Website: greatly improved materials viewing experience

2025-06-26 13:13:47 +02:00 · 2025-06-26 13:13:47 +02:00 · d5a06032b0
commit d5a06032b0
parent 4b6498ede3
406 changed files with 159269 additions and 184 deletions
--- a/assignments/problem-sets/problem-set-1.tex
+++ b/assignments/problem-sets/problem-set-1.tex
@ -11,7 +11,7 @@
 \section*{Problem Set 1: Provable Security Foundations}

 \begin{tcolorbox}[colframe=OliveGreen!30!white,colback=OliveGreen!5!white]
-	\textbf{Instructions:} This problem set covers the foundations of provable security from parts 1.1\footnote{\url{https://appliedcryptography.page/slides/1-1.pdf}}, 1.2\footnote{\url{https://appliedcryptography.page/slides/1-2.pdf}} and 1.3\footnote{\url{https://appliedcryptography.page/slides/1-3.pdf}} of the course. Submit your solutions as a neatly formatted PDF. You are encouraged to collaborate with classmates in studying the material, but your submitted solutions must be your own work. For proofs, clearly state your assumptions, steps, and conclusions.
+	\textbf{Instructions:} This problem set covers the foundations of provable security from parts 1.1\footnote{\url{https://appliedcryptography.page/slides/\#1-1}}, 1.2\footnote{\url{https://appliedcryptography.page/slides/\#1-2}} and 1.3\footnote{\url{https://appliedcryptography.page/slides/\#1-3}} of the course. Submit your solutions as a neatly formatted PDF. You are encouraged to collaborate with classmates in studying the material, but your submitted solutions must be your own work. For proofs, clearly state your assumptions, steps, and conclusions.
 \end{tcolorbox}

 \section{Cryptographic Foundations (20 points)}
--- a/assignments/problem-sets/problem-set-2.tex
+++ b/assignments/problem-sets/problem-set-2.tex
@ -11,7 +11,7 @@
 \section*{Problem Set 2: Symmetric Cryptography}

 \begin{tcolorbox}[colframe=OliveGreen!30!white,colback=OliveGreen!5!white]
-	\textbf{Instructions:} This problem set covers topics in provable security from parts 1.4\footnote{\url{https://appliedcryptography.page/slides/1-4.pdf}}, 1.5\footnote{\url{https://appliedcryptography.page/slides/1-5.pdf}} and 1.6\footnote{\url{https://appliedcryptography.page/slides/1-6.pdf}} of the course. Submit your solutions as a neatly formatted PDF. You are encouraged to collaborate with classmates in studying the material, but your submitted solutions must be your own work. For proofs, clearly state your assumptions, steps, and conclusions.
+	\textbf{Instructions:} This problem set covers topics in provable security from parts 1.4\footnote{\url{https://appliedcryptography.page/slides/\#1-4}}, 1.5\footnote{\url{https://appliedcryptography.page/slides/\#1-5}} and 1.6\footnote{\url{https://appliedcryptography.page/slides/\#1-6}} of the course. Submit your solutions as a neatly formatted PDF. You are encouraged to collaborate with classmates in studying the material, but your submitted solutions must be your own work. For proofs, clearly state your assumptions, steps, and conclusions.
 \end{tcolorbox}

 \section{Pseudorandomness (20 points)}
--- a/assignments/problem-sets/problem-set-3.tex
+++ b/assignments/problem-sets/problem-set-3.tex
@ -11,7 +11,7 @@
 \section*{Problem Set 3: Asymmetric Cryptography}

 \begin{tcolorbox}[colframe=OliveGreen!30!white,colback=OliveGreen!5!white]
-	\textbf{Instructions:} This problem set covers topics in provable security from parts 1.7\footnote{\url{https://appliedcryptography.page/slides/1-7.pdf}} and 1.8\footnote{\url{https://appliedcryptography.page/slides/1-8.pdf}} of the course. Submit your solutions as a neatly formatted PDF. You are encouraged to collaborate with classmates in studying the material, but your submitted solutions must be your own work. For proofs, clearly state your assumptions, steps, and conclusions.
+	\textbf{Instructions:} This problem set covers topics in provable security from parts 1.7\footnote{\url{https://appliedcryptography.page/slides/\#1-7}} and 1.8\footnote{\url{https://appliedcryptography.page/slides/\#1-8}} of the course. Submit your solutions as a neatly formatted PDF. You are encouraged to collaborate with classmates in studying the material, but your submitted solutions must be your own work. For proofs, clearly state your assumptions, steps, and conclusions.
 \end{tcolorbox}

 \section{Cryptographic Hardness and Real-World Implications (20 points)}
--- a/slides/1-4.tex
+++ b/slides/1-4.tex
@ -1441,7 +1441,7 @@
 	\begin{columns}[c]
 		\begin{column}{0.4\textwidth}
 			\begin{itemize}[<+->]
-				\item Luby and Rackoff proved that a 3-round Feistel cipher is indistinguishable from a pseudorandom permutation.\footnote{\url{https://appliedcryptography.page/papers/luby-rackoff.pdf}}
+				\item Luby and Rackoff proved that a 3-round Feistel cipher is indistinguishable from a pseudorandom permutation.\footnote{\url{https://appliedcryptography.page/papers/\#luby-rackoff}}
 				\item Can we also prove it using our provable security framework?
 			\end{itemize}
 		\end{column}
@ -1520,7 +1520,7 @@
 	\begin{columns}[c]
 		\begin{column}{0.4\textwidth}
 			\begin{itemize}
-				\item Luby and Rackoff proved that a 3-round Feistel cipher is indistinguishable from a pseudorandom permutation.\footnote{\url{https://appliedcryptography.page/papers/luby-rackoff.pdf}}
+				\item Luby and Rackoff proved that a 3-round Feistel cipher is indistinguishable from a pseudorandom permutation.\footnote{\url{https://appliedcryptography.page/papers/\#luby-rackoff}}
 				\item Can we also prove it using our provable security framework?
 				\item Yes, with the bad events proof technique!
 			\end{itemize}
@ -2130,31 +2130,31 @@
 \end{frame}

 \begin{frame}{AES: security and attacks over time}
- \begin{columns}[c]
-  \begin{column}{0.5\textwidth}
-   \begin{itemize}[<+->]
-    \item AES has been heavily analyzed for over 20 years.
-    \item Best attacks against full AES have gradually improved:
-          \begin{itemize}[<+->]
-           \item 2011: Biclique attack (Bogdanov et al.) reduced complexity to $2^{126.1}$ for AES-128.
-           \item Various side-channel attacks developed (power analysis, cache timing).\footnote{This is the main way to attack AES in practice. Side-channel attacks will be discussed in more depth later in the course.}
-           \item Advances in meet-in-the-middle and related-key techniques.
-          \end{itemize}
-   \end{itemize}
-  \end{column}
-  \begin{column}{0.5\textwidth}
-   \begin{itemize}[<+->]
-    \item Despite these advances:
-          \begin{itemize}[<+->]
-           \item No practical attacks on full AES-128.
-           \item Best attacks still require $\approx 2^{126}$ operations.
-           \item At this complexity, attacks remain purely theoretical.
-           \item Would require resources far exceeding global computing power.
-          \end{itemize}
-    \item Even quantum computers offer only modest advantage (Grover's algorithm reduces security to $2^{64}$ operations).\footnote{More on quantum computers and how they affect cryptography later in the course.}
-   \end{itemize}
-  \end{column}
- \end{columns}
+	\begin{columns}[c]
+		\begin{column}{0.5\textwidth}
+			\begin{itemize}[<+->]
+				\item AES has been heavily analyzed for over 20 years.
+				\item Best attacks against full AES have gradually improved:
+				      \begin{itemize}[<+->]
+					      \item 2011: Biclique attack (Bogdanov et al.) reduced complexity to $2^{126.1}$ for AES-128.
+					      \item Various side-channel attacks developed (power analysis, cache timing).\footnote{This is the main way to attack AES in practice. Side-channel attacks will be discussed in more depth later in the course.}
+					      \item Advances in meet-in-the-middle and related-key techniques.
+				      \end{itemize}
+			\end{itemize}
+		\end{column}
+		\begin{column}{0.5\textwidth}
+			\begin{itemize}[<+->]
+				\item Despite these advances:
+				      \begin{itemize}[<+->]
+					      \item No practical attacks on full AES-128.
+					      \item Best attacks still require $\approx 2^{126}$ operations.
+					      \item At this complexity, attacks remain purely theoretical.
+					      \item Would require resources far exceeding global computing power.
+				      \end{itemize}
+				\item Even quantum computers offer only modest advantage (Grover's algorithm reduces security to $2^{64}$ operations).\footnote{More on quantum computers and how they affect cryptography later in the course.}
+			\end{itemize}
+		\end{column}
+	\end{columns}
 \end{frame}

