ECS 2227 - Modern Cryptography - Fall 2001

ECS 227 - Course Information

Meetings

Our course meets M 6:10-9:00 pm in 1062 Bainer. Please do not miss lectures and, when you are in class, try to think. If you do miss a lecture, you can watch the video tape in 1101 Hart (they are televising the class for Livermore).

Office Hours

Office hours are F 10-11, or by appointment, or by no appointment.

On-line Information

Most everything will be collected on-line. Go to my homepage at www.cs.ucdavis.edu/~rogaway and follow the classes link to the course web page.

Material

I expect to lecture on the following topics: introduction - symmetric encryption - block ciphers - pseudorandom permutations and pseudorandom functions - one-way functions - pseudorandom generators - symmetric encryption - hash functions - message authentication - authenticated encryption - asymmetric encryption - digital signatures - authenticated key exchange - interactive proofs and zero knowledge. As always, course material is subject to change depending on how fast (or slow) I go, and depending on student interests.

Books

There is no assigned text, and no reasonable text available for the material of this course. I will prepare some lecture notes, and put everything on the web: my notes and any relevant papers that you might want to look at.

If you're interested to have an actual, finished book, the most useful may be that of [Menezes, van Oorschot, Vanstone], which is available on-line, for free. There is also a new book by [Goldreich] which give a much more scientific treatment of the subject, but the scope is very limited and the treatment will be quite different from ours.

Homeworks

Homeworks will be due one week after: I give out the assignment or cover the material, whichever comes last). Late homeworks might or might not be looked at, depending on my mood.

You can work with a friend on your homeworks, as long as you acknowledge them. As with any theory class, I believe that working closely with others leads to an inferior understanding of course material. (But then, some students honestly believe exactly the opposite!)

Projects

You must read a paper in the provable-security tradition of cryptography, understand it, and then write something about it. Alternatively, you must do some small research project of your own: anything novel that touches on provable-security cryptography. Projects are due the last day of class. Unless you get special consent, writeups should be 2-4 pages. But they should be beautiful: meticulously written, nicely typeset (LaTeX, please), and, preferably, with some interesting or semi-interesting idea. Or at least something that demonstrates that you're "with it".

If you have any doubt if your envisioned paper/project is OK, talk to me, and do so more than two weeks before the project is due. If you are reading a research paper, going with one of mine or Mihir Bellare makes a particularly safe choice. But this is certainly not required.

I won't discuss the projects in class. You're on your own to remember that you have to do this, and to budget your time appropriately.

Exams

There's no midterm, but there's a sort-of final. I prefer to call it a "discussion". You'll come in to my office for 30 minutes, we'll talk, and I'll try to ascertain how much you got out of the class. Don't be worried about it; it ain't a big deal. But it helps me understand what students are and are not understanding, and what they are and are not interested in.

Grading

I am required to give grades, which will be based on what has already been mentioned. This is a non-required graduate class, so I expect students to be here because they're genuinely interested in learning the material.

Research in cryptography

You may treat this class as your "invitation" for doing research in cryptography, a most unusual and wonderful subject. Welcome!

Phil Rogaway's homepage