Colorado State University Pueblo
CIS 491 — Special Topics, Introduction to Cryptology: Basics to Blockchains — Spring 2021

Here's a link to the course schedule page with homework assignments.

Basic facts:


Class meets:

Never... this is an entirely online class.

But there will be plenty of opportunities for synchronous discussion, work, and consultation.

Office Hours:

In your instructor's Zoom room usually M-F 10am-11am or, by appointment, pretty much any other time.

These are great times just to drop in and chat, or to ask specific questions, or simply to work with your instructor and other classmates all together. Note that it is perfectly acceptable to make appointments for these synchronous meetings at just about any time that works for you: evenings and weekends are no obstacle, we all have complex lives these days, and hopefully we will all provide each other with the maximum possible flexibility to support each other.


Jonathan Poritz

Lots of information about your instructor, if you are interested, on that page (the name is a link).

Instructor's Office:

LARC 325

But during the pandemic, your instructor is working from home so will essentially never be in that office.

Instructor's E-mail:

Or, if you prefer, you could use or

Instructor's Phone:


Which rings in your instructor's campus office, which will be empty during the pandemic! So feel free to use your instructor's private cellophone instead, which is (719) 357-MATH.

This Course, In General:


Catalog Entry for This Course:

"CIS 491 Special Topics (1-5 V)
Study of new and emerging topics and technologies in the computing field. May be repeated for credit. Prerequisite: Junior or senior standing. (F, S, SS) Repeatable (9). "
This requires some explanation....


That "(1-5 V)" in the catalog entry means that each time this course is offered, it may have between one and five credits. The "Repeatable (9)" means that while you may retake CIS 491 if it is offered in the future, you may earn a maximum of nine credits total, out of all of the times you take it.


Junior or senior standing is required for this special topics course.

Course Content/Objective:

The Catalog says " and emerging topics and technologies in the computing field..." but that's only partly correct, as now will be explained.

This Course, Specifically In Spring 2021:


How Many Credits?:

For the Spring 2021 Cryptology version, CIS 491 is being offered with three credits. To earn these credits, you are expected to spend at least three hours per week on consuming readings and videos and an additional twice as much time in writing, researching, and programming for the weekly projects.

Which "new and emerging topics and technologies in the computing field"?:

This Spring 2020 version of CIS 491 has the subtitle Introduction to Cryptology: Basics to Blockchains.

Which begs the question of what those fancy words mean....

What Is "Cryptology"?

Some terms of art in this business:

The art of secret writing, from the Greek roots crypt meaning secret or hidden and graph meaning write or draw.
The process of trying to subvert a cryptographic system and thus to figure out, without authorization, what information is hidden by some cryptographic algorithm.
The study of both cryptography and cryptanalysis — that's the subject of this course.
The word "crypto" has come, recently, to be used by enthusiasts of blockchains to stand for "cryptocurrencies," which are blockchains like Bitcoin that are are used to represent some sort of alternative currencies not dependent upon governments. Since, in the opinion of your instructor, cryptocurrencies are a fad which has very little chance of lasting for the long term, "crypto" will not be used in that way, but instead reserved as a shortcut for "cryptology," as traditionally used in the computer science (particularly security) community.

What Is In That Range "Basics to Blockchains""?

The course will start with some simple and older cryptographic algorithms from pre-digital times, to build up the terminology and get some practice writing code implementing a cryptosystem. Because you only know how strong cryptographic system is by attacking it, time will also be spent doing basic cryptanalysis.

More advanced topics will include several of the cryptographic tools used today, including symmetric and asymmetric ("public-key") systems, cryptographic hashes, digital signatures, key exchange, etc. A beautiful culminating example is the data structure of a blockchain, which puts together many of those individual pieces in one intoxicating stew.

Why Study This Material?

Already in pre-digital times, wars were won or lost and political change occurred because of the security or insecurity of secret writing. In the world of the Internet, it is thanks to cryptography that consumers can safely use their credit cards on the 'net and access their bank accounts, governments and corporations can guard their vital secrets from competitors, and individuals can prove their identities for legal agreements even though they are on different continents.