 \begin{frame}[plain]
--- a/slides/1-5.tex
+++ b/slides/1-5.tex
@ -640,7 +640,7 @@
 				\item This exposes an oracle that tells attackers: ``Does $\texttt{Dec}(K, C)$ have valid padding?''
 				\item Attackers can systematically exploit this to decrypt arbitrary ciphertexts.
 				\item Has led to major vulnerabilities in SSH and SSL/TLS protocols.
-				\item Example: POODLE attack against SSL 3.0 affected millions of websites.\footnote{\url{https://appliedcryptography.page/papers/google-poodle.pdf}}
+				\item Example: POODLE attack against SSL 3.0 affected millions of websites.\footnote{\url{https://appliedcryptography.page/papers/\#google-poodle}}
 			\end{itemize}
 		\end{column}
 	\end{columns}
@ -655,7 +655,7 @@
 				\item Response time reveals approximate numerical values inside $\texttt{Dec}(K, C)$.
 				\item Extremely subtle - even microsecond differences can leak information.
 				\item Successfully used to break older SSH and SSL/TLS implementations.
-				\item Example: Lucky Thirteen attack against TLS revealed message contents through timing differences.\footnote{\url{https://appliedcryptography.page/papers/lucky-thirteen.pdf}}
+				\item Example: Lucky Thirteen attack against TLS revealed message contents through timing differences.\footnote{\url{https://appliedcryptography.page/papers/\#lucky-thirteen}}
 			\end{itemize}
 		\end{column}
 	\end{columns}
@ -671,7 +671,7 @@
 					      \item A valid gzip file (processed normally)
 					      \item An invalid gzip file (error reported)
 				      \end{itemize}
-				\item This created an oracle revealing: ``Is $\texttt{Dec}(K, C)$ a valid gzip file?''\footnote{\url{https://appliedcryptography.page/papers/jhu-imessage.pdf}}
+				\item This created an oracle revealing: ``Is $\texttt{Dec}(K, C)$ a valid gzip file?''\footnote{\url{https://appliedcryptography.page/papers/\#jhu-imessage}}
 				\item Attackers who understood the gzip format could exploit this to:
 				      \begin{itemize}
 					      \item Silently recover private messages
@ -1466,7 +1466,7 @@
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
 				\item \textbf{Key commitment}: a ciphertext should only decrypt to a valid plaintext under the key used to generate it.
-				\item Most AEAD schemes (including AES-GCM) don't guarantee this property!\footnote{\url{https://appliedcryptography.page/papers/key-commitment.pdf}}
+				\item Most AEAD schemes (including AES-GCM) don't guarantee this property!\footnote{\url{https://appliedcryptography.page/papers/\#key-commitment}}
 				\item Attack scenario:
 				      \begin{enumerate}
 					      \item Attacker creates special ciphertext $C$.
--- a/slides/1-6.tex
+++ b/slides/1-6.tex
@ -541,7 +541,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item In 2017, Google and CWI Amsterdam researchers demonstrated the first practical collision for SHA-1.\footnote{\url{https://appliedcryptography.page/papers/shattered-sha1.pdf}}
+				\item In 2017, Google and CWI Amsterdam researchers demonstrated the first practical collision for SHA-1.\footnote{\url{https://appliedcryptography.page/papers/\#shattered-sha1}}
 				\item Created two different PDF files with identical SHA-1 hashes.
 				\item Required about 6,500 CPU years and 110 GPU years of computation.
 				\item Cost estimate: approximately \$110,000 using cloud computing.
@ -907,7 +907,7 @@
 					      \item Using less memory makes computation exponentially slower.
 				      \end{itemize}
 				\item Even with custom hardware, attackers face similar costs to defenders.
-				\item Proven to be maximally memory-hard!\footnote{\url{https://appliedcryptography.page/papers/scrypt-memory.pdf}}
+				\item Proven to be maximally memory-hard!\footnote{\url{https://appliedcryptography.page/papers/\#scrypt-memory}}
 			\end{itemize}
 		\end{column}
 	\end{columns}
@ -1045,7 +1045,7 @@
 				      \begin{itemize}
 					      \item Researchers have constructed schemes that are:
 					      \item Provably secure in the RO model, but,
-					      \item Provably insecure with any real hash function.\footnote{\url{https://appliedcryptography.page/papers/rom-methodology.pdf}}
+					      \item Provably insecure with any real hash function.\footnote{\url{https://appliedcryptography.page/papers/\#rom-methodology}}
 				      \end{itemize}
 			\end{itemize}
 		\end{column}
--- a/slides/1-7.tex
+++ b/slides/1-7.tex
@ -627,7 +627,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{Games proven NP-hard\footnote{\url{https://appliedcryptography.page/papers/nintendo-hard.pdf}}}:
+				\item \textbf{Games proven NP-hard\footnote{\url{https://appliedcryptography.page/papers/\#nintendo-hard}}}:
 				      \begin{itemize}
 					      \item Super Mario Bros. 1–3, The Lost Levels, Super Mario World
 					      \item Donkey Kong Country 1–3
--- a/slides/1-8.tex
+++ b/slides/1-8.tex
@ -845,7 +845,7 @@
 				      \end{itemize}
 				\item \textbf{Real-world example:} Found in TLS-ECDH implementations (2015).
 				      \begin{itemize}
-					      \item Paper: ``Practical Invalid Curve Attacks on TLS-ECDH''\footnote{\url{https://appliedcryptography.page/papers/invalid-curve.pdf}}
+					      \item Paper: ``Practical Invalid Curve Attacks on TLS-ECDH''\footnote{\url{https://appliedcryptography.page/papers/\#invalid-curve}}
 					      \item Jager, Schwenk, and Somorovsky
 				      \end{itemize}
 				\item \textbf{Prevention:} Always validate that points satisfy the correct curve equation.
--- a/slides/2-1.tex
+++ b/slides/2-1.tex
@ -1293,7 +1293,7 @@
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
 				\item \textbf{Target}: TLS's CBC (Cipher Block Chaining) mode with HMAC
-				\item \textbf{The vulnerability}: Timing differences in MAC verification\footnote{\url{https://appliedcryptography.page/papers/lucky-thirteen.pdf}}
+				\item \textbf{The vulnerability}: Timing differences in MAC verification\footnote{\url{https://appliedcryptography.page/papers/\#lucky-thirteen}}
 				      \begin{itemize}
 					      \item TLS 1.0-1.2 used MAC-then-encrypt with CBC mode
 					      \item Padding oracle attacks exploit timing differences
@ -1363,7 +1363,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{Full name}: Padding Oracle On Downgraded Legacy Encryption\footnote{\url{https://appliedcryptography.page/papers/google-poodle.pdf}}
+				\item \textbf{Full name}: Padding Oracle On Downgraded Legacy Encryption\footnote{\url{https://appliedcryptography.page/papers/\#google-poodle}}
 				\item \textbf{Target}: SSL 3.0 (ancient protocol from 1996)
 				\item \textbf{The setup}:
 				      \begin{itemize}
@ -1437,7 +1437,7 @@
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
 				\item \textbf{Discovered by}: Inria Prosecco team (future TLS 1.3 verifiers!)
-				\item \textbf{Core problem}: TLS handshake can be \textbf{resumed} with different certificates\footnote{\url{https://appliedcryptography.page/papers/triple-handshakes.pdf}}
+				\item \textbf{Core problem}: TLS handshake can be \textbf{resumed} with different certificates\footnote{\url{https://appliedcryptography.page/papers/\#triple-handshakes}}
 				      \begin{itemize}
 					      \item Client connects to Server A, establishes session
 					      \item Session can be resumed with Server B using different certificate
@ -1503,7 +1503,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{Not a protocol flaw}: Implementation bug in OpenSSL\footnote{\url{https://appliedcryptography.page/papers/matter-heartbleed.pdf}}
+				\item \textbf{Not a protocol flaw}: Implementation bug in OpenSSL\footnote{\url{https://appliedcryptography.page/papers/\#matter-heartbleed}}
 				\item \textbf{The vulnerability}: Buffer over-read in heartbeat extension
 				      \begin{itemize}
 					      \item Heartbeat: ``keep-alive'' mechanism for TLS
@ -1602,7 +1602,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{Research by}: Inria Prosecco team (again!)\footnote{\url{https://appliedcryptography.page/papers/smack-tls.pdf}}
+				\item \textbf{Research by}: Inria Prosecco team (again!)\footnote{\url{https://appliedcryptography.page/papers/\#smack-tls}}
 				\item \textbf{Two major attack classes discovered}:
 				      \begin{itemize}
 					      \item \textbf{SMACK}: State Machine AttaCKs
@ -1803,7 +1803,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{Research team}: 14 researchers from 10 institutions\footnote{\url{https://appliedcryptography.page/papers/imperfect-dh.pdf}}
+				\item \textbf{Research team}: 14 researchers from 10 institutions\footnote{\url{https://appliedcryptography.page/papers/\#imperfect-dh}}
 				\item \textbf{Target}: Diffie-Hellman key exchange in TLS
 				\item \textbf{Two main attacks}:
 				      \begin{itemize}
@ -1930,7 +1930,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/inria-sweet32.pdf}}
+				\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/\#inria-sweet32}}
 				\item \textbf{Target}: 64-bit block ciphers (3DES, Blowfish)
 				\item \textbf{Core vulnerability}: Birthday paradox in block cipher usage
 				      \begin{itemize}
@ -2002,7 +2002,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/inria-collisions.pdf}}
+				\item \textbf{Researchers}: Karthikeyan Bhargavan and Gaëtan Leurent (Inria)\footnote{\url{https://appliedcryptography.page/papers/\#inria-collisions}}
 				\item \textbf{Novel attack class}: Hash collision attacks on protocol transcripts
 				\item \textbf{Core idea}:
 				      \begin{itemize}
--- a/slides/2-2.tex
+++ b/slides/2-2.tex
@ -292,7 +292,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{The Discovery:} Certain key patterns create predictable initial states\footnote{\url{https://appliedcryptography.page/papers/rc4-ksa.pdf}}
+				\item \textbf{The Discovery:} Certain key patterns create predictable initial states\footnote{\url{https://appliedcryptography.page/papers/\#rc4-ksa}}
 				\item \textbf{Weak Key Pattern:} Keys of the form $(K_1, K_2, \ldots, K_n, 3, 255, \ldots)$
 				      \begin{itemize}[<+->]
 					      \item When byte 3 of the key is 3, and byte 4 is 255
@ -667,7 +667,7 @@
 	\begin{columns}[c]
 		\begin{column}{0.6\textwidth}
 			\begin{itemize}[<+->]
-				\item \textbf{The discovery:} RC4's biases are exploitable in TLS:\footnote{\url{https://appliedcryptography.page/papers/rc4-tls.pdf}}
+				\item \textbf{The discovery:} RC4's biases are exploitable in TLS:\footnote{\url{https://appliedcryptography.page/papers/\#rc4-tls}}
 				      \begin{itemize}[<+->]
 					      \item First 256 bytes of keystream heavily biased
 					      \item Certain byte positions more predictable than others
@ -728,7 +728,7 @@
 					      \item Took days or weeks to execute
 					      \item Many dismissed it as theoretical
 				      \end{itemize}
-				\item \textbf{Insight:} Target password verifiers, not cookies\footnote{\url{https://appliedcryptography.page/papers/rc4-attacks.pdf}}
+				\item \textbf{Insight:} Target password verifiers, not cookies\footnote{\url{https://appliedcryptography.page/papers/\#rc4-attacks}}
 				      \begin{itemize}[<+->]
 					      \item Basic Authentication sends passwords in every request
 					      \item IMAP/SMTP use similar repeated authentication
@ -743,7 +743,7 @@
 					      \item Exploit password character distributions
 					      \item Use Mantin's ABSAB bias (positions 1-4)
 					      \item Combine with dictionary attacks
-					      \item Other attack papers use similar techniques, including to break WPA-TKIP, a successor to WEP!\footnote{\url{https://appliedcryptography.page/papers/rc4-biases.pdf}}
+					      \item Other attack papers use similar techniques, including to break WPA-TKIP, a successor to WEP!\footnote{\url{https://appliedcryptography.page/papers/\#rc4-biases}}
 				      \end{itemize}
 			\end{itemize}
 		\end{column}
@ -752,7 +752,7 @@

