ECS 227 MODERN CRYPTOGRAPHY (4) II
Lecture: 3 hours
Discussion: 1 hour
Prerequisite: Course ECS 220 or ECS 222A
Grading: Letter; homework (40%), project (20%), final (40%)
Modern cryptography, as a discipline emphasizing formal definitions and proofs of security. One-way functions, pseudo-randomness, encryption, digital signatures, zero-knowledge, secure protocols.
A new era in cryptography emerged in the early 1980’s when researchers realized that security goals could be formally defined and provably achieved (sometimes under complexity-theoretic assumptions). The goal of this course is to teach the Definition – Protocol – Proof paradigm, illustrating it for some of cryptography’s central problems. By the end of the course the students should understand the provable-security paradigm, be able to distinguish proofs from intuition, and should be ready to begin research in the field.
Expanded Course Description:
- Overview. Sample cryptographic goals. The idea of provable security. Resources of cryptographic interest.
- Block ciphers, pseudorandom function families, and pseudorandom permutation families.
- Pseudorandom generators and one-way functions. Hard-core bits.
- Symmetric encryption: realizations and notions of security.
- Asymmetric encryption. Number-theoretic background. The random-oracle paradigm.
- Message authentication. Connections to universal hashing.
- Digital signatures.
- Uniform and non-uniform security. Asymptotic approaches.
- Interactive proofs. IP=PSPACE. Zero-knowledge. NP in zero-knowledge. Non-interactive zero-knowledge.
- Entity authentication and session-key distribution.
- Secret-sharing schemes. Verifiable secret sharing. Key escrow.
- Secure function evaluation.
None; distributed lecture notes and selected papers from the literature.
ABET Category Content:
Engineering Science: 4 units
Engineering Design: 0 unit
Instructor: P. Rogaway
Prepared By: P. Rogaway (September 2002)
This course does not have a significant overlap with any other course. Some classical cryptography (eg., RSA encryption) is covered in ECS 235, but that course has a very different emphasis, with no definitions or proofs.