Schedule from Spring 2016
Schedule from Spring 2011


ECS 127 - Cryptography - Winter 2019 - List of Lecture Topics

Lecture Topic Notes
Week 1 L01 - M 1/07 Logistics (read the course information sheet). Introduction: four basic crypto problems, {privacy, authenticity} x {sym, asym}. Ways of creating asymmetry between Sender, Receiver, and Adversary. No disc sections this week; no office hours until Thursday. [BR.Ch1], [DH76]
L02 - W 1/09 Introduction, part 2: protocols. Secret Key Exchange (SKE). Authenticated Key Exchange (AKE). Secret Sharing: 1-out-of-2 method, and k-out-of-n method (Shamir’s Secret Sharing). Q1 [DH76], [Sh79], Finite Fields
L03 - F 1/11 Slower treatment of finite fields (and groups). Encrypting an n-valued quantity using arithmetic in ℤn. MPC and the average-salary problem. 𝅘𝅥𝅮 𝅘𝅥𝅯
Week 2 L04 - M 1/14 Q2. The Definition → Protocol → Proof pipeline. OTP(k). Syntax of a sym enc scheme. Perfect privacy. [BS.ch2],
L05 - W 1/16 Two more notions of enc scheme privacy: Shannon security and indistinguisability. Equivalence of the three notions (for one-query IND). .
L06 - F 1/18 Multi-query indistinguiablity. Deterministic, stateless encryption can’t achieve it. Det encryption must have a key space as big as the msg space. OTP*(k). Vernam ciphers and PRGs. RC4. Q3 .
Week 3 XX - M 1/21 Holiday: MLK’s birthday MLK.1, MLK.2, MLK.3, MLK.4
L07 - W 1/23 Unifying our PRG notions. Definitional variants for PRGs. Reductions. Example: G is a secure PRG implies Vernam[G] is an IND-secure enc scheme .
L08 - F 1/25 Q4. Problems with RC4 and its signature. The notion of a PRF. ChaCha20 as an example PRF. Two slides from class, Bernstein paper on ChaCha
Week 4 L09 - M 1/28 The definition of a PRF and a PRP. Nice things about ChaCha. Why constant-time matters. Ah historically important PRP: DES. Q5. Slides from class. Coppersmith: DES and its strength against attacks
L10 - W 1/30 The politics of DES (56-bit keys, hw-only, export control, standardization obstruction); cf with Winner’s account of Moses’s bridges. The AES blockcipher & arith in GF(28). Wiki:AES
L11 - F 2/01 Description of the books, classes, and video courses on our homepage. The birthday problem and its analysis. The PRP/PRF switching lemma. The Fundamental Lemma of Game-Playing [BR] chapts 3, 4 (switching lemma is 4.9)
Week 5 L12 - M 2/04 Q6. Finishing proof of the PRP/PRF switching lemma. CTR[E] mode of operation and its IND-security. .
L13 - W 2/06 Finishing the proof of CTR-mode security: a reduction. Other modes of operation: ECB is IND-insecure. CBC with a 0-IV is IND-insecure. CBC with a random IV is IND-secure. slides
L14 - F 2/08 Dog Day!!!. The key-recovery notion of blockcipher security and its insufficiency. PRP-security implies KR-security. The IND$ definition of enc scheme security. IND does not imply IND$ [BR:4.7]
Week 6 L15 - M 2/11 Stronger encryption goals: CCA-security and nonmalleability and authenticated encryption. Changing the syntax: nonces and AD. Disc section: IND$-security implies IND-security .
L16 - W 2/13 Q7. Message authentication codes: syntax and security definition. Secure PRFs are secure MACs. The (raw) CBC MAC and its insecurity. Fixing the CBC MAC: the 3-key construction. Almost-universal hash functions .
L17 - F 2/15 Midterm exam .
Week 7 XX - M 2/18 Holiday: President’s Day .
L18 - W 2/20 . .
L19 - F 2/22 . .
Week 8 L20 - M 2/25 . .
L21 - W 2/27 . .
L22 - F 3/01 . .
Week 9 L23 - M 3/04 . .
L24 - W 3/06 . .
L25 - F 3/08 . .
Week 10 L26 - M 3/11 . .
L27 - W 3/13 . .
L28 - F 3/15 . .
Week 11 XX - F 3/22 Final exam, 1-3 pm .