 \begin{frame}{Mantin's ABSAB bias (2005)}
 	\begin{itemize}[<+->]
-		\item \textbf{The discovery:} Certain digraph patterns repeat with anomalous frequency\footnote{\url{https://appliedcryptography.page/papers/rc4-absab.pdf}}
+		\item \textbf{The discovery:} Certain digraph patterns repeat with anomalous frequency\footnote{\url{https://appliedcryptography.page/papers/\#rc4-absab}}
 		      \begin{itemize}[<+->]
 			      \item Pattern: Two characters repeat after a gap (e.g., ABAB, ABCAB)
 			      \item Occurs when value 1 is used to update index $j$ in RC4
--- a/slides/2-3.tex
+++ b/slides/2-3.tex
@ -133,7 +133,7 @@
 			\begin{itemize}
 				\item \textbf{Usability nightmare}
 				      \begin{itemize}
-					      \item ``Why Johnny Can't Encrypt'' (1999) - landmark usability study\footnote{\url{https://appliedcryptography.page/papers/johnny-cant.pdf}}
+					      \item ``Why Johnny Can't Encrypt'' (1999) - landmark usability study\footnote{\url{https://appliedcryptography.page/papers/\#johnny-cant}}
 					      \item Key management too complex for average users
 					      \item Easy to make catastrophic mistakes
 				      \end{itemize}
@ -860,7 +860,7 @@
 \begin{frame}{Enter HKDF: HMAC-based Key Derivation Function}
 	\begin{columns}[c]
 		\begin{column}{0.5\textwidth}
-			\textbf{Motivated by real needs:}\footnote{\url{https://appliedcryptography.page/papers/hkdf-scheme.pdf}}
+			\textbf{Motivated by real needs:}\footnote{\url{https://appliedcryptography.page/papers/\#hkdf-scheme}}
 			\begin{itemize}
 				\item OTR, TLS, IPsec all needed KDFs
 				\item Each had ad-hoc solutions
@ -1134,7 +1134,7 @@
 \begin{frame}{Attacks on OTR version 2}
 	\begin{columns}
 		\begin{column}{0.5\textwidth}
-			\textbf{Version Rollback Attack}\footnote{\url{https://appliedcryptography.page/papers/otr-analysis.pdf}}
+			\textbf{Version Rollback Attack}\footnote{\url{https://appliedcryptography.page/papers/\#otr-analysis}}
 			\begin{itemize}
 				\item Version negotiation happens before authentication
 				\item Attacker can force use of older, weaker version
@ -1516,7 +1516,7 @@
 	\begin{columns}[c]
 		\begin{column}{1\textwidth}
 			\begin{center}
-				\Large \textbf{The Promise and Reality of Post-Compromise Security}\footnote{\url{https://appliedcryptography.page/papers/pcs-impossibility.pdf}}
+				\Large \textbf{The Promise and Reality of Post-Compromise Security}\footnote{\url{https://appliedcryptography.page/papers/\#pcs-impossibility}}
 			\end{center}
 			\vspace{1em}
 			\begin{itemize}
--- a/website/index.html
+++ b/website/index.html
@ -16,14 +16,14 @@
 	<meta property="og:url" content="https://appliedcryptography.page" />
 	<meta property="og:image" content="https://appliedcryptography.page/res/img/og.jpg" />
 	<meta property="og:locale" content="en_US" />
-	<link rel="icon" href="res/img/favicon.png" type="image/png" />
-	<link rel="apple-touch-icon" href="res/img/favicon.png" sizes="180x180" />
-	<link rel="icon" href="res/img/favicon.png" sizes="32x32" type="image/png" />
-	<link rel="icon" href="res/img/favicon.png" sizes="16x16" type="image/png" />
-	<link rel="stylesheet" href="res/fonts/phosphor/phosphor.css" />
-	<link rel="stylesheet" href="res/fonts/google/google.css" />
-	<link rel="stylesheet" href="res/css/style.css" />
-	<link rel="preload" as="image" href="res/img/cedar.webp" />
+	<link rel="icon" href="/res/img/favicon.png" type="image/png" />
+	<link rel="apple-touch-icon" href="/res/img/favicon.png" sizes="180x180" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="32x32" type="image/png" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="16x16" type="image/png" />
+	<link rel="stylesheet" href="/res/fonts/phosphor/phosphor.css" />
+	<link rel="stylesheet" href="/res/fonts/google/google.css" />
+	<link rel="stylesheet" href="/res/css/style.css" />
+	<link rel="preload" as="image" href="/res/img/cedar.webp" />
 	<script defer data-domain="appliedcryptography.page" data-api="https://restless-block-0a1e.symbolicsoft.workers.dev/oil-ocean/event" src="https://restless-block-0a1e.symbolicsoft.workers.dev/emerald-hill/script.js"></script>
 	<script src="res/js/menu.js"></script>
 	<script src="res/js/collapsible.js"></script>
@ -189,60 +189,60 @@
 					</p>
 					<div class="card">
 						<ul>
-							<li><i class="icon ph-duotone ph-scroll"></i>Felix Linker, Ralf Sasse and David Basin, <a href="papers/pq3-analysis.pdf"><em>A Formal Analysis of Apple’s iMessage PQ3 Protocol</em></a>, USENIX Security Symposium, 2025.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Mathy Vanhoef and Frank Piessens, <a href="papers/rc4-biases.pdf"><em>All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS</em></a>, USENIX Security Symposium, 2015.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub and Jean-Karim Zinzindohoué, <a href="papers/smack-tls.pdf"><em>A Messy State of the Union: Taming the Composite State Machines of TLS</em></a>, IEEE Symposium on Security and Privacy, 2015.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht and Kenneth G. Paterson, <a href="papers/wild-cryptography.pdf"><em>Analysing Cryptography in the Wild: A Retrospective</em></a>, IEEE Security &amp; Privacy, 2024.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Lenka Mareková, Kenneth G. Paterson, Eyal Ronen and Igors Stepanovs, <a href="papers/telegram-exchange.pdf"><em>Analysis of the Telegram Key Exchange</em></a>, IACR Eurocrypt, 2025.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>David Evans, Vladimir Kolesnikov and Mike Rosulek, <a href="papers/pragmatic-mpc.pdf"><em>A Pragmatic Introduction to Secure Multi-Party Computation</em></a>, NOW Publishers, 2020.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Kenneth G. Paterson and Thyla Van der Merwe, <a href="papers/rc4-attacks.pdf"><em>Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS</em></a>, USENIX Security Symposium, 2015.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Nadim Kobeissi, Karthikeyan Bhargavan and Bruno Blanchet, <a href="papers/signal-analysis.pdf"><em>Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach</em></a>, IEEE European Symposium on Security and Privacy, 2017.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Théophile Wallez, <a href="papers/wallez-thesis.pdf"><em>A Verification Framework for Secure Group Messaging</em></a>, PSL Université Paris, 2025.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Greg Aloupis, Erik D. Demaine, Alan Guo and Giovanni Viglietta, <a href="papers/nintendo-hard.pdf"><em>Classic Nintendo Games are (Computationally) Hard</em></a>, ACM Theoretical Computer Science, 2015.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson, Narseo Vallina-Rodriguez and Juan Caballero, <a href="papers/tls-deployment.pdf"><em>Coming of Age: A Longitudinal Study of TLS Deployment</em></a>, ACM IMC, 2018.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/hkdf-scheme.pdf"><em>Cryptographic Extraction and Key Derivation: The HKDF Scheme</em></a>, IACR Crypto, 2010.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers and Michael Rushanan, <a href="papers/jhu-imessage.pdf"><em>Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage</em></a>, USENIX Security Symposium, 2016.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig and Eric Wustrow, <a href="papers/ecc-practice.pdf"><em>Elliptic Curve Cryptography in Practice</em></a>, Financial Cryptography and Data Security, 2014.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Joseph Bonneau and Andrew Morrison, <a href="papers/otr-analysis.pdf"><em>Finite-State Security Analysis of OTR Version 2</em></a>, Stanford Computer Security Laboratory, 2006.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Benjamin Dowling and Daniel Jones, <a href="papers/whatsapp-groups.pdf"><em>Formal Analysis of Multi-Device Group Messaging in WhatsApp</em></a>, IACR Eurocrypt, 2025.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Charlie Jacomme and Aurora Naska, <a href="papers/session-handling.pdf"><em>Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations</em></a>, USENIX Security Symposium, 2023.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer and Rolfe Schmidt, <a href="papers/pqxdh-analysis.pdf"><em>Formal Verification of the PQXDH Post-Quantum Key Agreement Protocol for End-to-End Secure Messaging</em></a>, USENIX Security Symposium, 2024.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Ange Albertini, Thai Duong, Shay Gueron, Stefan K&#xF6;lbl, Atul Luykx, and Sophie Schmieg, <a href="papers/key-commitment.pdf"><em>How to Abuse and Fix Authenticated Encryption Without Key Commitment</em></a>, USENIX Security Symposium, 2022.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Michael Luby and Charles Rackoff, <a href="papers/luby-rackoff.pdf"><em>How To Construct Pseudorandom Permutations From Pseudorandom Functions</em></a>, Society for Industrial and Applied Mathematics, 1988.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Felix Linker, Ralf Sasse and David Basin, <a href="papers/#pq3-analysis"><em>A Formal Analysis of Apple’s iMessage PQ3 Protocol</em></a>, USENIX Security Symposium, 2025.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Mathy Vanhoef and Frank Piessens, <a href="papers/#rc4-biases"><em>All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS</em></a>, USENIX Security Symposium, 2015.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub and Jean-Karim Zinzindohoué, <a href="papers/#smack-tls"><em>A Messy State of the Union: Taming the Composite State Machines of TLS</em></a>, IEEE Symposium on Security and Privacy, 2015.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht and Kenneth G. Paterson, <a href="papers/#wild-cryptography"><em>Analysing Cryptography in the Wild: A Retrospective</em></a>, IEEE Security &amp; Privacy, 2024.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Lenka Mareková, Kenneth G. Paterson, Eyal Ronen and Igors Stepanovs, <a href="papers/#telegram-exchange"><em>Analysis of the Telegram Key Exchange</em></a>, IACR Eurocrypt, 2025.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>David Evans, Vladimir Kolesnikov and Mike Rosulek, <a href="papers/#pragmatic-mpc"><em>A Pragmatic Introduction to Secure Multi-Party Computation</em></a>, NOW Publishers, 2020.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Kenneth G. Paterson and Thyla Van der Merwe, <a href="papers/#rc4-attacks"><em>Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS</em></a>, USENIX Security Symposium, 2015.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Nadim Kobeissi, Karthikeyan Bhargavan and Bruno Blanchet, <a href="papers/#signal-analysis"><em>Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach</em></a>, IEEE European Symposium on Security and Privacy, 2017.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Théophile Wallez, <a href="papers/#wallez-thesis"><em>A Verification Framework for Secure Group Messaging</em></a>, PSL Université Paris, 2025.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Greg Aloupis, Erik D. Demaine, Alan Guo and Giovanni Viglietta, <a href="papers/#nintendo-hard"><em>Classic Nintendo Games are (Computationally) Hard</em></a>, ACM Theoretical Computer Science, 2015.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson, Narseo Vallina-Rodriguez and Juan Caballero, <a href="papers/#tls-deployment"><em>Coming of Age: A Longitudinal Study of TLS Deployment</em></a>, ACM IMC, 2018.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/#hkdf-scheme"><em>Cryptographic Extraction and Key Derivation: The HKDF Scheme</em></a>, IACR Crypto, 2010.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers and Michael Rushanan, <a href="papers/#jhu-imessage"><em>Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage</em></a>, USENIX Security Symposium, 2016.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig and Eric Wustrow, <a href="papers/#ecc-practice"><em>Elliptic Curve Cryptography in Practice</em></a>, Financial Cryptography and Data Security, 2014.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Joseph Bonneau and Andrew Morrison, <a href="papers/#otr-analysis"><em>Finite-State Security Analysis of OTR Version 2</em></a>, Stanford Computer Security Laboratory, 2006.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Benjamin Dowling and Daniel Jones, <a href="papers/#whatsapp-groups"><em>Formal Analysis of Multi-Device Group Messaging in WhatsApp</em></a>, IACR Eurocrypt, 2025.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Charlie Jacomme and Aurora Naska, <a href="papers/#session-handling"><em>Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations</em></a>, USENIX Security Symposium, 2023.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer and Rolfe Schmidt, <a href="papers/#pqxdh-analysis"><em>Formal Verification of the PQXDH Post-Quantum Key Agreement Protocol for End-to-End Secure Messaging</em></a>, USENIX Security Symposium, 2024.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Ange Albertini, Thai Duong, Shay Gueron, Stefan K&#xF6;lbl, Atul Luykx, and Sophie Schmieg, <a href="papers/#key-commitment"><em>How to Abuse and Fix Authenticated Encryption Without Key Commitment</em></a>, USENIX Security Symposium, 2022.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Michael Luby and Charles Rackoff, <a href="papers/#luby-rackoff"><em>How To Construct Pseudorandom Permutations From Pseudorandom Functions</em></a>, Society for Industrial and Applied Mathematics, 1988.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Nick Sullivan, <a href="https://blog.cloudflare.com/killing-rc4-the-long-goodbye/"><em>Killing RC4: The Long Goodbye</em></a>, Cloudflare Blog, 2014.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin and Paul Zimmermann, <a href="papers/imperfect-dh.pdf"><em>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</em></a>, ACM CCS, 2015.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Niklas Medinger and Aurora Naska, <a href="papers/pcs-impossibility.pdf"><em>Impossibility Results for Post-Compromise Security in Real-World Communication Systems</em></a>, IEEE Symposium on Security and Privacy, 2025.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/otr-auth.pdf"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin and Paul Zimmermann, <a href="papers/#imperfect-dh"><em>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</em></a>, ACM CCS, 2015.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Niklas Medinger and Aurora Naska, <a href="papers/#pcs-impossibility"><em>Impossibility Results for Post-Compromise Security in Real-World Communication Systems</em></a>, IEEE Symposium on Security and Privacy, 2025.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/#otr-auth"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Henry de Valence, <a href="https://hdevalence.ca/blog/2020-10-04-its-25519am/"><em>It's 255:19AM. Do you know what your validation criteria are?</em></a>, hdevalence.ca, 2020.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Nadhem J. Alfardan and Kenneth G. Paterson, <a href="papers/lucky-thirteen.pdf"><em>Lucky Thirteen: Breaking the TLS and DTLS Record Protocols</em></a>, IEEE Symposium on Security and Privacy, 2013.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Paul Rösler, Christian Mainka and Jörg Schwenk, <a href="papers/group-chats.pdf"><em>More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema</em></a>, IEEE European Symposium on Security and Privacy, 2018.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Nikita Borisov, Ian Goldberg and Eric Brewer, <a href="papers/otr-messaging.pdf"><em>Off-the-Record Communication, or, Why Not To Use PGP</em></a>, Workshop on Privacy in the Electronic Society, 2004.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/inria-sweet32.pdf"><em>On the Practical (In-)Security of 64-bit Block Ciphers</em></a>, ACM CCS, 2016.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Nadhem AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering and Jacob C. N. Schuldt, <a href="papers/rc4-tls.pdf"><em>On the Security of RC4 in TLS</em></a>, USENIX Security Symposium, 2013.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Tibor Jager, Jörg Schwenk and Juraj Somorovsky, <a href="papers/invalid-curve.pdf"><em>Practical Invalid Curve Attacks on TLS-ECDH</em></a>, ESORICS, 2015.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Itsik Mantin<a href="papers/rc4-absab.pdf"><em>Predicting and Distinguishing Attacks on RC4 Keystream Generator</em></a>, IACR Eurocrypt, 2005.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers and Dennis Jackson, <a href="papers/prime-order.pdf"><em>Prime, Order Please! Revisiting Small Subgroup and Invalid Curve Attacks on Protocols using Diffie-Hellman</em></a>, IEEE CSF, 2019.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Project Everest Team, <a href="papers/everest-perspectives.pdf"><em>Project Everest: Perspectives from Developing Industrial-Grade High-Assurance Software</em></a>, Microsoft Research, 2025.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Nadhem J. Alfardan and Kenneth G. Paterson, <a href="papers/#lucky-thirteen"><em>Lucky Thirteen: Breaking the TLS and DTLS Record Protocols</em></a>, IEEE Symposium on Security and Privacy, 2013.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Paul Rösler, Christian Mainka and Jörg Schwenk, <a href="papers/#group-chats"><em>More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema</em></a>, IEEE European Symposium on Security and Privacy, 2018.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Nikita Borisov, Ian Goldberg and Eric Brewer, <a href="papers/#otr-messaging"><em>Off-the-Record Communication, or, Why Not To Use PGP</em></a>, Workshop on Privacy in the Electronic Society, 2004.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/#inria-sweet32"><em>On the Practical (In-)Security of 64-bit Block Ciphers</em></a>, ACM CCS, 2016.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Nadhem AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering and Jacob C. N. Schuldt, <a href="papers/#rc4-tls"><em>On the Security of RC4 in TLS</em></a>, USENIX Security Symposium, 2013.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Tibor Jager, Jörg Schwenk and Juraj Somorovsky, <a href="papers/#invalid-curve"><em>Practical Invalid Curve Attacks on TLS-ECDH</em></a>, ESORICS, 2015.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Itsik Mantin<a href="papers/#rc4-absab"><em>Predicting and Distinguishing Attacks on RC4 Keystream Generator</em></a>, IACR Eurocrypt, 2005.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers and Dennis Jackson, <a href="papers/#prime-order"><em>Prime, Order Please! Revisiting Small Subgroup and Invalid Curve Attacks on Protocols using Diffie-Hellman</em></a>, IEEE CSF, 2019.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Project Everest Team, <a href="papers/#everest-perspectives"><em>Project Everest: Perspectives from Developing Industrial-Grade High-Assurance Software</em></a>, Microsoft Research, 2025.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Matthew McPherrin, <a href="https://letsencrypt.org/2025/06/11/reflections-on-a-year-of-sunlight/"><em>Reflections on a Year of Sunlight</em></a>, Let's Encrypt Blog, 2025.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Daniel J. Bernstein and Tanja Lange, <a href="https://safecurves.cr.yp.to"><em>SafeCurves: choosing safe curves for elliptic-curve cryptography</em></a>, SafeCurves, 2017.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Joël Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin and Stefano Tessaro, <a href="papers/scrypt-memory.pdf"><em>Scrypt Is Maximally Memory-Hard</em></a>, IACR Eurocrypt, 2017.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/sigma-ake.pdf"><em>SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols</em></a>, IACR Crypto, 2003.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Gilles Barthe, Karthikeyan Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao and Bryan Parno, <a href="papers/sok-verif.pdf"><em>SoK: Computer-Aided Cryptography</em></a>, IEEE Symposium on Security and Privacy, 2021.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Joël Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin and Stefano Tessaro, <a href="papers/#scrypt-memory"><em>Scrypt Is Maximally Memory-Hard</em></a>, IACR Eurocrypt, 2017.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/#sigma-ake"><em>SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols</em></a>, IACR Crypto, 2003.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Gilles Barthe, Karthikeyan Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao and Bryan Parno, <a href="papers/#sok-verif"><em>SoK: Computer-Aided Cryptography</em></a>, IEEE Symposium on Security and Privacy, 2021.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Tarek Galal, <a href="https://tgalal.com/blog/the-curves-of-zokrates"><em>The Curves of ZoKrates</em></a>, tgalal.com, 2025.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini and Yarik Markov, <a href="papers/shattered-sha1.pdf"><em>The First Collision for Full SHA-1</em></a>, IACR Crypto, 2017.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer and Vern Paxson, <a href="papers/matter-heartbleed.pdf"><em>The Matter of Heartbleed</em></a>, ACM IMC, 2014.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Ran Canetti, Oded Goldreich and Shai Halevi, <a href="papers/rom-methodology.pdf"><em>The Random Oracle Model Methodology, Revisited</em></a>, Journal of the ACM, 2004.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/google-poodle.pdf"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Nicolas Gailly, Kelsey Melissaris and Yolan Romailler, <a href="papers/tlock-bls.pdf"><em>tlock: Practical Timelock Encryption from Threshold BLS</em></a>, IACR ePrint Archive, 2023.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Mark Russinovich, Manuel Costa, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani and Vikas Bhatia, <a href="papers/confidential-cloud.pdf"><em>Toward Confidential Cloud Computing</em></a>, Communications of the ACM, 2021.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/inria-collisions.pdf"><em>Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH</em></a>, Network and Distributed Systems Security Symposium, 2016.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Alfredo Pironti and Pierre-Yves Strub, <a href="papers/triple-handshakes.pdf"><em>Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS</em></a>, IEEE Symposium on Security and Privacy, 2014.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Yevgeniy Dodis, Daniel Jost, Shuichi Katsumata, Thomas Prest and Rolfe Schmidt, <a href="papers/triple-ratchet.pdf"><em>Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol</em></a>, IACR Eurocrypt, 2025.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Bruno Blanchet and Nadim Kobeissi, <a href="papers/tls13-verif.pdf"><em>Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate</em></a>, IEEE Symposium on Security and Privacy, 2017.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Scott Fluhrer, Istik Mantin and Adi Shamir, <a href="papers/rc4-ksa.pdf"><em>Weaknesses in the Key Scheduling Algorithm for RC4</em></a>, Selected Areas in Cryptography, 2001.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Alma Whitten and J. D. Tygar, <a href="papers/johnny-cant.pdf"><em>Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0</em></a>, Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, 2005.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Scott Ruoti, Jeff Andersen, Daniel Zappala and Kent Seamons, <a href="papers/johnny-still.pdf"><em>Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client</em></a>, arXiv, 2015.</li>
-							<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner and Baas Westerban, <a href="papers/xwing-hybrid.pdf"><em>X-Wing: The Hybrid KEM You’ve Been Looking For</em></a>, IACR Communications in Cryptology, 2024.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini and Yarik Markov, <a href="papers/#shattered-sha1"><em>The First Collision for Full SHA-1</em></a>, IACR Crypto, 2017.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer and Vern Paxson, <a href="papers/#matter-heartbleed"><em>The Matter of Heartbleed</em></a>, ACM IMC, 2014.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Ran Canetti, Oded Goldreich and Shai Halevi, <a href="papers/#rom-methodology"><em>The Random Oracle Model Methodology, Revisited</em></a>, Journal of the ACM, 2004.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/#google-poodle"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Nicolas Gailly, Kelsey Melissaris and Yolan Romailler, <a href="papers/#tlock-bls"><em>tlock: Practical Timelock Encryption from Threshold BLS</em></a>, IACR ePrint Archive, 2023.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Mark Russinovich, Manuel Costa, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani and Vikas Bhatia, <a href="papers/#confidential-cloud"><em>Toward Confidential Cloud Computing</em></a>, Communications of the ACM, 2021.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/#inria-collisions"><em>Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH</em></a>, Network and Distributed Systems Security Symposium, 2016.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Alfredo Pironti and Pierre-Yves Strub, <a href="papers/#triple-handshakes"><em>Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS</em></a>, IEEE Symposium on Security and Privacy, 2014.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Yevgeniy Dodis, Daniel Jost, Shuichi Katsumata, Thomas Prest and Rolfe Schmidt, <a href="papers/#triple-ratchet"><em>Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol</em></a>, IACR Eurocrypt, 2025.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Bruno Blanchet and Nadim Kobeissi, <a href="papers/#tls13-verif"><em>Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate</em></a>, IEEE Symposium on Security and Privacy, 2017.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Scott Fluhrer, Istik Mantin and Adi Shamir, <a href="papers/#rc4-ksa"><em>Weaknesses in the Key Scheduling Algorithm for RC4</em></a>, Selected Areas in Cryptography, 2001.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Alma Whitten and J. D. Tygar, <a href="papers/#johnny-cant"><em>Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0</em></a>, Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, 2005.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Scott Ruoti, Jeff Andersen, Daniel Zappala and Kent Seamons, <a href="papers/#johnny-still"><em>Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client</em></a>, arXiv, 2015.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner and Baas Westerban, <a href="papers/#xwing-hybrid"><em>X-Wing: The Hybrid KEM You’ve Been Looking For</em></a>, IACR Communications in Cryptology, 2024.</li>
 							<li><em>More to be added soon!</em></li>
 						</ul>
 					</div>
@ -281,7 +281,7 @@