Operating in a modern, digital world — or managing a business that has a digital presence — without understanding the basics of cryptography would be like trying to live or manage a business during a global pandemic without understanding the basics of the germ theory of disease. You could do it, but it would be likely to get you into a lot of trouble.

If you don't mind using a somewhat cheesy metaphor, doing anything on the Internet without a good knowledge of cryptology amounts to driving on the information superhighway without a seatbelt....

Specific Prerequisites, Spring 2021:

It will be assumed that all students have a fairly solid comfort level with programming, such as would come from one or two semesters of Java or perhaps self-teaching and then applied experience. A large majority of student work in this class will revolve around students producing pieces of functioning code for various tasks, so this requirement is not really open to much flexibility.

What is flexible is how you have acquired this comfort with programming: you might have taken one of a variety of different kinds of programming course at CSUP, or elsewhere, or be self-taught — just talk to your instructor to make sure, if you have any questions.

Organizational and Procedural Details, Specifically In Spring 2021:


Textbook(s) and other required materials:

A variety of resources, including readings and videos, will be linked off of the course schedule page, and you will be expected to read/watch and then to respond to them. These resources will all be open or at least free, because your instructor feels that commercial textbooks are insanely over-priced. What is called "the course textbook" in Blackboard assignments, an open resource being written by your instructor for this particular class, is called Open Workbook of Cryptology (and can be found at that link).

The distinction here between open and free is that open resources are both free and are either in the public domain or were released under an intellectual property license which permits re-use and modification. A free resource, on the other hand, can be consumed (usually online), but cannot be (legally) copied or modified.

Structure of the Course:

Each Monday (hopefully no later than noon), links to new material will drop on the course schedule web page. Along with that material will be an assignment based on the new ideas and terminology, always with (small) written components (Reading Responses) and (larger) programming components (Coding Tasks). Usually there will also be other, optional activities (Bonus Tasks) including additional programming tasks, research, etc.

These weekly projects will be highly structured, so students should be able to complete them by making a series of modest steps which together yield the entire weekly goal. Students are encouraged to work together and to call upon the instructor frequently for suggestions or help when they get stuck. It is expected that all students will be able to complete all main weekly projects: don't give up if you get stuck, just reach out to your instructor!

Hardware and Software Students Will Use:

It is inarguable that this course will be very hard (or impossible) to do if you do not have a computer (with Internet access) you can use for programming, writing, researching, and communicating with classmates and your instructor. If you do not have easy access to such a machine, please contact your instructor immediately and every effort will be made to find a machine for you to work on.

In terms of software: your instructor uses Linux. Therefore, please do not submit work which can only be viewed or executed in a proprietary operating system such as Windoze or Mac. In particular, there are Linux tools to read .docx and .xlsx files, but there seems to be no way in the FLOSS world to read .pub files so definitely avoid those.

All serious computer security practitioner use Linux for their own machines: why would one use a proprietary system under the control of some distant corporation, running commercial programs whose security must simply be trusted? Much better to use an operating systems and applications programs that are FLOSS [which is the acronym for "free/libre/open-source software," a better term than the more common "open-source software"].

Computer Languages

Your instructor will use Python for demonstrations and examples of code to do various tasks. If you know Python, it would probably be good for you to use it, too. If you don't know Python, it's a very friendly and powerful language — this might be a great chance to learn it! Learning Python in the context of this course should be quite easy if you know any imperative programming language like Java, C, C++, Javascript, etc.

If, on the other hand, you do not want to work in Python, you may do your work in whatever language you prefer, within reason. Your instructor is happy to work in almost any imperative language that runs under Linux. (Well, C# can be made to run under Linux, but it's apparently not easy and your instructor strongly discourages that choice.) Functional languages (such as Haskell or Clojure) should also be avoided, since they are different enough from the Python that your instructor will be using in class demonstrations.

Please discuss issues about computer languages and platforms with your instructor if you have any concerns. In particular, your instructor is happy to have extra sessions to help students with language issues or with installing or using a software platform.


