Big Ideas of Cryptography

Project description

This project aims to build a “Principles of Cryptography” learning path for secondary school students. We will design and test activities to teach Cryptography’s basic concepts in scaffolded programming environments with a balanced degree of guidance and freedom. We will provide guidelines for adoptions, including pedagogical suggestions on implementation and adaptation. Activities will be designed within a (proposal of a) framework of the “Big Ideas of Cryptography:” fundamental ideas and principles explained to be correct yet understandable by non-specialist teachers and students. The proposal can guide implementation and adaptation to different contexts and age groups. Moreover, it can also provide a basis for further discussion and research on the “Big Ideas” with cryptography and CS education experts.

Unplugged and Block-Based Cryptography in Grade 10

We are designing and implementing extracurricular interventions on cryptography principles in 10th grade.

The details of a first, online-only implementation have been described here.

We used Snap! (a visual programming language) to realize hands-on activities: programming playgrounds to experiment with cryptosystems and their limits, and interactive support for an unplugged activity on the Diffie-Hellman key exchange.

A second, ^face-to-face implementation has been delivered.

A third, ^face-to-face implementation, with a greater focus on ^{interdisciplinarity} between CS and Math has been delivered.

First implementation ^{online only} of the course

4 lessons, 2h each

Day 4

Math of Diffie-Hellman: modular arithmetic, exponential and its inverse, primes and coprimes (and hints at generators)
Diffie-Hellman: key exchange, computational security, person-in-the-middle attack
Asymmetric cryprography: terminology, key pairs properties, non-technical schemes for authentication and secrecy, intuitive idea of one-way function (multiplying vs. factoring)
Putting all together: how intuitively combine asymmetric and symmetric schemes for authentication and secrecy
Homework: satisfaction survey, fill-in-the-blanks assessment

Snap! playgrounds

Snap! interactive simulations supporting (remote-)unplugged activities

Diffie Hellman with colors (for students)

With visible source code (for teachers)

Diffie Hellman with colors and numbers (for students)

With visible source code (for teachers)

Animated slides

Fill-in-the-blanks assessment

Summary of the most important concepts students should have learned, with fill-in-the-blanks questions.

Interactive simulation of a block cipher (in italian)

It is possible to change the message (in green in the first sheet) and the key (in yellow in the second sheet) to see the effects on the bits.

Learning progression to teach crypto principles and ideas through representative systems

The path is designed to teach fundamental cryptography ideas by making students encounter some representative cryptosystems (from classical to modern) and experience their limitations (through hands-on activities), thus the necessity to overcome those limitations (towards more secure systems). Some relevant mathematical concepts underlying cryptography are also addressed (e.g., permutations, modular arithmetic).

Caesar cipher
- Representative for: monoalphabetic substitution ciphers
- Motivations: basic example of sym-crypto; easy to show the typical cryptosystem elements (plaintext, ciphertext, encrypt/decrypt functions, key) and simple attacks; easy to understand and play with it
- Problems to overcome: attackable with both brute-force and frequency analysis
One-time pad cipher
- Representative for: polyalphabetic ciphers (taken to the extreme); perfect secrecy; resistant to both brute-force and frequency attacks (no clues about the key or the plaintext from the ciphertext)
- Motivations: easy as “a different Caesar for each letter”
- Problems to overcome: key-distribution problem; feasibility issues (e.g., one-time, random keys)
Simple Substitution-Permutation network
- Representative for: modern symmetric block cryptosystems (e.g., AES); confusion and diffusion (avalanche effect); efficient implementation; “only” computationally secure
- Motivations: introducing operations on bits; grasping how modern cryptosystems are implemented with computers
- Problems to overcome: the key-distribution problem
Diffie-Hellman key-agreement protocol
- Representative for: shared key generation protocols; groundbreaking solution to the key-distribution problem
- Motivations: understanding how the discrete logarithm (easy to calculate, hard to invert) allows generating a shared secret over a public (insecure) channel
- Problems to overcome: person-in-the-middle attack
Idea of public-key secrecy and authentication
- Representative for: asymmetric cryptosystems
- Motivations: grasping that the properties of certain math functions (e.g., prime factorization) can be used to achieve both secrecy and authentication
- Problems to overcome: computationally expensive
Idea of hybrid cryptosystems
- Representative for: today’s complex cryptosystems
- Motivations: learning that the best of symmetric and asymmetric cryptosystems combine in today’s practice; grasping how relevant modern services (e.g., e2e instant messaging) work
- Problems to overcome: not raised in the course

Research papers

Michael Lodi, Marco Sbaraglia, and Simone Martini. 2022. Cryptography in Grade 10: Core Ideas with Snap! and Unplugged. In Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education Vol 1 (ITiCSE 2022), July 8–13, 2022, Dublin, Ireland. ACM. 10.1145/3502718.3524767. [Preprint].

A research paper describing and analyzing the first implementation of the course.

Michael Lodi, Marco Sbaraglia, and Simone Martini. 2021. Crittografia a blocchi al Liceo Matematico. [Conference Abstract]

An abstract about the first implementation, presented at Cryptography and Coding Theory Conference 2021. Italian Mathematical Union and De Componendis Cifris. In Italian.

Michael Lodi, Marco Sbaraglia, and Simone Martini. Programmare per imparare la crittografia al Liceo Matematico [Full paper]

A full journal paper on the first two implementations. In Italian.