 			<div class="alert">
 				<p class="mb-0">
-					<strong><i class="icon ph-duotone ph-file-pdf"></i></strong> A <a href="syllabus.pdf">PDF copy</a> of the Fall 2025 syllabus is available.
+					<strong><i class="icon ph-duotone ph-file-pdf"></i></strong> A <a href="syllabus">PDF copy</a> of the Fall 2025 syllabus is available.
 				</p>
 			</div>

@ -296,7 +296,7 @@
 					</p>

 					<div class="topic">
-						<a href="slides/1-1.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-1" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.1</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Introduction</h4>
 						<p class="topic-overview">This introduction establishes the foundation for the entire course by covering the scope, objectives, and structure of applied cryptography. We'll discuss key themes that will recur throughout the semester, including the balance between theory and practice, the importance of formal security definitions, and the evolution of cryptographic thinking. Students will gain a clear understanding of what to expect from the course and how the various topics connect to form a coherent framework for secure system design.</p>
@ -309,7 +309,7 @@
 					</div>

 					<div class="topic">
-						<a href="slides/1-2.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-2" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.2</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>One-Time Pad &amp; The Provable Security Mindset</h4>
 						<p class="topic-overview">This topic introduces the concept of perfect secrecy through the One-Time Pad (OTP) encryption system and explores its mathematical proof of unconditional security. While theoretically unbreakable, we'll examine the severe practical limitations that make OTP challenging to deploy in real-world systems, including key generation, distribution, and management problems. The topic then transitions to Kerckhoff's fundamental principle—that a cryptosystem should remain secure even if everything about the system, except the key, is public knowledge. We'll discuss how this principle has shaped modern cryptographic design philosophy and why security through obscurity fails as a long-term strategy for protecting sensitive information.</p>
@ -323,7 +323,7 @@
 					</div>

 					<div class="topic">
-						<a href="slides/1-3.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-3" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.3</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Provable Security &amp; Computational Cryptography</h4>
 						<p class="topic-overview">This topic begins by delving into the rigorous mathematical frameworks that allow cryptographers to provide formal security guarantees for cryptographic schemes. We'll examine how precise definitions of security properties create a foundation for meaningful analysis, and explore various adversarial models that capture different threat scenarios. The concept of reduction—proving that breaking a scheme is at least as hard as solving some well-studied mathematical problem—will be thoroughly explored. We then transition to modern computational cryptography, moving from unconditional security to a more practical approach where security is defined against computationally bounded adversaries. Students will learn about indistinguishability as a fundamental security concept, the bad-event technique for security proofs, and birthday probabilities in cryptographic attacks. The session provides essential mathematical foundations for understanding modern cryptographic security, including quantitative intuition about large numbers (like 2<sup>128</sup>) and tiny probabilities (like 2<sup>-80</sup>) that define practical security boundaries, preparing students for subsequent topics in pseudorandomness.</p>
@ -337,7 +337,7 @@
 					</div>

 					<div class="topic">
-						<a href="slides/1-4.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-4" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.4</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Pseudorandomness</h4>
 						<p class="topic-overview">This topic explores three fundamental pseudorandom primitives that enable practical cryptography. Pseudorandom generators (PRGs) solve one-time pad's key length limitation by expanding short seeds into longer outputs indistinguishable from random. Pseudorandom functions (PRFs) extend this by creating massive virtual dictionaries mapping inputs to pseudorandom outputs, allowing parties with a shared secret to derive unlimited pseudorandom data. Pseudorandom permutations (PRPs), also called block ciphers, provide both forward and inverse operations indistinguishable from random permutations. We'll examine key constructions including GGM (building PRFs from PRGs), the Feistel network (building invertible PRPs from non-invertible PRFs), and the PRF-PRP switching lemma that enables interchangeability in security proofs. Throughout, we'll emphasize crucial security principles like the PRF "Golden Rule" of preventing input repetition.</p>
@ -350,13 +350,13 @@
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Michael Luby and Charles Rackoff, <a href="papers/luby-rackoff.pdf"><em>How To Construct Pseudorandom Permutations From Pseudorandom Functions</em></a>, Society for Industrial and Applied Mathematics, 1988.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Michael Luby and Charles Rackoff, <a href="papers/#luby-rackoff"><em>How To Construct Pseudorandom Permutations From Pseudorandom Functions</em></a>, Society for Industrial and Applied Mathematics, 1988.</li>
 							</ul>
 						</div>
 					</div>

 					<div class="topic">
-						<a href="slides/1-5.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-5" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.5</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Chosen-Plaintext &amp; Chosen-Ciphertext Attacks</h4>
 						<p class="topic-overview">This topic explores advanced security models for symmetric-key encryption, beginning with chosen-plaintext attack (CPA) security, where ciphertexts must be indistinguishable from random strings. We'll examine why deterministic encryption cannot achieve this security level and explore solutions including randomized PRF-based schemes and block cipher modes like CBC and CTR, while explaining why ECB mode remains fundamentally insecure. The topic then advances to chosen-ciphertext attacks (CCA), where adversaries can decrypt chosen ciphertexts, demonstrating how even CPA-secure schemes like CTR mode remain vulnerable due to their malleability. We'll analyze practical format-oracle attacks that exploit information leakage during decryption to recover entire plaintexts, and examine how preventing adversaries from creating valid modified ciphertexts is essential for achieving comprehensive CCA security in real-world systems.</p>
@ -368,16 +368,16 @@
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/google-poodle.pdf"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Nadhem J. Alfardan and Kenneth G. Paterson, <a href="papers/lucky-thirteen.pdf"><em>Lucky Thirteen: Breaking the TLS and DTLS Record Protocols</em></a>, IEEE Symposium on Security and Privacy, 2013.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers and Michael Rushanan, <a href="papers/jhu-imessage.pdf"><em>Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage</em></a>, USENIX Security Symposium, 2016.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Ange Albertini, Thai Duong, Shay Gueron, Stefan K&#xF6;lbl, Atul Luykx, and Sophie Schmieg, <a href="papers/key-commitment.pdf"><em>How to Abuse and Fix Authenticated Encryption Without Key Commitment</em></a>, USENIX Security Symposium, 2022.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/#google-poodle"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Nadhem J. Alfardan and Kenneth G. Paterson, <a href="papers/#lucky-thirteen"><em>Lucky Thirteen: Breaking the TLS and DTLS Record Protocols</em></a>, IEEE Symposium on Security and Privacy, 2013.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers and Michael Rushanan, <a href="papers/#jhu-imessage"><em>Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage</em></a>, USENIX Security Symposium, 2016.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Ange Albertini, Thai Duong, Shay Gueron, Stefan K&#xF6;lbl, Atul Luykx, and Sophie Schmieg, <a href="papers/#key-commitment"><em>How to Abuse and Fix Authenticated Encryption Without Key Commitment</em></a>, USENIX Security Symposium, 2022.</li>
 							</ul>
 						</div>
 					</div>

 					<div class="topic">
-						<a href="slides/1-6.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-6" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.6</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Collision-Resistant Hash Functions</h4>
 						<p class="topic-overview">This topic explores collision-resistant hash functions, cryptographic primitives that convert arbitrary-length inputs to fixed-length outputs while making it computationally infeasible to find colliding inputs. We'll examine three essential properties—collision resistance, preimage resistance, and second preimage resistance—while exploring practical applications in password storage, data integrity verification, and proof-of-work systems. The topic introduces the counterintuitive birthday paradox, demonstrating why collisions can be found after approximately square-root-many attempts rather than brute force. We'll survey hash function evolution from broken algorithms like MD5 and SHA-1 to modern standards like SHA-2, SHA-3, and BLAKE3, while analyzing vulnerabilities including precomputation attacks using rainbow tables and length extension weaknesses in Merkle–Damg&#xE5;rd constructions. The topic covers critical defensive techniques including properly salting hashes and implementing specialized password hashing algorithms like PBKDF2 and memory-hard functions such as Scrypt, which resist hardware acceleration attacks by requiring significant memory resources, providing comprehensive guidance for secure hash function implementation in real-world systems.</p>
@ -389,14 +389,14 @@
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini and Yarik Markov, <a href="papers/shattered-sha1.pdf"><em>The First Collision for Full SHA-1</em></a>, IACR Crypto, 2017.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Joël Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin and Stefano Tessaro, <a href="papers/scrypt-memory.pdf"><em>Scrypt Is Maximally Memory-Hard</em></a>, IACR Eurocrypt, 2017.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Ran Canetti, Oded Goldreich and Shai Halevi, <a href="papers/rom-methodology.pdf"><em>The Random Oracle Model Methodology, Revisited</em></a>, Journal of the ACM, 2004.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini and Yarik Markov, <a href="papers/#shattered-sha1"><em>The First Collision for Full SHA-1</em></a>, IACR Crypto, 2017.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Joël Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin and Stefano Tessaro, <a href="papers/#scrypt-memory"><em>Scrypt Is Maximally Memory-Hard</em></a>, IACR Eurocrypt, 2017.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Ran Canetti, Oded Goldreich and Shai Halevi, <a href="papers/#rom-methodology"><em>The Random Oracle Model Methodology, Revisited</em></a>, Journal of the ACM, 2004.</li>
 							</ul>
 						</div>
 					</div>
 					<div class="topic">
-						<a href="slides/1-7.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-7" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.7</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Hard Problems &amp; Diffie-Hellman</h4>
 						<p class="topic-overview">This topic explores computational hardness problems that form the cornerstone of modern public-key cryptography, with particular focus on the discrete logarithm problem that underpins Diffie-Hellman key exchange. We'll examine how complexity theory provides a framework for classifying problems based on their computational difficulty, covering fundamental complexity classes including P, NP, and the famous unsolved P vs. NP problem. The topic then investigates the discrete logarithm problem in detail, analyzing its computational complexity and known algorithms, before exploring how this hard problem enables the revolutionary Diffie-Hellman protocol that allows two parties to establish a shared secret over an insecure channel. We'll examine the mathematical foundations of DH using modular exponentiation in prime fields, the computational hardness assumptions (CDH and DDH) that underpin its security, and protocol variants including anonymous and authenticated DH. The topic concludes by analyzing practical implementation considerations, security pitfalls, and how theoretical hardness assumptions translate into real-world cryptographic security.</p>
@ -408,13 +408,13 @@
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Greg Aloupis, Erik D. Demaine, Alan Guo and Giovanni Viglietta, <a href="papers/nintendo-hard.pdf"><em>Classic Nintendo Games are (Computationally) Hard</em></a>, ACM Theoretical Computer Science, 2015.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Greg Aloupis, Erik D. Demaine, Alan Guo and Giovanni Viglietta, <a href="papers/#nintendo-hard"><em>Classic Nintendo Games are (Computationally) Hard</em></a>, ACM Theoretical Computer Science, 2015.</li>
 							</ul>
 						</div>
 					</div>

