[Cryptography] What to put in a new cryptography course

[Stephan Neuhaus]

On 2016-07-07 16:09, Thierry Moreau wrote:
> On 06/07/16 04:47 PM, Stephan Neuhaus wrote:
>> On 2016-06-23 06:33, Phillip Hallam-Baker wrote:
>>>
>>> Some of the points I am planning to make are: [...]
>>>
>>> * Complexity is the enemy of security.
>>
>> Depending on what you mean by that, the evidence for this is pretty thin.
>
> To some extent, you just provided a bit of evidence:

I don't think I did. I was obliquely referring to studies that claim to 
have found a link between complexity (as expressed by a metric) and 
vulnerability, but the metrics were very very weak. (The study is by 
Laurie Williams et al, and the correlations were on the order of 0.2. 
It's one of the few studies in the field.)

>> Other than that, I've tried to find a way to teach ECC, but couldn't, at
>> least not at the undergrad level.
>
> If the ECC complexity may hardly be understood by ordinary computer
> security specialists, then its security rests mainly in the reputation
> of more expert minds. Security by reliance on someone else expertise ...
> the danger is when such reliance is recursive to a more or less well
> identified small group of experts.

You mean like the complexity (and security) of AES?

> More worrisome for the original post question, if/when you teach that
> ECC is a trend to follow, you might imprint this behavior of reliance on
> someone more expert for the security system principles.

We teach RSA with a high-level hand-waving explanation of why we think 
it's secure. We teach AES on the same principles. We even teach (not 
necessarily endorse) GCM, Gods help me. If we insisted on not teaching 
ANYTHING where we would have to rely on experts, then we'd have to leave 
out the whole of (modern) crypto.

Cheers,

Stephan