ECS 227 - Modern Cryptography Spring 2007 - List of Lecture Topics |
|||
---|---|---|---|
Wk | ....Lecture.... | ................................................................................Topic ................................................................................ | |
0 | #01 (W 3/28) | Introduction. Classical vs. modern cryptography. NP-Completeness analogy. "Where" provable security is done. Classical goals. Bit commitment. | |
1 | #02 (M 4/02) | Coin flipping, dating problem, general secure function evaluation. Blockciphers and their syntax. DES and its history. DES is not a group. | |
#03 (W 4/04) | History of AES. A description of the algorithm. Finite fields. Key-recovery security, Adv^kr_E(A), and why it doesn't work. | ||
2 | #xx (M 4/09) | Phil is out of town today. Lecture, with and bagels, moved to Friday, 4/13. | |
#04 (W 4/11) | One-more-pair blockcipher security and its problems. The PRP and PRF notions for blockcipher security. PRP/PRF switching lemma and a proof for it. | ||
#05 (F 4/13) | The bug in the PRP/PRF switching lemma. A game-playing proof. The Fundamental Lemma. Bernstein's PRP/PRF switching lemma and its proofs. | ||
3 | #06 (M 4/16) | Finish Bernstein's Lemma. PRP-security ==> KR-security. PRP2 security (E_K E_K vs E_K pi). PRP ==> implies PRP2 security: a hybrid argument. | |
#07 (W 4/18) | Finish proof of PRP/PRP2 equivalence. Symmetric encryption: the syntax of an encryption scheme. | ||
4 | #08 (M 4/23) | Notions for symmetric encryption scheme security: semantic security; (left-or-right) indistinguishability; real-or-random security; find-then-guess security. | |
#09 (W 4/25) | Solutions to HW 1. Proving the equivalence of our various notions of encryption. | ||
5 | #10 (M 4/30) | IND$ implies RR-security. Attacks on CBC encryption schemes. Proving the security of CBC$. | |
#11 (W 5/02) | Variants: stateful encryption, nonce-based encryption. Discussion about student projects. CCA2 security. Authenticated encryption. | ||
6 | #12 (M 5/07) | Tweakable blockciphers. An AE scheme based on them. Realizing an efficient tweakable blockcipher. | |
#13 (W 5/09) | Various notions for authentication: authenticated encryption, MACs, MAC generation/verification. Wegman-Carter MACs. | ||
7 | #14 (M 5/14) | Two flavors of WC MACs. An e-AU hash function by polynomial evaluation. Proving security for WC MACs. Examples: Poly1305, UMAC, CMAC. | |
#15 (W 5/16) | Cryptographic hash functions. Merkle-Damgard iteration. SHA-1. HMAC. The WC view of HMAC. The makings of a standard. | ||
8 | #16 (M 5/21) | Solns to HW 2. Generic composition: IND-CPA prob encryption + a PRF. Nonce-based case. Public-key encryption. Security notions. ElGamal. | |
#17 (W 5/23) | DL, CDH, DDH. IND-CPA/IND-CCA of ElGamal. Cramer-Shoup. The random-oracle paradigm. DHIES. Hybrid encryption. | ||
9 | #xx (M 5/28) | Memorial Day - no class | |
#18 (W 5/30) | Trapdoor permutations. The RSA trapdoor permutation. Hardcore bits. How to encrypt with RSA. OAEP. | ||
#xx (R 5/31) | Distinguished Lecture: Prof. Silvio Micali will speak on optomistic exchanges at 3:10 in 1065 Kemper. | ||
10 | #19 (M 6/04 | Digital signatures. Definitions and RSA-FDH. A RO-model proof. | |
#20 (W 6/06) | Entity authentication and key distribution. Vocabulary. Variants. The Needham-Schroeder protocol. A model and a sketch of a definition. |