ECS 227 - Spring 2010 - List of Lecture Topics

Lecture Topic

Week 1 Lect 01 - M 3/29 Introduction. Classical and provable-security approaches. Four useful problems: encryption/authentication in sym/asym settings. Bit commitment and 2-party coin flip.

Lect 02 - W 3/31 More sample problems: PRGs, PRFs, dating problem, 2-party SFE. Yao’s garbled circuit evaluation. Encryption with a one-time pad. Security notions for it.

Week 2 Lect 03 - M 4/05 Blockcipher examples: DES, AES, Threefish. Feistel networks and their invertibility. Working in a finite field.

Lect 04 - W 4/07 CTR mode. Inadequate notions of blockcipher security: key-recovery (KR) and (NNP) security. The PRP definition. Equivalence of two formulations.

Week 3 Lect xx - M 4/12 Instructor out of town — no lecture.

Lect xx - W 4/14 Instructor out of town — no lecture.

Week 4 Lect 05 - M 4/19 PRP security implies key-recovery security an no-new-pair security. PRF security. The PRP/PRF switching lemma. Game-playing proofs.

Lect 06 - W 4/21 Symmetric encryption scheme syntax and security: ind, fg, sem. Using the notions to “break” CBC with a counter IV or with IV-chaining.

Lect 07 - F 4/23 Make-up lecture. Review of ind, fg, sem notions, plus two more: ind$, lr. Equivalences, sample reductions.

Week 5 Lect 08 - M 4/26 Security of CBC$ encryption. Begin symbolic treatment of symmetric encryption from [Abadi-Rogaway].

Lect 09 - W 4/28 Continue symbolic treatment of sym encryption: equivalence; type-0 security; key-cycles. Asymptotic approach for definitions.

Lect 10 - F 4/30 Make-up lecture. Notions of nonmalleability, CCA-security and AE in the sym setting. CBC with redundancy does not achieve AE.

Week 6 Lect 11 - M 5/03 Solution for PS2 problems. An alternative notion for AE. Incorrect ways for achieving AE. PRFs with arbitrary domain. Generic composition.

Lect 12 - W 5/05 Analysis of generic composition mechanisms. PRFs with arbitrary domains and their use as MACs. Attacking the CBC MAC for variable-length inputs. .

Week 7 Lect 13 - M 5/10 Ways to make PRFs. CBC MAC for fixed-length strings. AU-hash functions. The Carter-Wegman construction. XCBC.

Lect 14 - W 5/12 Cryptographic hash functions. The Merkle-Damgård paradigm. The definition of SHA-1. Difficulties with defining collision-intractability.

Week 8 Lect 15 - M 5/17 How to get around the CR-definitional issues. HMAC and its proof, assumptions. Tweakable blockciphers. A one-pass AE scheme.

Lect 16 - W 5/19 Defns for asym encryption (adapted from sym case). Computational number theory. Diffie-Hellman key exchange as an enc scheme (ElGamal scheme).

Week 9 Lect 17 - M 5/24 More comp number th. DL, CDH, DDH assumptions. ElGamal is secure under DDH, not DL/CDH. DDH is false in Zp*. Hardcore bits and Goldreich-Levin.

Lect 18 - W 5/26 Trapdoor permutations and their use for encryption and signatures. random-oracle model. Lamport and Merkle signatures.

Week 10 Lect xx - M 5/31 Holiday — no class.

Lect 19 - W 6/02 Students describe their projects. Class begins at 5 pm (usual room).

ECS 227 - Spring 2010 - List of Lecture Topics
	Lecture	Topic
Week 1	Lect 01 - M 3/29	Introduction. Classical and provable-security approaches. Four useful problems: encryption/authentication in sym/asym settings. Bit commitment and 2-party coin flip.
	Lect 02 - W 3/31	More sample problems: PRGs, PRFs, dating problem, 2-party SFE. Yao’s garbled circuit evaluation. Encryption with a one-time pad. Security notions for it.
Week 2	Lect 03 - M 4/05	Blockcipher examples: DES, AES, Threefish. Feistel networks and their invertibility. Working in a finite field.
	Lect 04 - W 4/07	CTR mode. Inadequate notions of blockcipher security: key-recovery (KR) and (NNP) security. The PRP definition. Equivalence of two formulations.
Week 3	Lect xx - M 4/12	Instructor out of town — no lecture.
	Lect xx - W 4/14	Instructor out of town — no lecture.
Week 4	Lect 05 - M 4/19	PRP security implies key-recovery security an no-new-pair security. PRF security. The PRP/PRF switching lemma. Game-playing proofs.
	Lect 06 - W 4/21	Symmetric encryption scheme syntax and security: ind, fg, sem. Using the notions to “break” CBC with a counter IV or with IV-chaining.
	Lect 07 - F 4/23	Make-up lecture. Review of ind, fg, sem notions, plus two more: ind$, lr. Equivalences, sample reductions.
Week 5	Lect 08 - M 4/26	Security of CBC$ encryption. Begin symbolic treatment of symmetric encryption from [Abadi-Rogaway].
	Lect 09 - W 4/28	Continue symbolic treatment of sym encryption: equivalence; type-0 security; key-cycles. Asymptotic approach for definitions.
	Lect 10 - F 4/30	Make-up lecture. Notions of nonmalleability, CCA-security and AE in the sym setting. CBC with redundancy does not achieve AE.
Week 6	Lect 11 - M 5/03	Solution for PS2 problems. An alternative notion for AE. Incorrect ways for achieving AE. PRFs with arbitrary domain. Generic composition.
	Lect 12 - W 5/05	Analysis of generic composition mechanisms. PRFs with arbitrary domains and their use as MACs. Attacking the CBC MAC for variable-length inputs.	.
Week 7	Lect 13 - M 5/10	Ways to make PRFs. CBC MAC for fixed-length strings. AU-hash functions. The Carter-Wegman construction. XCBC.
	Lect 14 - W 5/12	Cryptographic hash functions. The Merkle-Damgård paradigm. The definition of SHA-1. Difficulties with defining collision-intractability.
Week 8	Lect 15 - M 5/17	How to get around the CR-definitional issues. HMAC and its proof, assumptions. Tweakable blockciphers. A one-pass AE scheme.
	Lect 16 - W 5/19	Defns for asym encryption (adapted from sym case). Computational number theory. Diffie-Hellman key exchange as an enc scheme (ElGamal scheme).
Week 9	Lect 17 - M 5/24	More comp number th. DL, CDH, DDH assumptions. ElGamal is secure under DDH, not DL/CDH. DDH is false in Zp. Hardcore bits* and Goldreich-Levin.
	Lect 18 - W 5/26	Trapdoor permutations and their use for encryption and signatures. random-oracle model. Lamport and Merkle signatures.
Week 10	Lect xx - M 5/31	Holiday — no class.
	Lect 19 - W 6/02	Students describe their projects. Class begins at 5 pm (usual room).