ECS 227 - Modern Cryptography — Winter 2009 — List of Lecture Topics

Wk ....Lecture.... .......................................................................................... Topic ..........................................................................................
1 #01 (M 1/05) Introduction. Classical vs. modern cryptography. NP-Completeness analogy. "Where" provable security is done. Classical goals. Bit commitment and coin flipping.
1 #02 (W 1/07) Secure function evaluation (average salary, millionaries's problem, dating problem). Symmetric encryption. Syntax. Substitution ciphers and a know-ciphertext attack.
2 #xx (M 1/12) No class (instructor out of town)
2 #xx (W 1/14) No class (instructor out of town)
3 #xx (M 1/19) Holiday (Martin Luther King Day).
3 #03 (W 1/21) Formalizing perfect privacy: three definitions. Equivalence of definitions 1 and 2. Substitution ciphers cannot achiever perfect privacy. One-time pad encryption.
3 #04 (F 1/23) Makeup class. Blockciphers. Feistel networks. Description and history of DES. Description and history of AES, including finite-field preliminaries.
4 #05 (M 1/26) Odds and ends on blockciphers: DES is not a group. Fast implementations of AES. Formalizing security: some apparently not-useful notions. The notion of a PRF.
4 #xx (W 1/28) No class (instructor out of town)
5 #06 (M 2/02) Defining PRF and PRP security. Birthday attacks. The PRP/PRF switching lemma. Incorrectly reasoning with conditional probabilities. A game-based proof.
5 #07 (W 2/04) Discussion of PS #1. PRP-security implies KR-security. The equivalence of PRP security and an apparent strengthening of it: a gentle hybrid argument.
5 #08 (F 2/06) Makeup class. Finishing PRP/PRP2 equivalence: more game-playing. Definitions of encryption-scheme security: real-or-random, left-or-right.
6 #09 (M 2/09) Your PS1 grades? (Phil's laptop stolen!). More symmetric-encryption: left-or-right security is equivalent to real-or-random. Find-then-guess security. Semantic security.
6 #10 (W 2/11) Going over PS #2 solutions. Achieving secure encryption: security of CTR mode. From information- to complexity- theoretic security.
7 #xx (M 2/16) Holiday (President's day)
7 #11 (W 2/18) Security of CBC$. A two-party authentication protocol: CCA2 security. CTR and CBC$ are not CCA2-secure.
7 #12 (F 2/20) Makeup class. Message authentication. Formalizing authenticity for an encryption scheme and a MAC. CBC and other privacy mechanisms don't give authenticity.
8 #13 (M 2/23) The CBC MAC, the encrypted CBC MAC. Security of Carter-Wegman MACs. Constructing AU-hash functions.
8 #14 (W 2/25) PS #3 solutions. Secure PRFs are secure MACs. Cryptographic hash functions. HMAC.
9 #15 (M 3/02) Authenticated encryption. Two definitions. Correct and incorrect generic-composition scheme. tweakable blockciphers. A TBC-based AE scheme.
9 #16 (W 3/04) Constructing a tweakable-blockcipher (the XEX construction). Asymmetric encryption: definition. The asymptotic approach. Asymptotically defining PRFs.
10 #17 (M 3/09) Number theory background. One-way functions & trapdoor permutations. The RSA trapdoor permutation. Problems with raw RSA. Hardcore bits.
10 #18 (W 3/11) Encrypting with RSA. OAEP. The Random-Oracle paradigm. Diffie-Hellman Key Exchange. ElGamal encryption. Digital signatures. Definitions. RSA-based signing.
11 #19 (M 3/16) Students describe their projects (8-10 mins each).