ECS 227 - Modern Cryptography — Winter 2009 — List of Lecture Topics

Wk ....Lecture.... .......................................................................................... Topic ..........................................................................................

1 #01 (M 1/05) Introduction. Classical vs. modern cryptography. NP-Completeness analogy. "Where" provable security is done. Classical goals. Bit commitment and coin flipping.

1 #02 (W 1/07) Secure function evaluation (average salary, millionaries's problem, dating problem). Symmetric encryption. Syntax. Substitution ciphers and a know-ciphertext attack.

2 #xx (M 1/12) No class (instructor out of town)

2 #xx (W 1/14) No class (instructor out of town)

3 #xx (M 1/19) Holiday (Martin Luther King Day).

3 #03 (W 1/21) Formalizing perfect privacy: three definitions. Equivalence of definitions 1 and 2. Substitution ciphers cannot achiever perfect privacy. One-time pad encryption.

3 #04 (F 1/23) Makeup class. Blockciphers. Feistel networks. Description and history of DES. Description and history of AES, including finite-field preliminaries.

4 #05 (M 1/26) Odds and ends on blockciphers: DES is not a group. Fast implementations of AES. Formalizing security: some apparently not-useful notions. The notion of a PRF.

4 #xx (W 1/28) No class (instructor out of town)

5 #06 (M 2/02) Defining PRF and PRP security. Birthday attacks. The PRP/PRF switching lemma. Incorrectly reasoning with conditional probabilities. A game-based proof.

5 #07 (W 2/04) Discussion of PS #1. PRP-security implies KR-security. The equivalence of PRP security and an apparent strengthening of it: a gentle hybrid argument.

5 #08 (F 2/06) Makeup class. Finishing PRP/PRP2 equivalence: more game-playing. Definitions of encryption-scheme security: real-or-random, left-or-right.

6 #09 (M 2/09) Your PS1 grades? (Phil's laptop stolen!). More symmetric-encryption: left-or-right security is equivalent to real-or-random. Find-then-guess security. Semantic security.

6 #10 (W 2/11) Going over PS #2 solutions. Achieving secure encryption: security of CTR mode. From information- to complexity- theoretic security.

7 #xx (M 2/16) Holiday (President's day)

7 #11 (W 2/18) Security of CBC$. A two-party authentication protocol: CCA2 security. CTR and CBC$ are not CCA2-secure.

7 #12 (F 2/20) Makeup class. Message authentication. Formalizing authenticity for an encryption scheme and a MAC. CBC and other privacy mechanisms don't give authenticity.

8 #13 (M 2/23) The CBC MAC, the encrypted CBC MAC. Security of Carter-Wegman MACs. Constructing AU-hash functions.

8 #14 (W 2/25) PS #3 solutions. Secure PRFs are secure MACs. Cryptographic hash functions. HMAC.

9 #15 (M 3/02) Authenticated encryption. Two definitions. Correct and incorrect generic-composition scheme. tweakable blockciphers. A TBC-based AE scheme.

9 #16 (W 3/04) Constructing a tweakable-blockcipher (the XEX construction). Asymmetric encryption: definition. The asymptotic approach. Asymptotically defining PRFs.

10 #17 (M 3/09) Number theory background. One-way functions & trapdoor permutations. The RSA trapdoor permutation. Problems with raw RSA. Hardcore bits.

10 #18 (W 3/11) Encrypting with RSA. OAEP. The Random-Oracle paradigm. Diffie-Hellman Key Exchange. ElGamal encryption. Digital signatures. Definitions. RSA-based signing.

11 #19 (M 3/16) Students describe their projects (8-10 mins each).

ECS 227 - Modern Cryptography — Winter 2009 — List of Lecture Topics
Wk	....Lecture....	.......................................................................................... Topic ..........................................................................................
1	#01 (M 1/05)	Introduction. Classical vs. modern cryptography. NP-Completeness analogy. "Where" provable security is done. Classical goals. Bit commitment and coin flipping.
1	#02 (W 1/07)	Secure function evaluation (average salary, millionaries's problem, dating problem). Symmetric encryption. Syntax. Substitution ciphers and a know-ciphertext attack.
2	#xx (M 1/12)	No class (instructor out of town)
2	#xx (W 1/14)	No class (instructor out of town)
3	#xx (M 1/19)	Holiday (Martin Luther King Day).
3	#03 (W 1/21)	Formalizing perfect privacy: three definitions. Equivalence of definitions 1 and 2. Substitution ciphers cannot achiever perfect privacy. One-time pad encryption.
3	#04 (F 1/23)	Makeup class. Blockciphers. Feistel networks. Description and history of DES. Description and history of AES, including finite-field preliminaries.
4	#05 (M 1/26)	Odds and ends on blockciphers: DES is not a group. Fast implementations of AES. Formalizing security: some apparently not-useful notions. The notion of a PRF.
4	#xx (W 1/28)	No class (instructor out of town)
5	#06 (M 2/02)	Defining PRF and PRP security. Birthday attacks. The PRP/PRF switching lemma. Incorrectly reasoning with conditional probabilities. A game-based proof.
5	#07 (W 2/04)	Discussion of PS #1. PRP-security implies KR-security. The equivalence of PRP security and an apparent strengthening of it: a gentle hybrid argument.
5	#08 (F 2/06)	Makeup class. Finishing PRP/PRP2 equivalence: more game-playing. Definitions of encryption-scheme security: real-or-random, left-or-right.
6	#09 (M 2/09)	Your PS1 grades? (Phil's laptop stolen!). More symmetric-encryption: left-or-right security is equivalent to real-or-random. Find-then-guess security. Semantic security.
6	#10 (W 2/11)	Going over PS #2 solutions. Achieving secure encryption: security of CTR mode. From information- to complexity- theoretic security.
7	#xx (M 2/16)	Holiday (President's day)
7	#11 (W 2/18)	Security of CBC$. A two-party authentication protocol: CCA2 security. CTR and CBC$ are not CCA2-secure.
7	#12 (F 2/20)	Makeup class. Message authentication. Formalizing authenticity for an encryption scheme and a MAC. CBC and other privacy mechanisms don't give authenticity.
8	#13 (M 2/23)	The CBC MAC, the encrypted CBC MAC. Security of Carter-Wegman MACs. Constructing AU-hash functions.
8	#14 (W 2/25)	PS #3 solutions. Secure PRFs are secure MACs. Cryptographic hash functions. HMAC.
9	#15 (M 3/02)	Authenticated encryption. Two definitions. Correct and incorrect generic-composition scheme. tweakable blockciphers. A TBC-based AE scheme.
9	#16 (W 3/04)	Constructing a tweakable-blockcipher (the XEX construction). Asymmetric encryption: definition. The asymptotic approach. Asymptotically defining PRFs.
10	#17 (M 3/09)	Number theory background. One-way functions & trapdoor permutations. The RSA trapdoor permutation. Problems with raw RSA. Hardcore bits.
10	#18 (W 3/11)	Encrypting with RSA. OAEP. The Random-Oracle paradigm. Diffie-Hellman Key Exchange. ElGamal encryption. Digital signatures. Definitions. RSA-based signing.
11	#19 (M 3/16)	Students describe their projects (8-10 mins each).