We will use an approach called specifications grading in this course. The hope is that this approach gives students maximum control over the outcome they will get in the course, making it perfectly clear how much must be done to achieve particular grades and reducing stress There is a large literature of pedagogical research which has conclusively shown that grades reduce how much students learn, how much they retain, and their interest level in the subject they are studying. Approaches such as specifications grading, and other systems in the so-called ungrading movement, seem to do exactly the opposite, which is why we employ that approach in this class.

Specifications grading will work as follows in this class: there are three categories of work you can turn in for the class: Reading Responses, Coding Tasks, and Bonus Tasks. Your instructor will give you feedback on the content of your work on all assignments, and will give each assignment a grade:
Grade Meaning
Not submitted Exactly what it says: nothing has been submitted for that assignment.
In Progress Something was submitted, but it seems to be (accidentally?) missing a major part, as will be explained in the instructor feedback, and you are encouraged to resubmit a more complete version. This grade will be given vary rarely, and only if a very significant part of the assignment is missing.
Excellent! Work was submitted and substantially covers the assignment — code runs, reading comments are on topic and show you have done the reading, etc. Note that the work does not have to be perfect to get this work (although perfection is nice), it just much show that the student is engaged with the work, attempted every part of the assignment, and asked for help when stuck. This will be the grade on all submitted work, with very rare exceptions.

The "specification" part of specifications grading has to do with how many of each type of assignment you must complete (at the Excellent! level) in order to get a particular final grade. The cut-offs for grades are as follows:
Final Letter Grade Reading Responses Coding Tasks Bonus Tasks
A 80% 80% 2
B 70% 70% 1
C 60% 60% 0
D 50% 50% 0
F <50% <50% 0
In other words, to get a B, you must get Excellent! (basically, turn in complete assignments) on at least 80% of your Reading Responses, at least 80% of your Coding Tasks, and at least one Bonus Task. Similarly for the other letter grades.

If you have two assignment categories which meet the cut-offs for some letter grade (e.g., B) but the remaining assignment category only meets the cut-off for the next lower grade (C), then you will get the higher letter grade but with a - (so, B-).

If, on the other hand, you have two assignment categories at the cut-off for some letter grade (e.g., B) and the third assignment category is at a higher cut-off, you will get that letter but with a + (so, B+).

If you are interested in reading some of the research on ungrading, your instructor will be happy to give you links to some papers on the topic. Additionally, if there is anything about the specifications grading approach to be used in this class, feel free to ask by email or in a annotation on this web page.

Due Dates, Revisions

Each assignment in Blackboard has to have a due date. Most such dates will be set to the following Monday at noon, for assignments that drop (on a Monday) with the week's material. But you may submit any assignment at any time and it will have no effect on your grade. The only meaning of the due date, in fact, is: if you turn in your work before or within a couple of days after it's official due date, your instructor will get you feedback on that work within a few days of the due date; work turned in at other times maybe sometimes have a slightly longer delay on getting feedback.

Some Required (But Nevertheless Important) Declarations:


Academic Dishonesty:

Academic dishonesty is any form of cheating that results in students giving or receiving unauthorized assistance in an academic exercise or receiving credit for work which is not their own. In cases of academic dishonesty, the instructor will follow protocol as identified by their department. Academic dishonesty is grounds for disciplinary action by both the instructor and the Director of Student Conduct and Community Standards. Any student found to have engaged in academic dishonesty may receive a failing grade for the work in question, a failing grade for the course, or any other lesser penalty which the instructor finds appropriate. To dispute an accusation of academic dishonesty, the student should first consult with the instructor. If the dispute remains unresolved, the student may then state their case to the department chair (or the dean if the department chair is the instructor of the course). A student may appeal a grade through the Academic Appeals Board, if eligible.

Academic dishonesty is a behavioral issue as well as an issue of academic performance. As such, it is considered an act of misconduct and is also subject to the University conduct process as defined in the CSU-Pueblo Student Code of Conduct. Whether or not disciplinary action has been implemented by the faculty, a report of the infraction should be submitted to the Office of Student Conduct & Community Standards who may initiate additional disciplinary action. The decision by the Office of Student Conduct & Community Standards may be appealed through the process outlined in the Student Code of Conduct.

