You must include a Read-Me file (just a text file called ReadMe.txt would be fine) along with your program, giving instructions on how to run your program and any restrictions or limitations to be considered.

Exploring Elliptic Curve Cryptosystems

The goal of this project is to gain a basic understanding of Elliptic Curve Cryptography (ECC). In order to do this, you will need to understand how to work with points on an elliptic curve over a finite field of p elements. The first part of this project will have you work through the necessary mathematics; the second part will have you explore key exchange and digital signatures using elliptic curves.

Part 1: Background Mathematics

Read Section 9.1 to learn how to compute with elliptic curves.
1. (Paar) Problem 9.2 part 1.
2. (Paar) Problem 9.3.
Read Section 9.2 to understand the discrete log problem with elliptic curves.
1. (Paar) Problem 9.5.
2. (Paar) Problem 9.7 part 1.
3. Explain how the Double-and-Add algorithm for point multiplication is similar to the Square-and-multiply algorithm for modular exponentiation.

Part 2: Key Exchange and Digital Signatures

Read Section 9.3 to explore the Diffie-Hellman Key Exchange with elliptic curves.
1. Work through (Paar) Problem 9.9, showing your work at each step.
Read Sections 9.4, 9.5, 9.6 for further information on the security and implementation of elliptic curve cryptographic systems.
Read Section 10.5 to learn about the Elliptic Curve Digital Signature Algorithm (ECDSA).
1. Work through (Paar) Problem 10.16 part 1, showing work at each step.
Summary: Write a few paragraphs reporting on the current status of ECC. (What size keys are being used, who is using it, what (if anything) it is being used for, etc). Describe several pros and cons of using ECC over RSA. Cite any sources you use.

Research of Cryptographic Topic

Choose a topic in cryptography and security that we have not discussed in detail in class. This could be another encryption scheme, quantum cryptography, other hash functions, Kerberos, SSL, wireless network security, electronic mail security, cloud security, etc. There are numerous topics to choose from. If you need help in finding an idea, the following link of student resources textbook Stalling's Student Resources has numerous links to outside readings and research, organized by chapters of William Stalling’s cryptography book, “Cryptography and Network Security”. Research this topic and write a 5–7-page paper on this topic or prepare a 15-minute presentation.

Paper option: The paper should be neatly typed (double-spaced) and readable. It should be written with your classmates in mind. Anyone from our class should be able to read your paper, understand it, and learn something new. You should use a variety of resources. I suspect most of your references will come from online sources, but please make sure they are credible sources. Your paper should be a research paper, which means you will be reporting what you find in the literature, not giving your opinion on the topic. You may include some of your own thoughts at the end of the paper, when summarizing and thinking about where this topic goes in the future. Your paper should include a list of references used.

Presentation option: Your slides should be neat and contain the points you’d like to discuss. They should have minimal typos. Your audience is your classmates, so you may assume they know concepts we’ve covered in class. (This should help in terms of how much background you need to discuss.). You will be reporting on what you find in the literature, not giving your opinion on the topic. You may include some of your own thoughts in the conclusion. Your presentation should include a list of references used.

Grading of papers/presentations will be based upon substantive content and appropriate organization. Multiple errors in grammar and spelling are unprofessional and detract from the clarity of your paper/presentation and will be graded accordingly, so use a spell checker!

NOTE: Plagiarism is stealing or passing off the ideas or words of another as one's own -- using material without crediting the source. This is prohibited behavior and will not be tolerated. Take the time to properly cite material written by someone else -- include references, put verbatim quotes in quotation marks, and do not paraphrase excessively. If you have questions about this, ask me.