 					<div class="topic">
-						<a href="slides/1-8.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#1-8" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 1.8</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Elliptic Curves &amp; Digital Signatures</h4>
 						<p class="topic-overview">This topic explores elliptic curve cryptography (ECC), an approach that provides stronger security with smaller keys than traditional cryptosystems like RSA. We'll examine the mathematical foundations of elliptic curves and their group structure supporting point addition and scalar multiplication operations. The topic covers the elliptic curve discrete logarithm problem (ECDLP) that underpins ECC's security, and how it enables efficient implementations of key exchange (ECDH) and digital signatures (ECDSA and EdDSA/Ed25519). We'll analyze the advantages of ECC, including faster signing operations and significantly shorter keys and signatures compared to RSA, while examining critical implementation considerations that affect security. The topic concludes with guidance on selecting appropriate curves, comparing standardized options like NIST curves and Curve25519, and exploring potential vulnerabilities including invalid curve attacks, randomness failures, and interoperability challenges in modern ECC deployments.</p>
@ -426,9 +426,9 @@
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
 								<li><i class="icon ph-duotone ph-arrow-square-out"></i>Daniel J. Bernstein and Tanja Lange, <a href="https://safecurves.cr.yp.to"><em>SafeCurves: choosing safe curves for elliptic-curve cryptography</em></a>, SafeCurves, 2017.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Tibor Jager, Jörg Schwenk and Juraj Somorovsky, <a href="papers/invalid-curve.pdf"><em>Practical Invalid Curve Attacks on TLS-ECDH</em></a>, ESORICS, 2015.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Tibor Jager, Jörg Schwenk and Juraj Somorovsky, <a href="papers/#invalid-curve"><em>Practical Invalid Curve Attacks on TLS-ECDH</em></a>, ESORICS, 2015.</li>
 								<li><i class="icon ph-duotone ph-arrow-square-out"></i>Henry de Valence, <a href="https://hdevalence.ca/blog/2020-10-04-its-25519am/"><em>It's 255:19AM. Do you know what your validation criteria are?</em></a>, hdevalence.ca, 2020.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig and Eric Wustrow, <a href="papers/ecc-practice.pdf"><em>Elliptic Curve Cryptography in Practice</em></a>, Financial Cryptography and Data Security, 2014.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig and Eric Wustrow, <a href="papers/#ecc-practice"><em>Elliptic Curve Cryptography in Practice</em></a>, Financial Cryptography and Data Security, 2014.</li>
 							</ul>
 						</div>
 					</div>
@ -446,7 +446,7 @@
 					</p>

 					<div class="topic">
-						<a href="slides/2-1.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#2-1" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 2.1</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Transport Layer Security</h4>
 						<p class="topic-overview">This topic examines the Transport Layer Security (TLS) protocol, the backbone of secure communication on the internet that secures billions of connections daily. We'll explore the evolution from SSL to modern TLS 1.3, analyzing the protocol architecture, handshake process, and the cryptographic primitives deployed at each stage. The session covers key exchange mechanisms, authentication methods, and the cipher suites that provide confidentiality and integrity protections. Students will learn about certificate validation, trust models, and the public key infrastructure (PKI) that underpins TLS security. We'll also investigate significant vulnerabilities that have affected TLS implementations throughout its history, including FREAK, Logjam, Heartbleed, and POODLE, analyzing how these vulnerabilities arose and the mitigations developed in response. The topic concludes with practical deployment considerations, performance optimizations like session resumption and 0-RTT, and the security trade-offs encountered when configuring TLS in production environments.</p>
@ -458,20 +458,20 @@
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
 								<li><i class="icon ph-duotone ph-arrow-square-out"></i>Matthew McPherrin, <a href="https://letsencrypt.org/2025/06/11/reflections-on-a-year-of-sunlight/"><em>Reflections on a Year of Sunlight</em></a>, Let's Encrypt Blog, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/google-poodle.pdf"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Nadhem J. Alfardan and Kenneth G. Paterson, <a href="papers/lucky-thirteen.pdf"><em>Lucky Thirteen: Breaking the TLS and DTLS Record Protocols</em></a>, IEEE Symposium on Security and Privacy, 2013.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin and Paul Zimmermann, <a href="papers/imperfect-dh.pdf"><em>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</em></a>, ACM CCS, 2015.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Alfredo Pironti and Pierre-Yves Strub, <a href="papers/triple-handshakes.pdf"><em>Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS</em></a>, IEEE Symposium on Security and Privacy, 2014.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub and Jean-Karim Zinzindohoué, <a href="papers/smack-tls.pdf"><em>A Messy State of the Union: Taming the Composite State Machines of TLS</em></a>, IEEE Symposium on Security and Privacy, 2015.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/inria-sweet32.pdf"><em>On the Practical (In-)Security of 64-bit Block Ciphers</em></a>, ACM CCS, 2016.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/inria-collisions.pdf"><em>Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH</em></a>, Network and Distributed Systems Security Symposium, 2016.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer and Vern Paxson, <a href="papers/matter-heartbleed.pdf"><em>The Matter of Heartbleed</em></a>, ACM IMC, 2014.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/#google-poodle"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Nadhem J. Alfardan and Kenneth G. Paterson, <a href="papers/#lucky-thirteen"><em>Lucky Thirteen: Breaking the TLS and DTLS Record Protocols</em></a>, IEEE Symposium on Security and Privacy, 2013.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin and Paul Zimmermann, <a href="papers/#imperfect-dh"><em>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</em></a>, ACM CCS, 2015.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Alfredo Pironti and Pierre-Yves Strub, <a href="papers/#triple-handshakes"><em>Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS</em></a>, IEEE Symposium on Security and Privacy, 2014.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub and Jean-Karim Zinzindohoué, <a href="papers/#smack-tls"><em>A Messy State of the Union: Taming the Composite State Machines of TLS</em></a>, IEEE Symposium on Security and Privacy, 2015.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/#inria-sweet32"><em>On the Practical (In-)Security of 64-bit Block Ciphers</em></a>, ACM CCS, 2016.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan and Ga&euml;tan Leurent, <a href="papers/#inria-collisions"><em>Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH</em></a>, Network and Distributed Systems Security Symposium, 2016.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer and Vern Paxson, <a href="papers/#matter-heartbleed"><em>The Matter of Heartbleed</em></a>, ACM IMC, 2014.</li>
 							</ul>
 						</div>
 					</div>

 					<div class="topic">
-						<a href="slides/2-2.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#2-2" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 2.2</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>The Story of RC4</h4>
 						<p class="topic-overview">This topic presents a biographical narrative of RC4 (Rivest Cipher 4), tracing its remarkable journey from promising youth to eventual downfall in cryptographic history. We'll examine RC4's birth as a proprietary stream cipher at RSA Security in 1987, its meteoric rise to become the most widely deployed stream cipher in the world, and its golden era powering protocols like WEP, SSL, and TLS due to its simplicity and performance advantages. The topic then chronicles RC4's gradual decline as researchers uncovered a series of increasingly devastating weaknesses, starting with the 2001 Fluhrer-Mantin-Shamir attack on WEP, through the 2013 discovery of extensive biases in RC4-generated keystreams that enabled practical attacks against TLS, culminating in the 2015 "Bar Mitzvah" and RC4 NOMORE attacks that could recover passwords and other sensitive information from encrypted connections. We'll analyze how the security community responded to these revelations, including browser vendors' gradual restriction of RC4 ciphersuites and the IETF's eventual formal prohibition of RC4 in TLS in 2015, while drawing broader lessons about cryptographic lifecycle management, the importance of formal security analysis, and how the story of RC4 exemplifies both the evolution of cryptanalytic techniques and the challenges of maintaining backward compatibility in security protocols.</p>
@ -482,20 +482,20 @@
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Scott Fluhrer, Istik Mantin and Adi Shamir, <a href="papers/rc4-ksa.pdf"><em>Weaknesses in the Key Scheduling Algorithm for RC4</em></a>, Selected Areas in Cryptography, 2001.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Itsik Mantin<a href="papers/rc4-absab.pdf"><em>Predicting and Distinguishing Attacks on RC4 Keystream Generator</em></a>, IACR Eurocrypt, 2005.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson, Narseo Vallina-Rodriguez and Juan Caballero, <a href="papers/tls-deployment.pdf"><em>Coming of Age: A Longitudinal Study of TLS Deployment</em></a>, ACM IMC, 2018.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Nadhem AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering and Jacob C. N. Schuldt, <a href="papers/rc4-tls.pdf"><em>On the Security of RC4 in TLS</em></a>, USENIX Security Symposium, 2013.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Kenneth G. Paterson and Thyla Van der Merwe, <a href="papers/rc4-attacks.pdf"><em>Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS</em></a>, USENIX Security Symposium, 2015.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/google-poodle.pdf"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Scott Fluhrer, Istik Mantin and Adi Shamir, <a href="papers/#rc4-ksa"><em>Weaknesses in the Key Scheduling Algorithm for RC4</em></a>, Selected Areas in Cryptography, 2001.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Itsik Mantin<a href="papers/#rc4-absab"><em>Predicting and Distinguishing Attacks on RC4 Keystream Generator</em></a>, IACR Eurocrypt, 2005.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson, Narseo Vallina-Rodriguez and Juan Caballero, <a href="papers/#tls-deployment"><em>Coming of Age: A Longitudinal Study of TLS Deployment</em></a>, ACM IMC, 2018.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Nadhem AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering and Jacob C. N. Schuldt, <a href="papers/#rc4-tls"><em>On the Security of RC4 in TLS</em></a>, USENIX Security Symposium, 2013.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Christina Garman, Kenneth G. Paterson and Thyla Van der Merwe, <a href="papers/#rc4-attacks"><em>Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS</em></a>, USENIX Security Symposium, 2015.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Bodo M&#xF6;ller, Thai Duong and Krzysztof Kotowicz, <a href="papers/#google-poodle"><em>This POODLE Bites: Exploiting the SSL 3.0 Fallback</em></a>, Google, 2014.</li>
 								<li><i class="icon ph-duotone ph-arrow-square-out"></i>Nick Sullivan, <a href="https://blog.cloudflare.com/killing-rc4-the-long-goodbye/"><em>Killing RC4: The Long Goodbye</em></a>, Cloudflare Blog, 2014.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Mathy Vanhoef and Frank Piessens, <a href="papers/rc4-biases.pdf"><em>All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS</em></a>, USENIX Security Symposium, 2015.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Mathy Vanhoef and Frank Piessens, <a href="papers/#rc4-biases"><em>All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS</em></a>, USENIX Security Symposium, 2015.</li>
 							</ul>
 						</div>
 					</div>

