| Class | Topic |
|---|---|
| 1M 4/01 | Basics. Read the syllabus. Introduction: four basic problems in cryptography: {priv, auth} x {sym, asym}. Other ways to create asymmetry. |
| 1W 4/03 | Quiz. Secret Key Exchange (SKE) and the DH protocol. Mean salary computation in the physical and communication model. |
| 1R 4/04 | PS1 in discussion section |
| 1F 4/05 | Defined groups. Z_2, Z_N, Z_2^*. Why Z_2^* is cryptographically useful. The OTP encryption scheme. |
| 2M 4/08 | Quiz. Reviewing OTP encryption. Correctness. Defining perfect privacy for one message or multiple messages. |
| 2W 4/10 | Review. Secret sharing: 2-of-2, threshold schemes, definition for the general problem. |
| 2R 4/11 | Solutions to PS2. Map a deal to a point in Z_{C(52,26)}. Breaking LR-privacy for a deterministic, stateless enc scheme. |
| 2F 4/12 | Quiz. Privacy notion for secret sharing (SS). Shamir SS (original paper) Pseudorandom generators (PRGs). RC4 |
| 3M 4/15 | Approaches to handling the domain & stretch of a PRG. Reductions. From stretch-1 to long-stretch. |
| 3W 4/17 | ∃ secure asym PRG ⇒ P≠NP. A reduction: if g is a secure stretch-1 PRG then G[g] is a secure arbitrary-stretch PRG. Problems with RC4/PRGs. |
| 3R 4/18 | Solutions to PS3. Defining indistinguishability. Asymptotic way to do that. |
| 3F 4/19 | Quiz. Problems with PRGs and with RC4. Syntax of a PRF (pseudorandom function). A well-designed PRF: Dan Bernstein’s ChaCha20 |
| 4M 4/22 | The PRF security notion. |Func(n,m)|. Using a PRF to encrypt: prob. enc. with a PRF / ChaCha20. |
| 4W 4/24 | Quiz. Notions of enc scheme security: LR, ind0, ind$. LR-security is equivalent to ind0-security. ind$ security is stronger. |
| 4R 4/25 | An alternative Chernoff bound for the HW. A more efficient way to use a minimal-stretch PRG. |
| 4F 4/26 | Finishing the reduction for ind$ ⇒ ind0. Syntax for blockcipher. Signatures and initial history of DES and AES. |
| 5M 4/29 | Syntax and security definition for blockciphers. How DES works. Why it’s key is so short. |
| 5W 5/01 | Cat Day: visits from Peanut and Cloud. Winner’s Do Artifacts have Politics? (recommended), and the key length of DES. AES. Arithmetic in GF(2^8). |
| 5R 5/02 | Going over a practice quiz, including substitution ciphers and password guessing. Review of GF(2^8) multiplication. |
| 5F 5/03 | Quiz. Using a PRP to encrypt: ECB mode mode and critique. CTR mode. The PRP/PRF switching lemma. |
| 6M 5/06 | Game-playing arguments; finish PRP/PRF switching lemma. Proving security of CTR mode. CBC encryption. Malleability of CBC-encrypted text. |
| 6W 5/08 | CBC-ctr is not ind-secure; CBC$ is. Nonmalleability. CTR and CBC are malleable. MT cutoff. Then: the CBC MAC. The definition of a MAC. |
| 6R 5/09 | Midterm review sessions: we worked out old midterms, as well as the last problem on the current problem sets. |
| 6F 5/10 | Midterm 1. Cheat-sheet allowed (one side of one page). Overflow room: Wellman 207. About 20 students should go there. |
| 7M 5/13 | Midterms weren't great. A dog visits. MACs. PRFs are good MACs. Raw CBC MAC: no good. Fixing it: CMAC. Carter-Wegman MACs. GMAC. |
| 7W 5/15 | Review of material on MACs. Evaluating polynomials efficiently. Generic composition (prob enc + MAC). |
| 7R k/16 | MT questions. Authenticated encryption (AE / AEAD) (Slides, we covered 1–19) |
| 7F 5/17 | Finished AE, covering CCM, OCB, and tweakable blockcipher. Cryptographic hash functions. Collision intractability. |
| 8M 5/20 | Crypt hash functions: additional uses, Merkle-Damgard,
Davies-Meyer. Making the blockcipher (SHA-1).
PK encryption: syntax. Deadline, 10pm, for +4% early-turnin final project. |
| 8W 5/22 | Quiz. Defining ind-security for a PK-enc scheme. Using DH key-exchange for an enc scheme. DDH vs. CDH. The random-oracle model (ROM). |
| 8R 5/23 | HW6, problems 19 and 20. Breaking CBC-enc-with-arbitrary-redundancy as an AEAD scheme. |
| 8F 5/24 | Review: random oracles, CDH vs. DDH. DH-encryption with DHIES. Trapdoor permutations. Not for direct use. The RSA trapdoor permutation. |
| 9M 5/27 | Deadline, 10pm, for +3% early-turnin final project. Holiday; no school; you will be lonely all by yourself in Wellman. |
| 9W 5/29 | Trapdoor permutations, cont. Encrypting by f(M) (no), or by f(R) || H(R)⊕M, OAEP. Digital signatures. Signing by g(M) (no), or by FDH or PSS. |
| 9R 5/30 | We went over Problem 20 from today’s problem set, then the 2019 final for the class. |
| 9F 5/31 | Stateful digital signatures from a hash function (Lamport’s scheme, Merkle trees). The grid of goal, revisited. |
| 9U 6/02 | 8-10pm, totally optional activity: rock climbing (without the rocks) at Rocknasium. Suggest to fill out the waiver in advance. |
| 10M 6/03 | Midterm 2. Overflow room is Wellman 115 (about 28 students should go there). Deadline, 10pm, for final project. |
| 10W 6/05 | Talk:
The Last Lecture: A dozen suggestions you
probably don’t want to hear.
Essay I considered for today (if you have time): The Moral Character of Cryptographic Work (2015), On Being a |
| 10R 6/05 | Optional disc at 11am (TLC 3212) & 2pm (TLC 2218): zero-knowledge proofs. Tea party. Bring a mug and, if you can, a thermos of coffee or tea. You could bake something, too. |