ECS 227 - Modern Cryptography — Winter 2009 — List of Lecture Topics |
|||
---|---|---|---|
Wk | ....Lecture.... | .......................................................................................... Topic .......................................................................................... | |
1 | #01 (M 1/05) | Introduction. Classical vs. modern cryptography. NP-Completeness analogy. "Where" provable security is done. Classical goals. Bit commitment and coin flipping. | |
1 | #02 (W 1/07) | Secure function evaluation (average salary, millionaries's problem, dating problem). Symmetric encryption. Syntax. Substitution ciphers and a know-ciphertext attack. | |
2 | #xx (M 1/12) | No class (instructor out of town) | |
2 | #xx (W 1/14) | No class (instructor out of town) | |
3 | #xx (M 1/19) | Holiday (Martin Luther King Day). | |
3 | #03 (W 1/21) | Formalizing perfect privacy: three definitions. Equivalence of definitions 1 and 2. Substitution ciphers cannot achiever perfect privacy. One-time pad encryption. | |
3 | #04 (F 1/23) | Makeup class. Blockciphers. Feistel networks. Description and history of DES. Description and history of AES, including finite-field preliminaries. | |
4 | #05 (M 1/26) | Odds and ends on blockciphers: DES is not a group. Fast implementations of AES. Formalizing security: some apparently not-useful notions. The notion of a PRF. | |
4 | #xx (W 1/28) | No class (instructor out of town) | |
5 | #06 (M 2/02) | Defining PRF and PRP security. Birthday attacks. The PRP/PRF switching lemma. Incorrectly reasoning with conditional probabilities. A game-based proof. | |
5 | #07 (W 2/04) | Discussion of PS #1. PRP-security implies KR-security. The equivalence of PRP security and an apparent strengthening of it: a gentle hybrid argument. | |
5 | #08 (F 2/06) | Makeup class. Finishing PRP/PRP2 equivalence: more game-playing. Definitions of encryption-scheme security: real-or-random, left-or-right. | |
6 | #09 (M 2/09) | Your PS1 grades? (Phil's laptop stolen!). More symmetric-encryption: left-or-right security is equivalent to real-or-random. Find-then-guess security. Semantic security. | |
6 | #10 (W 2/11) | Going over PS #2 solutions. Achieving secure encryption: security of CTR mode. From information- to complexity- theoretic security. | |
7 | #xx (M 2/16) | Holiday (President's day) | |
7 | #11 (W 2/18) | Security of CBC$. A two-party authentication protocol: CCA2 security. CTR and CBC$ are not CCA2-secure. | |
7 | #12 (F 2/20) | Makeup class. Message authentication. Formalizing authenticity for an encryption scheme and a MAC. CBC and other privacy mechanisms don't give authenticity. | |
8 | #13 (M 2/23) | The CBC MAC, the encrypted CBC MAC. Security of Carter-Wegman MACs. Constructing AU-hash functions. | |
8 | #14 (W 2/25) | PS #3 solutions. Secure PRFs are secure MACs. Cryptographic hash functions. HMAC. | |
9 | #15 (M 3/02) | Authenticated encryption. Two definitions. Correct and incorrect generic-composition scheme. tweakable blockciphers. A TBC-based AE scheme. | |
9 | #16 (W 3/04) | Constructing a tweakable-blockcipher (the XEX construction). Asymmetric encryption: definition. The asymptotic approach. Asymptotically defining PRFs. | |
10 | #17 (M 3/09) | Number theory background. One-way functions & trapdoor permutations. The RSA trapdoor permutation. Problems with raw RSA. Hardcore bits. | |
10 | #18 (W 3/11) | Encrypting with RSA. OAEP. The Random-Oracle paradigm. Diffie-Hellman Key Exchange. ElGamal encryption. Digital signatures. Definitions. RSA-based signing. | |
11 | #19 (M 3/16) | Students describe their projects (8-10 mins each). |