 					<div class="topic">
-						<a href="slides/2-3.pdf" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
+						<a href="slides/#2-3" class="topic-slides-btn"><i class="icon ph-duotone ph-projector-screen"></i>Slides</a>
 						<span class="topic-number">Topic 2.3</span>
 						<h4 class="topic-title"><i class="icon ph-duotone ph-chalkboard-teacher"></i>Secure Messaging</h4>
 						<p class="topic-overview">This topic traces the evolution of secure messaging from early failures to modern protocols, examining how cryptographic innovation has shaped private communication. We begin with PGP's usability challenges and fundamental limitations, understanding why "Johnny Can't Encrypt" despite decades of effort. The topic then explores Off-the-Record (OTR) messaging's revolutionary features—forward secrecy through ephemeral keys, deniable authentication via MACs instead of signatures, and automatic key exchange—demonstrating how synchronous protocols solved many of PGP's problems. We dive deep into authenticated key exchange protocols like SIGMA, examining how they prevent man-in-the-middle attacks while maintaining identity protection. The discussion covers proper key derivation functions (HKDF) for deriving multiple keys from shared secrets, addressing the shortcomings of ad-hoc approaches. We then transition to Signal's asynchronous messaging architecture, analyzing X3DH key exchange and the Double Ratchet's elegant combination of symmetric and Diffie-Hellman ratcheting. The topic critically examines post-compromise security's promises versus reality, revealing through formal analysis why perfect healing is impossible in practical systems that must handle state loss. We also contrast Signal's approach with alternatives like Telegram's controversial design choices. Throughout, we'll analyze the fundamental trade-offs between security guarantees, usability, and real-world deployment constraints that shape how billions of messages are protected daily. We'll also examine modern extensions including secure group messaging protocols like MLS (Messaging Layer Security) that scale encrypted conversations to thousands of participants, and post-quantum secure messaging advances such as Apple's PQ3 and Signal's PQXDH that protect against future quantum attackers.</p>
@ -507,23 +507,23 @@
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Alma Whitten and J. D. Tygar, <a href="papers/johnny-cant.pdf"><em>Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0</em></a>, Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, 2005.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Scott Ruoti, Jeff Andersen, Daniel Zappala and Kent Seamons, <a href="papers/johnny-still.pdf"><em>Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client</em></a>, arXiv, 2015.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Nikita Borisov, Ian Goldberg and Eric Brewer, <a href="papers/otr-messaging.pdf"><em>Off-the-Record Communication, or, Why Not To Use PGP</em></a>, Workshop on Privacy in the Electronic Society, 2004.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/sigma-ake.pdf"><em>SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols</em></a>, IACR Crypto, 2003.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/hkdf-scheme.pdf"><em>Cryptographic Extraction and Key Derivation: The HKDF Scheme</em></a>, IACR Crypto, 2010.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Joseph Bonneau and Andrew Morrison, <a href="papers/otr-analysis.pdf"><em>Finite-State Security Analysis of OTR Version 2</em></a>, Stanford Computer Security Laboratory, 2006.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/otr-auth.pdf"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Nadim Kobeissi, Karthikeyan Bhargavan and Bruno Blanchet, <a href="papers/signal-analysis.pdf"><em>Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach</em></a>, IEEE European Symposium on Security and Privacy, 2017.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Charlie Jacomme and Aurora Naska, <a href="papers/session-handling.pdf"><em>Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations</em></a>, USENIX Security Symposium, 2023.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Niklas Medinger and Aurora Naska, <a href="papers/pcs-impossibility.pdf"><em>Impossibility Results for Post-Compromise Security in Real-World Communication Systems</em></a>, IEEE Symposium on Security and Privacy, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Lenka Mareková, Kenneth G. Paterson, Eyal Ronen and Igors Stepanovs, <a href="papers/telegram-exchange.pdf"><em>Analysis of the Telegram Key Exchange</em></a>, IACR Eurocrypt, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Benjamin Dowling and Daniel Jones, <a href="papers/whatsapp-groups.pdf"><em>Formal Analysis of Multi-Device Group Messaging in WhatsApp</em></a>, IACR Eurocrypt, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Paul Rösler, Christian Mainka and Jörg Schwenk, <a href="papers/group-chats.pdf"><em>More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema</em></a>, IEEE European Symposium on Security and Privacy, 2018.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Felix Linker, Ralf Sasse and David Basin, <a href="papers/pq3-analysis.pdf"><em>A Formal Analysis of Apple’s iMessage PQ3 Protocol</em></a>, USENIX Security Symposium, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Théophile Wallez, <a href="papers/wallez-thesis.pdf"><em>A Verification Framework for Secure Group Messaging</em></a>, PSL Université Paris, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer and Rolfe Schmidt, <a href="papers/pqxdh-analysis.pdf"><em>Formal Verification of the PQXDH Post-Quantum Key Agreement Protocol for End-to-End Secure Messaging</em></a>, USENIX Security Symposium, 2024.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Yevgeniy Dodis, Daniel Jost, Shuichi Katsumata, Thomas Prest and Rolfe Schmidt, <a href="papers/triple-ratchet.pdf"><em>Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol</em></a>, IACR Eurocrypt, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Alma Whitten and J. D. Tygar, <a href="papers/#johnny-cant"><em>Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0</em></a>, Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, 2005.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Scott Ruoti, Jeff Andersen, Daniel Zappala and Kent Seamons, <a href="papers/#johnny-still"><em>Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client</em></a>, arXiv, 2015.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Nikita Borisov, Ian Goldberg and Eric Brewer, <a href="papers/#otr-messaging"><em>Off-the-Record Communication, or, Why Not To Use PGP</em></a>, Workshop on Privacy in the Electronic Society, 2004.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/#sigma-ake"><em>SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols</em></a>, IACR Crypto, 2003.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/#hkdf-scheme"><em>Cryptographic Extraction and Key Derivation: The HKDF Scheme</em></a>, IACR Crypto, 2010.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Joseph Bonneau and Andrew Morrison, <a href="papers/#otr-analysis"><em>Finite-State Security Analysis of OTR Version 2</em></a>, Stanford Computer Security Laboratory, 2006.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/#otr-auth"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Nadim Kobeissi, Karthikeyan Bhargavan and Bruno Blanchet, <a href="papers/#signal-analysis"><em>Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach</em></a>, IEEE European Symposium on Security and Privacy, 2017.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Charlie Jacomme and Aurora Naska, <a href="papers/#session-handling"><em>Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations</em></a>, USENIX Security Symposium, 2023.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Niklas Medinger and Aurora Naska, <a href="papers/#pcs-impossibility"><em>Impossibility Results for Post-Compromise Security in Real-World Communication Systems</em></a>, IEEE Symposium on Security and Privacy, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Lenka Mareková, Kenneth G. Paterson, Eyal Ronen and Igors Stepanovs, <a href="papers/#telegram-exchange"><em>Analysis of the Telegram Key Exchange</em></a>, IACR Eurocrypt, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Benjamin Dowling and Daniel Jones, <a href="papers/#whatsapp-groups"><em>Formal Analysis of Multi-Device Group Messaging in WhatsApp</em></a>, IACR Eurocrypt, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Paul Rösler, Christian Mainka and Jörg Schwenk, <a href="papers/#group-chats"><em>More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema</em></a>, IEEE European Symposium on Security and Privacy, 2018.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Felix Linker, Ralf Sasse and David Basin, <a href="papers/#pq3-analysis"><em>A Formal Analysis of Apple’s iMessage PQ3 Protocol</em></a>, USENIX Security Symposium, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Théophile Wallez, <a href="papers/#wallez-thesis"><em>A Verification Framework for Secure Group Messaging</em></a>, PSL Université Paris, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer and Rolfe Schmidt, <a href="papers/#pqxdh-analysis"><em>Formal Verification of the PQXDH Post-Quantum Key Agreement Protocol for End-to-End Secure Messaging</em></a>, USENIX Security Symposium, 2024.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Yevgeniy Dodis, Daniel Jost, Shuichi Katsumata, Thomas Prest and Rolfe Schmidt, <a href="papers/#triple-ratchet"><em>Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol</em></a>, IACR Eurocrypt, 2025.</li>
 							</ul>
 						</div>
 					</div>
@ -536,7 +536,7 @@
 						<div class="topic-readings">
 							<h5><i class="icon ph-duotone ph-book-open-text"></i>Required Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Mark Russinovich, Manuel Costa, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani and Vikas Bhatia, <a href="papers/confidential-cloud.pdf"><em>Toward Confidential Cloud Computing</em></a>, Communications of the ACM, 2021.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Mark Russinovich, Manuel Costa, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani and Vikas Bhatia, <a href="papers/#confidential-cloud"><em>Toward Confidential Cloud Computing</em></a>, Communications of the ACM, 2021.</li>
 								<li><em>More to be added soon!</em></li>
 							</ul>
 						</div>
@ -550,13 +550,13 @@
 						<div class="topic-readings">
 							<h5><i class="icon ph-duotone ph-book-open-text"></i>Required Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Gilles Barthe, Karthikeyan Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao and Bryan Parno, <a href="papers/sok-verif.pdf"><em>SoK: Computer-Aided Cryptography</em></a>, IEEE Symposium on Security and Privacy, 2021.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Gilles Barthe, Karthikeyan Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao and Bryan Parno, <a href="papers/#sok-verif"><em>SoK: Computer-Aided Cryptography</em></a>, IEEE Symposium on Security and Privacy, 2021.</li>
 								<li><em>More to be added soon!</em></li>
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Project Everest Team, <a href="papers/everest-perspectives.pdf"><em>Project Everest: Perspectives from Developing Industrial-Grade High-Assurance Software</em></a>, Microsoft Research, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht and Kenneth G. Paterson, <a href="papers/wild-cryptography.pdf"><em>Analysing Cryptography in the Wild: A Retrospective</em></a>, IEEE Security &amp; Privacy, 2024.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Project Everest Team, <a href="papers/#everest-perspectives"><em>Project Everest: Perspectives from Developing Industrial-Grade High-Assurance Software</em></a>, Microsoft Research, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht and Kenneth G. Paterson, <a href="papers/#wild-cryptography"><em>Analysing Cryptography in the Wild: A Retrospective</em></a>, IEEE Security &amp; Privacy, 2024.</li>
 							</ul>
 						</div>
 					</div>
@ -586,7 +586,7 @@
 							</ul>
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner and Baas Westerban, <a href="papers/xwing-hybrid.pdf"><em>X-Wing: The Hybrid KEM You’ve Been Looking For</em></a>, IACR Communications in Cryptology, 2024.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner and Baas Westerban, <a href="papers/#xwing-hybrid"><em>X-Wing: The Hybrid KEM You’ve Been Looking For</em></a>, IACR Communications in Cryptology, 2024.</li>
 							</ul>
 						</div>
 					</div>
@ -604,7 +604,7 @@
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
 								<li><i class="icon ph-duotone ph-arrow-square-out"></i>Tarek Galal, <a href="https://tgalal.com/blog/the-curves-of-zokrates"><em>The Curves of ZoKrates</em></a>, tgalal.com, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/otr-auth.pdf"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/#otr-auth"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
 							</ul>
 						</div>
 					</div>
@ -617,7 +617,7 @@
 						<div class="topic-readings">
 							<h5><i class="icon ph-duotone ph-book-open-text"></i>Required Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-book"></i>David Evans, Vladimir Kolesnikov and Mike Rosulek, <a href="papers/pragmatic-mpc.pdf"><em>A Pragmatic Introduction to Secure Multi-Party Computation (Chapter 1)</em></a>, NOW Publishers, 2020.</li>
+								<li><i class="icon ph-duotone ph-book"></i>David Evans, Vladimir Kolesnikov and Mike Rosulek, <a href="papers/#pragmatic-mpc"><em>A Pragmatic Introduction to Secure Multi-Party Computation (Chapter 1)</em></a>, NOW Publishers, 2020.</li>
 							</ul>
 						</div>
 					</div>
@ -630,7 +630,7 @@
 						<div class="topic-readings">
 							<h5><i class="icon ph-duotone ph-book-open-text"></i>Required Readings</h5>
 							<ul>
-								<li><i class="icon ph-duotone ph-scroll"></i>Nicolas Gailly, Kelsey Melissaris and Yolan Romailler, <a href="papers/tlock-bls.pdf"><em>tlock: Practical Timelock Encryption from Threshold BLS</em></a>, IACR ePrint Archive, 2023.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Nicolas Gailly, Kelsey Melissaris and Yolan Romailler, <a href="papers/#tlock-bls"><em>tlock: Practical Timelock Encryption from Threshold BLS</em></a>, IACR ePrint Archive, 2023.</li>
 							</ul>
 						</div>
 					</div>
@ -645,7 +645,7 @@

 			<div class="alert">
 				<p class="mb-0">
-					<strong><i class="icon ph-duotone ph-file-pdf"></i></strong> Check the <a href="syllabus.pdf">Syllabus</a> for detailed information on class grading criteria, as well as how lab sessions, problem sets and exams will be designed and presented.
+					<strong><i class="icon ph-duotone ph-file-pdf"></i></strong> Check the <a href="syllabus">Syllabus</a> for detailed information on class grading criteria, as well as how lab sessions, problem sets and exams will be designed and presented.
 				</p>
 			</div>

@ -658,17 +658,17 @@
 					<p><strong>Problem sets</strong> will be assigned periodically throughout the semester to reinforce and deepen your understanding of the lecture material. Each set will include a range of exercises—some focused on theoretical proofs and problem-solving, others requiring short coding tasks or computational experiments. These assignments are designed to bridge the gap between abstract cryptographic concepts and their concrete applications. You are encouraged to start working on each problem set early and to seek guidance during office hours or lab sessions if you encounter difficulties.</p>

 					<div class="card mb-3">
-						<h4 class="mb-2"><i class="icon ph-duotone ph-check-square-offset"></i><a href="problem-sets/problem-set-1.pdf">Problem Set 1: Provable Security Foundations</a></h4>
+						<h4 class="mb-2"><i class="icon ph-duotone ph-check-square-offset"></i><a href="problem-sets/#1">Problem Set 1: Provable Security Foundations</a></h4>
 						<p class="mb-0">This problem set focuses on the fundamental concepts of provable security covered in the first three topics of the course. It consists of four main sections: Cryptographic Foundations, which tests your understanding of basic security goals and perfect secrecy; Provable Security, which explores library interchangeability and formal security proofs; Computational Cryptography, which examines computational security concepts, distinguishability, and the bad events technique; and Application of Cryptographic Principles, which challenges you to analyze block cipher modes, evaluate real-world implementations, and design secure protocols. The assignments blend theoretical analysis with practical applications, requiring you to demonstrate both mathematical reasoning and applied cryptographic thinking. A bonus challenge on the discrete logarithm problem offers extra credit for those wanting to explore advanced concepts.</p>
 					</div>

 					<div class="card mb-3">
-						<h4 class="mb-2"><i class="icon ph-duotone ph-check-square-offset"></i><a href="problem-sets/problem-set-2.pdf">Problem Set 2: Symmetric Cryptography</a></h4>
+						<h4 class="mb-2"><i class="icon ph-duotone ph-check-square-offset"></i><a href="problem-sets/#2">Problem Set 2: Symmetric Cryptography</a></h4>
 						<p class="mb-0">This problem set explores symmetric cryptography fundamentals covered in topics 1.4, 1.5 and 1.6, addressing four key areas: pseudorandomness, encryption security models, hash functions, and practical applications. In pseudorandomness, you'll analyze PRG constructions, PRF security requirements including the "Golden Rule," and Feistel cipher properties. The encryption security section examines why deterministic encryption fails CPA security, format oracle attacks against CPA-secure schemes, and authenticated encryption constructions including AES-GCM. The hash function component investigates collision resistance properties, construction methods like Merkle-Damg&#xE5;rd versus Sponge, and specialized password hashing algorithms including memory-hard functions. Real-world case studies challenge you to apply these concepts to file storage systems, software update verification, and password management implementations.</p>
 					</div>

 					<div class="card mb-3">
-						<h4 class="mb-2"><i class="icon ph-duotone ph-check-square-offset"></i><a href="problem-sets/problem-set-3.pdf">Problem Set 3: Asymmetric Cryptography</a></h4>
+						<h4 class="mb-2"><i class="icon ph-duotone ph-check-square-offset"></i><a href="problem-sets/#3">Problem Set 3: Asymmetric Cryptography</a></h4>
 						<p class="mb-0">This problem set covers concepts from topics 1.7 and 1.8 of the course, spanning three comprehensive areas: cryptographic hardness foundations, Diffie-Hellman security analysis, and elliptic curve implementation challenges. In cryptographic hardness, you'll analyze real-world implications of mathematical breakthroughs like P=NP and evaluate discrete logarithm security architectures including parameter selection and vulnerability assessment. The Diffie-Hellman section explores attack scenarios in hostile network environments, man-in-the-middle defenses, and protocol design challenges including SSH trust models. Elliptic curve security engineering examines curve selection controversies, invalid curve attacks, mobile performance optimization, and implementation vulnerabilities including side-channel attacks and nonce reuse scenarios. Finally, applied case studies challenge you to design complete key exchange protocols for secure messaging, analyze cryptocurrency signature scheme decisions, and architect enterprise-scale secure communication systems. Throughout, the assignments emphasize both mathematical security analysis and practical deployment considerations, requiring you to bridge theoretical cryptographic principles with real-world system design challenges.</p>
 					</div>
 				</div>
@ -683,22 +683,22 @@
 					<p><strong>Lab sessions</strong> will be held weekly to serve as a hands-on complement to the lectures. During each lab, you will experiment with real-world libraries, and even simulate attacks or vulnerabilities to understand why certain security practices are necessary. These sessions will also help you become comfortable with relevant tools and environments, including formal analysis tools. Attendance is mandatory, and lab participation will be graded based on preparedness, engagement, and the successful completion of in-lab activities. Labs offer an excellent opportunity for collaborative problem-solving and immediate feedback on your work.</p>

