COMP 754  Term 1 of 2002  LecturebyLecture Topic Summaries 


Lecture  Date  Topic 
Lect 1  06.27 R  What is cryptography? Four problems in cryptography: privacy in the symmetric and asymmetric trust models, message authentication in the symmetric and asymmetric trust models. Writing precise, mathematical English: Onetoone functions, 
Lect 2  07.02 T  More practice being mathematically precise; notions of onetoone functions, onto functions, permutations, strings. Probabilistic notation and computing some simple probabilities. 
Lect 3  07.04 R  Layered look at cryptographic mechanisms. What is a block cipher? History of DES and a complete description of DES. (Reading: Landau article on DES.) 
Lect 4  07.10 W  Group axioms, field axioms. A theorem about the existence and uniqueness of finite fields. Doing arithmetic in GF(2^8). A first look at the structure of AES. 
Lect 5  07.11 R  A complete description of AES. The ECB mode of operation: what is wrong with it? 
Lect 6  07.16 T  Modes of operation. Definitions for encryptionscheme security. 
Lect 7  07.18 R  Formalizing encryption: realorrandom security. 
Lect 8  07.29 T  Working to understand the inddefinition. Distinguishing an oracle that gives random samples in [1..10] from an oracle that gives random samples in [1..11]. CBCrandom and CBCcounter. 
Lect 9  08.01 R  Using our definition of encryption scheme security to break various constructions. 
Lect 10  08.05 M  Definition of PRP security. Reductions. The security of CTRctr. 
Lect 11  08.06 T  A switching lemma. More on the provablesecurity paradigm. Fully proving the security of of CTRctr. 
Lect 12  08.07 W  Proving the security of CBCrandom. Review of publickey encryption. Mathematical preliminaries for the RSA algorithm. 
Lect 13  08.08 R  Mathematical preliminaries for the RSA algorithm. Definition of the RSA algorithm. 
Lect 14  08.13 T  Review of RSA. Definition of PK encryptionscheme security. (Raw) RSA is NOT secure. Notion of a trapdoor permutation. 
Lect 15  08.15 R  Ways to properly encrypt using a trapdoor permutation. Hardcore bits. The method of PKCS \#1. 
Lect 16  08.27 T  Why PKCS \#1 is not provably secure. Cryptographic hash functions and their uses. Encryption by f(R)  H(R) xor M and OAEP. MerkleDamgârd iteration. Blockcipher based constructions. 
Lect 17  08.29 R  Definition of SHA1. Formalization of hashfunction goals. The MerkleDamgârd theorem. 
Lect 18  09.03 T  Digital signature: definition of the goal. RSA signatures. The Secure Hash Standard. 
Lect 19  09.10 T  An introduction to keyexchange. 
Lect 20  09.12 R  An introduction to multiparty protocols. 
Lect 21  09.17 T  Student presentations: A ForwardSecure Digital Digital Signature Scheme, Concrete Security Characterization of PRFs and PRPs, Ciphers with Arbitrary Finite Domains, Session Key Distribution Using Smart Cards, The Security of AllorNothing Encryption, PublicKey Encryption in a MultiUser Setting 
Lect 22  09.18 W  Student presentations: Tweakable Block Ciphers, How to Leak a Secret, Authenticated Key Exchange Secure Against Dictionary Attacks, Optimal Asymmetric Encryption, Random Oracles are Practical, XOR MAC 
Lect 23  09.19 R  Student presentations Keying Hash Functions for Message Authentication, On the Construction of VIL Ciphers, SDSI & SPKI Specification, EncodethenEncipher Encryption, NonMalleable Encryption 