ECS 227 - Spring 2010 - List of Lecture Topics |
|||
---|---|---|---|
Lecture | Topic | ||
Week 1 | Lect 01 - M 3/29 | Introduction. Classical and provable-security approaches. Four useful problems: encryption/authentication in sym/asym settings. Bit commitment and 2-party coin flip. | |
Lect 02 - W 3/31 | More sample problems: PRGs, PRFs, dating problem, 2-party SFE. Yao’s garbled circuit evaluation. Encryption with a one-time pad. Security notions for it. | ||
Week 2 | Lect 03 - M 4/05 | Blockcipher examples: DES, AES, Threefish. Feistel networks and their invertibility. Working in a finite field. | |
Lect 04 - W 4/07 | CTR mode. Inadequate notions of blockcipher security: key-recovery (KR) and (NNP) security. The PRP definition. Equivalence of two formulations. | ||
Week 3 | Lect xx - M 4/12 | Instructor out of town — no lecture. | |
Lect xx - W 4/14 | Instructor out of town — no lecture. | ||
Week 4 | Lect 05 - M 4/19 | PRP security implies key-recovery security an no-new-pair security. PRF security. The PRP/PRF switching lemma. Game-playing proofs. | |
Lect 06 - W 4/21 | Symmetric encryption scheme syntax and security: ind, fg, sem. Using the notions to “break” CBC with a counter IV or with IV-chaining. | ||
Lect 07 - F 4/23 | Make-up lecture. Review of ind, fg, sem notions, plus two more: ind$, lr. Equivalences, sample reductions. | ||
Week 5 | Lect 08 - M 4/26 | Security of CBC$ encryption. Begin symbolic treatment of symmetric encryption from [Abadi-Rogaway]. | |
Lect 09 - W 4/28 | Continue symbolic treatment of sym encryption: equivalence; type-0 security; key-cycles. Asymptotic approach for definitions. | ||
Lect 10 - F 4/30 | Make-up lecture. Notions of nonmalleability, CCA-security and AE in the sym setting. CBC with redundancy does not achieve AE. | ||
Week 6 | Lect 11 - M 5/03 | Solution for PS2 problems. An alternative notion for AE. Incorrect ways for achieving AE. PRFs with arbitrary domain. Generic composition. | |
Lect 12 - W 5/05 | Analysis of generic composition mechanisms. PRFs with arbitrary domains and their use as MACs. Attacking the CBC MAC for variable-length inputs. | . | |
Week 7 | Lect 13 - M 5/10 | Ways to make PRFs. CBC MAC for fixed-length strings. AU-hash functions. The Carter-Wegman construction. XCBC. | |
Lect 14 - W 5/12 | Cryptographic hash functions. The Merkle-Damgård paradigm. The definition of SHA-1. Difficulties with defining collision-intractability. | ||
Week 8 | Lect 15 - M 5/17 | How to get around the CR-definitional issues. HMAC and its proof, assumptions. Tweakable blockciphers. A one-pass AE scheme. | |
Lect 16 - W 5/19 | Defns for asym encryption (adapted from sym case). Computational number theory. Diffie-Hellman key exchange as an enc scheme (ElGamal scheme). | ||
Week 9 | Lect 17 - M 5/24 | More comp number th. DL, CDH, DDH assumptions. ElGamal is secure under DDH, not DL/CDH. DDH is false in Zp*. Hardcore bits and Goldreich-Levin. | |
Lect 18 - W 5/26 | Trapdoor permutations and their use for encryption and signatures. random-oracle model. Lamport and Merkle signatures. | ||
Week 10 | Lect xx - M 5/31 | Holiday — no class. | |
Lect 19 - W 6/02 | Students describe their projects. Class begins at 5 pm (usual room). |