 					<div class="card mb-3">
-						<h4 class="mb-2"><i class="icon ph-duotone ph-key"></i><a href="labs/password-manager.pdf">Lab 1: Designing a Password Manager</a></h4>
+						<h4 class="mb-2"><i class="icon ph-duotone ph-key"></i><a href="labs/#password-manager">Lab 1: Designing a Password Manager</a></h4>
 						<p class="mb-0">In this lab, you will design and implement a secure password manager application. You'll learn about secure password storage techniques, key derivation functions, and encryption methods for sensitive data. The lab will guide you through implementing features such as master password protection, secure password generation, and encrypted storage. You'll also analyze potential vulnerabilities in your system and implement countermeasures to protect against common attacks like password cracking and memory scraping.</p>
 					</div>

 					<div class="card mb-3">
-						<h4 class="mb-2"><i class="icon ph-duotone ph-chats-circle"></i><a href="labs/secure-messenger.pdf">Lab 2: Designing a Secure Messenger</a></h4>
+						<h4 class="mb-2"><i class="icon ph-duotone ph-chats-circle"></i><a href="labs/#secure-messenger">Lab 2: Designing a Secure Messenger</a></h4>
 						<p class="mb-0">This lab focuses on building a secure messaging application implementing end-to-end encryption. You'll work with cryptographic libraries to implement key exchange protocols, message encryption, and authentication mechanisms. The lab covers essential features like perfect forward secrecy, deniability, and secure group messaging. You'll also explore practical challenges such as key verification, metadata protection, and secure key storage on devices. By the end of this lab, you'll understand the cryptographic foundations behind modern secure messaging platforms like Signal.</p>
 					</div>

 					<div class="card mb-3">
-						<h4 class="mb-2"><i class="icon ph-duotone ph-seal-check"></i><a href="labs/proverif.pdf">Lab 3: Protocol Modeling and Verification with Verifpal and Tamarin</a></h4>
+						<h4 class="mb-2"><i class="icon ph-duotone ph-seal-check"></i><a href="labs/#proverif">Lab 3: Protocol Modeling and Verification with Verifpal and Tamarin</a></h4>
 						<p class="mb-0">This lab introduces formal verification of security protocols using two complementary tools: Verifpal and Tamarin. You'll begin with Verifpal, a user-friendly tool designed for students, to model and analyze custom authentication and key exchange protocols. After gaining proficiency in identifying protocol vulnerabilities, you'll advance to Tamarin Prover to perform more sophisticated analyses with temporal properties and unbounded verification. Throughout the lab, you'll apply these tools to real-world protocols like TLS 1.3 fragments and Signal's X3DH, gaining practical experience in formal security verification. By the end of this lab, you'll understand how formal methods can mathematically prove security properties and detect subtle flaws that might otherwise remain hidden in manual security reviews.</p>
 					</div>

 					<div class="card mb-3">
-						<h4 class="mb-2"><i class="icon ph-duotone ph-boat"></i><a href="labs/zk-battleship.pdf">Lab 4: Designing a Battleship Game Using Zero-Knowledge Systems</a></h4>
+						<h4 class="mb-2"><i class="icon ph-duotone ph-boat"></i><a href="labs/#zk-battleship">Lab 4: Designing a Battleship Game Using Zero-Knowledge Systems</a></h4>
 						<p class="mb-0">In this creative lab, you'll implement the classic Battleship game with a cryptographic twist using zero-knowledge proofs. You'll learn how two mutually distrustful parties can play a fair game without revealing their ship placements except when a hit occurs. The lab will guide you through designing commitment schemes, validity proofs for ship placement, and secure mechanisms for torpedo shots and hit verification—all without requiring a trusted third party. This practical application of zero-knowledge techniques demonstrates how cryptography can enable secure computation between untrusting parties in a tangible, engaging context.</p>
 					</div>

