ECS 227 — Winter 2012 — List of Lecture Topics

Lecture Topic

Week 1 Lect 01 - T 1/10 Please fill in the grid for week-2 makeup. The idea of “provable security” and reductions. Defining PRGs.

Lect 02 - R 1/12 Increasing the “stretch” of a PRG. One-way functions. Sample cryptographic problems: privacy, authenticity, OT, coin flipping.

Week 3 Lect 03 - T 1/24 One-time pads and two notions of perfect privacy. Hybrid arguments, abstractly. The blockcipher DES.

Lect 04 - R 1/26 More blockciphers: sha1, Threefish, AES, subset cipher. Making a PRG from a blockcipher. PRPs are close to PRFs?

Lect 05 - F 1/27 Makeup lecture. The PRP/PRF Switching Lemma. The game-playing technique.

Week 4 Lect 06 - T 1/31 PS#1 solutions, part 1. Blockcipher modes of operation. Syntax of a sym enc schemes. Real-or-random definition.

Lect 07 - R 2/02 Notions of security for a sym enc scheme: ind$, ind, lr. Implications and separations.

Lect 08 - F 2/03 Makeup lecture. Discuss projects. The fg-notion for a sym enc scheme. Implications.

Week 5 Lect 09 - T 2/07 The sem notion of security. Implicatations. IND$ Security of CTR mode.

Lect 10 - R 2/09 COCl₂ (yikes). IND$ security of CBC$. What IND-CPA doesn’t buy you: nonmalleability, chosen-ciphertext security.

Week 6 Lect 11 - T 2/14 Definitions for nonmalleability, INC-CCA, and authenticity/AE. Lifting encryption-scheme definitions to the public-key setting.

Lect 12 - R 2/16 More notions for PK encryption security. DH key exchange. ElGamal encryption. DL, CDH, DDH.

Week 7 Lect 13 - T 2/21 The RO model. Hashed ElGamal is secure under CDH in the ROM. Trapdoor permutations. RSA as a trapdoor permutation.

Lect 14 - R 2/23 Provably-secure encryption with RSA: the lsb is hardcore. The Goldreich-Levin hardcore bit. Enc by f(r)||G(r)+M and OAEP.

Week 8 Lect 15 - T 2/28 Solns to two homework problems. Defns for digital signature. Why Raw RSA sigs don’t work. FDH and its ROM security.

Lect 16 - R 3/01 The PSS signature scheme. Lamport and Merkle signatures. Definition of MAC security. Secure PRFs are secure MACs.

Week 9 Lect 17 - T 3/06 CBC MAC. CMAC. Carter-Wegman MACs. How to make universal hash functions. UMAC. HMAC. Authenticated encryption.

Lect 18 - R 3/08 Authenticated encryption. Adding redundancy. Generic composition methods. Tweakable blockciphers and OCB.

Week A Lect 19 - T 3/13 Student presentations: p1 (Katrina), p2 (Ryan), p3 (Andrew H), p4 (Shizhuo)

Lect 20 - R 3/15 Student presentations: p5 (Robert), p6 (Michael), p7 (Andrew A), p8 (Zhige)

Week B Lect X - T 3/20 10:30 am - 12:00 pm Student presentations: p9 (James), p10 (Sisi), p11 (Julia)

ECS 227 — Winter 2012 — List of Lecture Topics
	Lecture	Topic
Week 1	Lect 01 - T 1/10	Please fill in the grid for week-2 makeup. The idea of “provable security” and reductions. Defining PRGs.
	Lect 02 - R 1/12	Increasing the “stretch” of a PRG. One-way functions. Sample cryptographic problems: privacy, authenticity, OT, coin flipping.
Week 3	Lect 03 - T 1/24	One-time pads and two notions of perfect privacy. Hybrid arguments, abstractly. The blockcipher DES.
	Lect 04 - R 1/26	More blockciphers: sha1, Threefish, AES, subset cipher. Making a PRG from a blockcipher. PRPs are close to PRFs?
	Lect 05 - F 1/27	Makeup lecture. The PRP/PRF Switching Lemma. The game-playing technique.
Week 4	Lect 06 - T 1/31	PS#1 solutions, part 1. Blockcipher modes of operation. Syntax of a sym enc schemes. Real-or-random definition.
	Lect 07 - R 2/02	Notions of security for a sym enc scheme: ind$, ind, lr. Implications and separations.
	Lect 08 - F 2/03	Makeup lecture. Discuss projects. The fg-notion for a sym enc scheme. Implications.
Week 5	Lect 09 - T 2/07	The sem notion of security. Implicatations. IND$ Security of CTR mode.
	Lect 10 - R 2/09	COCl₂ (yikes). IND$ security of CBC$. What IND-CPA doesn’t buy you: nonmalleability, chosen-ciphertext security.
Week 6	Lect 11 - T 2/14	Definitions for nonmalleability, INC-CCA, and authenticity/AE. Lifting encryption-scheme definitions to the public-key setting.
	Lect 12 - R 2/16	More notions for PK encryption security. DH key exchange. ElGamal encryption. DL, CDH, DDH.
Week 7	Lect 13 - T 2/21	The RO model. Hashed ElGamal is secure under CDH in the ROM. Trapdoor permutations. RSA as a trapdoor permutation.
	Lect 14 - R 2/23	Provably-secure encryption with RSA: the lsb is hardcore. The Goldreich-Levin hardcore bit. Enc by f(r)\|\|G(r)+M and OAEP.
Week 8	Lect 15 - T 2/28	Solns to two homework problems. Defns for digital signature. Why Raw RSA sigs don’t work. FDH and its ROM security.
	Lect 16 - R 3/01	The PSS signature scheme. Lamport and Merkle signatures. Definition of MAC security. Secure PRFs are secure MACs.
Week 9	Lect 17 - T 3/06	CBC MAC. CMAC. Carter-Wegman MACs. How to make universal hash functions. UMAC. HMAC. Authenticated encryption.
	Lect 18 - R 3/08	Authenticated encryption. Adding redundancy. Generic composition methods. Tweakable blockciphers and OCB.
Week A	Lect 19 - T 3/13	Student presentations: p1 (Katrina), p2 (Ryan), p3 (Andrew H), p4 (Shizhuo)
	Lect 20 - R 3/15	Student presentations: p5 (Robert), p6 (Michael), p7 (Andrew A), p8 (Zhige)
Week B	Lect X - T 3/20	10:30 am - 12:00 pm Student presentations: p9 (James), p10 (Sisi), p11 (Julia)