You know what cheating is. Don't do it. While working together is encouraged in this class, as is consulting the wild and wonderful Internet, don't claim credit for work you didn't do. If there is any question about what might be OK and what might not, simply ask your instructor.


If you have a documented disability that may impact your work in this class and for which you may require accommodations, please see the Disability Resource & Support Center (DRSC) as soon as possible to arrange services. The DRSC is located in LARC 169, and can be reached by phone (719-549-2648) and email (

Mandatory Reporting:

Colorado State University Pueblo is committed to maintaining respectful, safe, and nonthreatening educational, working, and living environments. As part of this commitment, and in order to comply with federal law, the University has adopted a Policy on Discrimination, Protected Class Harassment, Sexual Misconduct, Intimate Partner Violence, Stalking, & Retaliation. You can find information regarding this policy, how to report violations of this policy, and resources available to you, on the Office of Institutional Equity’s website (

Please familiarize yourself with the reporting requirements of this policy. Because your instructor is a faculty member, he is a "Responsible Employee." That means he has to report to the Director of the Office of Institutional Equity if you tell him that you were subjected to, or engaged in, of any of the following acts: discrimination, protected class harassment, sexual misconduct, intimate partner violence, stalking, and retaliation.

Some Required Declarations In These Pandemic Times:


Welcome back to spring 2021!

The current global situation continues to affect changes in Colorado and on campus as we start spring semester. The university is continuing its work to ensure educational excellence for all students. Updates to campus operations are communicated by campus email, on the website and through social media.

Health & Safety:

When considering the health and safety of our campus community, we require that all students follow proper protocols issued by the University. It is the student’s responsibility to know what these policies are and any changes that may be occurring. Students who fail to follow protocol and guidelines will be referred to the Office of Student Conduct and Community Standards and will need to remove themselves from the classroom.

The policies related to this requirement can be found at and See Campus website for current coronavirus details:

Students in need of accommodations, or those seeking an exception to this policy, will need to contact the Disability Resource and Support Center at

Counseling Resources:

The Student Counseling Center is available for you at no cost for individual therapy online via ZOOM, in person or by phone. They can help with depression, stress, anxiety, homesickness, test anxiety, ADD, bipolar disorder and most other issues. They also provide Acudetox (ear acupuncture) for free.
Please call 719-549-2838 Monday through Friday from 8am to 5pm for an appointment.

More Humane Thoughts On Education In These Pandemic Times:


Humanity, Flexibility, and Mutual Support:

We are all going through an incredibly stressful time on many levels.

We are all whole humans, not merely learning (or teaching) machines: it is nearly impossible to be a successful student if you are worried about getting nutritious meals. Or about where you will sleep. Or about a sick relative. Or if you have to work extra hours to help support your family, Or if you have to do unexpected home childcare or schooling for a young relative. Or any of a host of other issues that could come up.

But there is a supportive network around you that wants to help you achieve your goals. By all means, if you are having difficulties of any sort, speak to the Counseling Center, the Dean of Students, or your instructor if there is anything you need. Certainly if there is any activity or policy in this course that could be better adapted to your life, don't hesitate to talk about it with your instructor.

How About Some Visuals for "Cryptology?"

Enigma Machine A16672
The Enigma Machine, used by Nazi U-Boats to communicate securely with their superiors on land.
Bletchley Park Bombe4
The Bombe cryptanalysis computer developed by Alan Turing, which broke the Enigma code.
XKCD comic with panels 'A crypto nerd's imagination' and 'What would actually happen'
XKCD's cynical view of cryptologists' imagination vs. reality.
U-Boats, or submarines, were used by the Nazi's to attack supply and troop ships crossing the Atlantic, with devastating success. When Turing's team cracked the Enigma code, they could listen in on the orders given to U-Boat captains, and so supply convoys could avoid the U-Boats. It is estimated that this shortened World War II by two or three years, and thus saved something like 14 to 21 million lives.