--- a/website/labs/index.html
+++ b/website/labs/index.html
@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+
+<head>
+	<meta charset="UTF-8" />
+	<title>Applied Cryptography (CMPS 297AD/396AI): Lab Sessions Viewer</title>
+	<meta name="description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta name="keywords" content="applied cryptography, AUB, American University of Beirut, cryptography course, encryption, cryptographic protocols, cybersecurity education, CMPS 297AD, CMPS 396AI" />
+	<meta name="author" content="Nadim Kobeissi" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, height=device-height">
+	<meta name="robots" content="index, follow" />
+	<link rel="canonical" href="https://appliedcryptography.page/" />
+	<meta property="og:type" content="website" />
+	<meta property="og:title" content="Applied Cryptography (CMPS 297AD/396AI) — American University of Beirut" />
+	<meta property="og:description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta property="og:url" content="https://appliedcryptography.page" />
+	<meta property="og:image" content="https://appliedcryptography.page/res/img/og.jpg" />
+	<meta property="og:locale" content="en_US" />
+	<link rel="icon" href="/res/img/favicon.png" type="image/png" />
+	<link rel="apple-touch-icon" href="/res/img/favicon.png" sizes="180x180" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="32x32" type="image/png" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="16x16" type="image/png" />
+	<link rel="preload" as="image" href="/res/img/cedar.webp" />
+	<script defer data-domain="appliedcryptography.page" data-api="https://restless-block-0a1e.symbolicsoft.workers.dev/oil-ocean/event" src="https://restless-block-0a1e.symbolicsoft.workers.dev/emerald-hill/script.js"></script>
+	<script>
+		window.addEventListener(`load`, () => {
+			const anchor = window.location.hash.substring(1);
+			const viewer = document.getElementById(`viewer`);
+			if (anchor && /^\w{1,32}(-\w{1,32})?$/.test(anchor)) {
+				viewer.src = `../view/?file=/labs/${anchor}.pdf`;
+			}
+		});
+	</script>
+</head>
+
+<body>
+	<iframe id="viewer" src="" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; border: none; margin: 0; padding: 0; overflow: hidden;"></iframe>
+</body>
+
+</html>
--- a/website/papers/index.html
+++ b/website/papers/index.html
@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+
+<head>
+	<meta charset="UTF-8" />
+	<title>Applied Cryptography (CMPS 297AD/396AI): Papers Viewer</title>
+	<meta name="description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta name="keywords" content="applied cryptography, AUB, American University of Beirut, cryptography course, encryption, cryptographic protocols, cybersecurity education, CMPS 297AD, CMPS 396AI" />
+	<meta name="author" content="Nadim Kobeissi" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, height=device-height">
+	<meta name="robots" content="index, follow" />
+	<link rel="canonical" href="https://appliedcryptography.page/" />
+	<meta property="og:type" content="website" />
+	<meta property="og:title" content="Applied Cryptography (CMPS 297AD/396AI) — American University of Beirut" />
+	<meta property="og:description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta property="og:url" content="https://appliedcryptography.page" />
+	<meta property="og:image" content="https://appliedcryptography.page/res/img/og.jpg" />
+	<meta property="og:locale" content="en_US" />
+	<link rel="icon" href="/res/img/favicon.png" type="image/png" />
+	<link rel="apple-touch-icon" href="/res/img/favicon.png" sizes="180x180" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="32x32" type="image/png" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="16x16" type="image/png" />
+	<link rel="preload" as="image" href="/res/img/cedar.webp" />
+	<script defer data-domain="appliedcryptography.page" data-api="https://restless-block-0a1e.symbolicsoft.workers.dev/oil-ocean/event" src="https://restless-block-0a1e.symbolicsoft.workers.dev/emerald-hill/script.js"></script>
+	<script>
+		window.addEventListener(`load`, () => {
+			const anchor = window.location.hash.substring(1);
+			const viewer = document.getElementById(`viewer`);
+			if (anchor && /^\w{1,32}(-\w{1,32})?$/.test(anchor)) {
+				viewer.src = `../view/?file=/papers/${anchor}.pdf`;
+			}
+		});
+	</script>
+</head>
+
+<body>
+	<iframe id="viewer" src="" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; border: none; margin: 0; padding: 0; overflow: hidden;"></iframe>
+</body>
+
+</html>
--- a/website/problem-sets/index.html
+++ b/website/problem-sets/index.html
@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+
+<head>
+	<meta charset="UTF-8" />
+	<title>Applied Cryptography (CMPS 297AD/396AI): Problem Sets Viewer</title>
+	<meta name="description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta name="keywords" content="applied cryptography, AUB, American University of Beirut, cryptography course, encryption, cryptographic protocols, cybersecurity education, CMPS 297AD, CMPS 396AI" />
+	<meta name="author" content="Nadim Kobeissi" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, height=device-height">
+	<meta name="robots" content="index, follow" />
+	<link rel="canonical" href="https://appliedcryptography.page/" />
+	<meta property="og:type" content="website" />
+	<meta property="og:title" content="Applied Cryptography (CMPS 297AD/396AI) — American University of Beirut" />
+	<meta property="og:description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta property="og:url" content="https://appliedcryptography.page" />
+	<meta property="og:image" content="https://appliedcryptography.page/res/img/og.jpg" />
+	<meta property="og:locale" content="en_US" />
+	<link rel="icon" href="/res/img/favicon.png" type="image/png" />
+	<link rel="apple-touch-icon" href="/res/img/favicon.png" sizes="180x180" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="32x32" type="image/png" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="16x16" type="image/png" />
+	<link rel="preload" as="image" href="/res/img/cedar.webp" />
+	<script defer data-domain="appliedcryptography.page" data-api="https://restless-block-0a1e.symbolicsoft.workers.dev/oil-ocean/event" src="https://restless-block-0a1e.symbolicsoft.workers.dev/emerald-hill/script.js"></script>
+	<script>
+		window.addEventListener(`load`, () => {
+			const anchor = window.location.hash.substring(1);
+			const viewer = document.getElementById(`viewer`);
+			if (anchor && /^\d{1,3}$/.test(anchor)) {
+				viewer.src = `../view/?file=/problem-sets/problem-set-${anchor}.pdf`;
+			}
+		});
+	</script>
+</head>
+
+<body>
+	<iframe id="viewer" src="" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; border: none; margin: 0; padding: 0; overflow: hidden;"></iframe>
+</body>
+
+</html>
--- a/website/slides/index.html
+++ b/website/slides/index.html
@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+
+<head>
+	<meta charset="UTF-8" />
+	<title>Applied Cryptography (CMPS 297AD/396AI): Slides Viewer</title>
+	<meta name="description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta name="keywords" content="applied cryptography, AUB, American University of Beirut, cryptography course, encryption, cryptographic protocols, cybersecurity education, CMPS 297AD, CMPS 396AI" />
+	<meta name="author" content="Nadim Kobeissi" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, height=device-height">
+	<meta name="robots" content="index, follow" />
+	<link rel="canonical" href="https://appliedcryptography.page/" />
+	<meta property="og:type" content="website" />
+	<meta property="og:title" content="Applied Cryptography (CMPS 297AD/396AI) — American University of Beirut" />
+	<meta property="og:description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta property="og:url" content="https://appliedcryptography.page" />
+	<meta property="og:image" content="https://appliedcryptography.page/res/img/og.jpg" />
+	<meta property="og:locale" content="en_US" />
+	<link rel="icon" href="/res/img/favicon.png" type="image/png" />
+	<link rel="apple-touch-icon" href="/res/img/favicon.png" sizes="180x180" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="32x32" type="image/png" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="16x16" type="image/png" />
+	<link rel="preload" as="image" href="/res/img/cedar.webp" />
+	<script defer data-domain="appliedcryptography.page" data-api="https://restless-block-0a1e.symbolicsoft.workers.dev/oil-ocean/event" src="https://restless-block-0a1e.symbolicsoft.workers.dev/emerald-hill/script.js"></script>
+	<script>
+		window.addEventListener(`load`, () => {
+			const anchor = window.location.hash.substring(1);
+			const viewer = document.getElementById(`viewer`);
+			if (anchor && /^\d-\d{1,2}$/.test(anchor)) {
+				viewer.src = `../view/?file=/slides/${anchor}.pdf`;
+			}
+		});
+	</script>
+</head>
+
+<body>
+	<iframe id="viewer" src="" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; border: none; margin: 0; padding: 0; overflow: hidden;"></iframe>
+</body>
+
+</html>
--- a/website/syllabus/index.html
+++ b/website/syllabus/index.html
@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+
+<head>
+	<meta charset="UTF-8" />
+	<title>Applied Cryptography (CMPS 297AD/396AI): Syllabus</title>
+	<meta name="description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta name="keywords" content="applied cryptography, AUB, American University of Beirut, cryptography course, encryption, cryptographic protocols, cybersecurity education, CMPS 297AD, CMPS 396AI" />
+	<meta name="author" content="Nadim Kobeissi" />
+	<meta name="viewport" content="width=device-width, initial-scale=1, height=device-height">
+	<meta name="robots" content="index, follow" />
+	<link rel="canonical" href="https://appliedcryptography.page/" />
+	<meta property="og:type" content="website" />
+	<meta property="og:title" content="Applied Cryptography (CMPS 297AD/396AI) — American University of Beirut" />
+	<meta property="og:description" content="Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut." />
+	<meta property="og:url" content="https://appliedcryptography.page" />
+	<meta property="og:image" content="https://appliedcryptography.page/res/img/og.jpg" />
+	<meta property="og:locale" content="en_US" />
+	<link rel="icon" href="/res/img/favicon.png" type="image/png" />
+	<link rel="apple-touch-icon" href="/res/img/favicon.png" sizes="180x180" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="32x32" type="image/png" />
+	<link rel="icon" href="/res/img/favicon.png" sizes="16x16" type="image/png" />
+	<link rel="preload" as="image" href="/res/img/cedar.webp" />
+	<script defer data-domain="appliedcryptography.page" data-api="https://restless-block-0a1e.symbolicsoft.workers.dev/oil-ocean/event" src="https://restless-block-0a1e.symbolicsoft.workers.dev/emerald-hill/script.js"></script>
+	<script>
+		window.addEventListener(`load`, () => {
+			const anchor = window.location.hash.substring(1);
+			const viewer = document.getElementById(`viewer`);
+			viewer.src = `../view/?file=/syllabus/syllabus.pdf`;
+		});
+	</script>
+</head>
+
+<body>
+	<iframe id="viewer" src="" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; border: none; margin: 0; padding: 0; overflow: hidden;"></iframe>
+</body>
+
+</html>
--- a/website/syllabus/syllabus.pdf
+++ b/website/syllabus/syllabus.pdf
--- a/website/view/cmaps/78-EUC-H.bcmap
+++ b/website/view/cmaps/78-EUC-H.bcmap
--- a/website/view/cmaps/78-EUC-V.bcmap
+++ b/website/view/cmaps/78-EUC-V.bcmap
--- a/website/view/cmaps/78-H.bcmap
+++ b/website/view/cmaps/78-H.bcmap
--- a/website/view/cmaps/78-RKSJ-H.bcmap
+++ b/website/view/cmaps/78-RKSJ-H.bcmap
--- a/website/view/cmaps/78-RKSJ-V.bcmap
+++ b/website/view/cmaps/78-RKSJ-V.bcmap
--- a/website/view/cmaps/78-V.bcmap
+++ b/website/view/cmaps/78-V.bcmap
--- a/website/view/cmaps/78ms-RKSJ-H.bcmap
+++ b/website/view/cmaps/78ms-RKSJ-H.bcmap
--- a/website/view/cmaps/78ms-RKSJ-V.bcmap
+++ b/website/view/cmaps/78ms-RKSJ-V.bcmap
--- a/website/view/cmaps/83pv-RKSJ-H.bcmap
+++ b/website/view/cmaps/83pv-RKSJ-H.bcmap
--- a/website/view/cmaps/90ms-RKSJ-H.bcmap
+++ b/website/view/cmaps/90ms-RKSJ-H.bcmap
--- a/website/view/cmaps/90ms-RKSJ-V.bcmap
+++ b/website/view/cmaps/90ms-RKSJ-V.bcmap
--- a/website/view/cmaps/90msp-RKSJ-H.bcmap
+++ b/website/view/cmaps/90msp-RKSJ-H.bcmap
--- a/website/view/cmaps/90msp-RKSJ-V.bcmap
+++ b/website/view/cmaps/90msp-RKSJ-V.bcmap
--- a/website/view/cmaps/90pv-RKSJ-H.bcmap
+++ b/website/view/cmaps/90pv-RKSJ-H.bcmap
--- a/website/view/cmaps/90pv-RKSJ-V.bcmap
+++ b/website/view/cmaps/90pv-RKSJ-V.bcmap
--- a/website/view/cmaps/Add-H.bcmap
+++ b/website/view/cmaps/Add-H.bcmap
--- a/website/view/cmaps/Add-RKSJ-H.bcmap
+++ b/website/view/cmaps/Add-RKSJ-H.bcmap
--- a/website/view/cmaps/Add-RKSJ-V.bcmap
+++ b/website/view/cmaps/Add-RKSJ-V.bcmap
--- a/website/view/cmaps/Add-V.bcmap
+++ b/website/view/cmaps/Add-V.bcmap
--- a/website/view/cmaps/Adobe-CNS1-0.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-0.bcmap
--- a/website/view/cmaps/Adobe-CNS1-1.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-1.bcmap
--- a/website/view/cmaps/Adobe-CNS1-2.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-2.bcmap
--- a/website/view/cmaps/Adobe-CNS1-3.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-3.bcmap
--- a/website/view/cmaps/Adobe-CNS1-4.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-4.bcmap
--- a/website/view/cmaps/Adobe-CNS1-5.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-5.bcmap
--- a/website/view/cmaps/Adobe-CNS1-6.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-6.bcmap
--- a/website/view/cmaps/Adobe-CNS1-UCS2.bcmap
+++ b/website/view/cmaps/Adobe-CNS1-UCS2.bcmap
--- a/website/view/cmaps/Adobe-GB1-0.bcmap
+++ b/website/view/cmaps/Adobe-GB1-0.bcmap
--- a/website/view/cmaps/Adobe-GB1-1.bcmap
+++ b/website/view/cmaps/Adobe-GB1-1.bcmap
--- a/website/view/cmaps/Adobe-GB1-2.bcmap
+++ b/website/view/cmaps/Adobe-GB1-2.bcmap
--- a/website/view/cmaps/Adobe-GB1-3.bcmap
+++ b/website/view/cmaps/Adobe-GB1-3.bcmap
--- a/website/view/cmaps/Adobe-GB1-4.bcmap
+++ b/website/view/cmaps/Adobe-GB1-4.bcmap
--- a/website/view/cmaps/Adobe-GB1-5.bcmap
+++ b/website/view/cmaps/Adobe-GB1-5.bcmap
--- a/website/view/cmaps/Adobe-GB1-UCS2.bcmap
+++ b/website/view/cmaps/Adobe-GB1-UCS2.bcmap
--- a/website/view/cmaps/Adobe-Japan1-0.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-0.bcmap
--- a/website/view/cmaps/Adobe-Japan1-1.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-1.bcmap
--- a/website/view/cmaps/Adobe-Japan1-2.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-2.bcmap
--- a/website/view/cmaps/Adobe-Japan1-3.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-3.bcmap
--- a/website/view/cmaps/Adobe-Japan1-4.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-4.bcmap
--- a/website/view/cmaps/Adobe-Japan1-5.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-5.bcmap
--- a/website/view/cmaps/Adobe-Japan1-6.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-6.bcmap
--- a/website/view/cmaps/Adobe-Japan1-UCS2.bcmap
+++ b/website/view/cmaps/Adobe-Japan1-UCS2.bcmap
--- a/website/view/cmaps/Adobe-Korea1-0.bcmap
+++ b/website/view/cmaps/Adobe-Korea1-0.bcmap
--- a/website/view/cmaps/Adobe-Korea1-1.bcmap
+++ b/website/view/cmaps/Adobe-Korea1-1.bcmap
--- a/website/view/cmaps/Adobe-Korea1-2.bcmap
+++ b/website/view/cmaps/Adobe-Korea1-2.bcmap
--- a/website/view/cmaps/Adobe-Korea1-UCS2.bcmap
+++ b/website/view/cmaps/Adobe-Korea1-UCS2.bcmap
--- a/website/view/cmaps/B5-H.bcmap
+++ b/website/view/cmaps/B5-H.bcmap
--- a/website/view/cmaps/B5-V.bcmap
+++ b/website/view/cmaps/B5-V.bcmap
--- a/website/view/cmaps/B5pc-H.bcmap
+++ b/website/view/cmaps/B5pc-H.bcmap
--- a/website/view/cmaps/B5pc-V.bcmap
+++ b/website/view/cmaps/B5pc-V.bcmap
--- a/website/view/cmaps/CNS-EUC-H.bcmap
+++ b/website/view/cmaps/CNS-EUC-H.bcmap
--- a/website/view/cmaps/CNS-EUC-V.bcmap
+++ b/website/view/cmaps/CNS-EUC-V.bcmap
--- a/website/view/cmaps/CNS1-H.bcmap
+++ b/website/view/cmaps/CNS1-H.bcmap
--- a/website/view/cmaps/CNS1-V.bcmap
+++ b/website/view/cmaps/CNS1-V.bcmap
--- a/website/view/cmaps/CNS2-H.bcmap
+++ b/website/view/cmaps/CNS2-H.bcmap
--- a/website/view/cmaps/CNS2-V.bcmap
+++ b/website/view/cmaps/CNS2-V.bcmap
@ -0,0 +1,3 @@
+àRCopyright 1990-2009 Adobe Systems Incorporated.
+All rights reserved.
+See ./LICENSEáCNS2-H
--- a/website/view/cmaps/ETHK-B5-H.bcmap
+++ b/website/view/cmaps/ETHK-B5-H.bcmap
--- a/website/view/cmaps/ETHK-B5-V.bcmap
+++ b/website/view/cmaps/ETHK-B5-V.bcmap
--- a/website/view/cmaps/ETen-B5-H.bcmap
+++ b/website/view/cmaps/ETen-B5-H.bcmap
--- a/website/view/cmaps/ETen-B5-V.bcmap
+++ b/website/view/cmaps/ETen-B5-V.bcmap
--- a/website/view/cmaps/ETenms-B5-H.bcmap
+++ b/website/view/cmaps/ETenms-B5-H.bcmap
@ -0,0 +1,3 @@
+àRCopyright 1990-2009 Adobe Systems Incorporated.
+All rights reserved.
+See ./LICENSEá	ETen-B5-H` ^
--- a/website/view/cmaps/ETenms-B5-V.bcmap
+++ b/website/view/cmaps/ETenms-B5-V.bcmap
--- a/website/view/cmaps/EUC-H.bcmap
+++ b/website/view/cmaps/EUC-H.bcmap
--- a/website/view/cmaps/EUC-V.bcmap
+++ b/website/view/cmaps/EUC-V.bcmap
--- a/website/view/cmaps/Ext-H.bcmap
+++ b/website/view/cmaps/Ext-H.bcmap
--- a/website/view/cmaps/Ext-RKSJ-H.bcmap
+++ b/website/view/cmaps/Ext-RKSJ-H.bcmap
--- a/website/view/cmaps/Ext-RKSJ-V.bcmap
+++ b/website/view/cmaps/Ext-RKSJ-V.bcmap
--- a/website/view/cmaps/Ext-V.bcmap
+++ b/website/view/cmaps/Ext-V.bcmap
--- a/website/view/cmaps/GB-EUC-H.bcmap
+++ b/website/view/cmaps/GB-EUC-H.bcmap
--- a/website/view/cmaps/GB-EUC-V.bcmap
+++ b/website/view/cmaps/GB-EUC-V.bcmap
--- a/website/view/cmaps/GB-H.bcmap
+++ b/website/view/cmaps/GB-H.bcmap
@ -0,0 +1,4 @@
+àRCopyright 1990-2009 Adobe Systems Incorporated.
+All rights reserved.
+See ./LICENSE!!<21>º]aX!!]`<60>21<32>>	<09>p<0B>z<EFBFBD>$]‚<06>"R‚d<E2809A>-Uƒ7<C692>*„
4„%<25>+ „Z „{<7B>/…%…<<3C>9K…b<E280A6>1]†.<2E>"‡‰`]‡,<2C>"]ˆ
+<EFBFBD>"]ˆh<CB86>"]‰F<E280B0>"]Š$<24>"]‹<02>"]‹`<60>"]Œ><3E>"]<5D><1C>"]<5D>z<EFBFBD>"]ŽX<C5BD>"]<5D>6<EFBFBD>"]<5D><14>"]<5D>r<EFBFBD>"]‘P<E28098>"]’.<2E>"]“<0C>"]“j<E2809C>"]”H<E2809D>"]•&<26>"]–<04>"]–b<E28093>"]—@<40>"]˜<1E>"]˜|<7C>"]™Z<E284A2>"]š8<C5A1>"]›<16>"]›t<E280BA>"]œR<C593>"]<5D>0<EFBFBD>"]ž<0E>"]žl<C5BE>"]ŸJ<C5B8>"] (<28>"]¡<06>"]¡d<C2A1>"]¢B<C2A2>"]£ <20>"X£~<7E>']¤W<C2A4>"]¥5<C2A5>"]¦<13>"]¦q<C2A6>"]§O<C2A7>"]¨-<2D>"]©<0B>"]©i<C2A9>"]ªG<C2AA>"]«%<25>"]¬<03>"]¬a<C2AC>"]?<3F>"]®<1D>"]®{<7B>"]¯Y<C2AF>"]°7<C2B0>"]±<15>"]±s<C2B1>"]²Q<C2B2>"]³/<2F>"]´
<0A>"]´k<C2B4>"]µI<C2B5>"]¶'<27>"]·<05>"]·c<C2B7>"]¸A<C2B8>"]¹<1F>"]¹}<7D>"]º[<5B>"]»9
--- a/website/view/cmaps/GB-V.bcmap
+++ b/website/view/cmaps/GB-V.bcmap
--- a/website/view/cmaps/GBK-EUC-H.bcmap
+++ b/website/view/cmaps/GBK-EUC-H.bcmap
--- a/website/view/cmaps/GBK-EUC-V.bcmap
+++ b/website/view/cmaps/GBK-EUC-V.bcmap
--- a/website/view/cmaps/GBK2K-H.bcmap
+++ b/website/view/cmaps/GBK2K-H.bcmap
--- a/website/view/cmaps/GBK2K-V.bcmap
+++ b/website/view/cmaps/GBK2K-V.bcmap
--- a/website/view/cmaps/GBKp-EUC-H.bcmap
+++ b/website/view/cmaps/GBKp-EUC-H.bcmap
--- a/website/view/cmaps/GBKp-EUC-V.bcmap
+++ b/website/view/cmaps/GBKp-EUC-V.bcmap
--- a/website/view/cmaps/GBT-EUC-H.bcmap
+++ b/website/view/cmaps/GBT-EUC-H.bcmap
--- a/website/view/cmaps/GBT-EUC-V.bcmap
+++ b/website/view/cmaps/GBT-EUC-V.bcmap
--- a/website/view/cmaps/GBT-H.bcmap
+++ b/website/view/cmaps/GBT-H.bcmap
--- a/website/view/cmaps/GBT-V.bcmap
+++ b/website/view/cmaps/GBT-V.bcmap
--- a/Show more
+++ b/Show more