ECS 227 — Winter 2014 — List of Lecture Topics

Lecture Topic
Week 1 Lect 01 - M 1/6 Intro. Four problems: {privacy, authenticity} x {symmetric, asymmetric}. Authenticated key exchange. Telephone coin flipping: Blum82; Cleve86; MNS09
Lect 02 - W 1/8 More sample problems: oblivious transfer (and a solution), dating problem, SFE, securely oursourcing computation, PRGs. Defn of a PRG: an advantage measure.
Lect 03 - F 1/10 One-time-pad encryption. Syntax of a (det, one-time) sym enc scheme. Perfect privacy. Limitations of OTP. Understanding the PRG notion. prg vs prg1 security.
Week 2 Lect 04 - F 1/17 Reductions, and hybrid arguments: the equivalence of prg (q sample) and prg1 (one sample) security.
Week 3 Lect 05 -W 1/22 More discussion of hybrid arguments. PRFs and comparisson with PRGs. Making a PRF from a PRG. Irony. Destroying permutivity. The ChaCha PRF. PRPs.
Lect 06 - F 1/24 Strange metal things. Feistel networks and history of DES. Cryptanalysis of DES. Multiple encryption and DESX.
Week 4 Lect 07 - M 1/27 Description of AES. Operations on finite fields. Modes of operation: CBC$, CBC0$. Leaking of repetitions. CTR$ and the utility of parallelizability.
Lect 08 - W 1/29 Wrong notions of encryption-scheme security, like key-recoverability. Good notions: indistinguisability, left-or-right, semantic security. Relations among notions.
Week 5 Lect 09 - M 2/03 The ind$ notion of security. ind$ implies ind, but not conversely (how to prove separations). The PRP/PRF switching lemma. Proving the security of CBC$.
Lect 10 - W 2/05 Finish conditional-probablity counterexample and the proof of CBC$. Chosen-ciphertext-attack (CCA) security and nonmalleability. Standard modes are neither.
Week 6 Lect 11 - M 2/10 Formalizing nonmalleability. Message authentication codes. The Carter-Wegman paradigm. Constucting AU hash functions.
Lect 12 - W 2/12 Proof of correctness of CW. Attacking the CBC MAC. From EMAC to CMAC. PMAC. Start HMAC.
Week 7 Lect 13 - W 2/19 Going of PS2. Defining collision resistance. The Merkle-Damgard paradgigm. Human-ignorance poorf of security. NMAC.
Lect 14 - F 2/21 Finish treatment of HMAC. Nonce-based encryption. Authenticated encryption. Associated data.
Week 8 Lect 15 - M 2/24 Encrypt-with-redundancy doesn't work. Pitfalls in implementing encryption. Tweakable blockciphers. OCB from a tweakable blockcipher.
Lect 16 - W 2/26 Constructing an efficient TBC. Very brief description of FPE. Definition of public-key encryption.
Lect 17 - F 2/28 Review of PK enc def. Trapdoor permutations. Number theory. RSA trapdoor permutation. Raw RSA isn't a good enc scheme.
Week 9 Lect 18 - M 3/03 A hardcore bit for RSA. The Goldreich-Levin hardcore bit. RSA PKCS #1. OAEP. The random-oracle model.
Lect 19 - W 3/05 The [CGH] result on random oracles. A proof in the ROM: IND-CPA security for f(R) || G(R) ⊕ M encryption. Defns for digital signatures.
Week A Lect 20 - M 3/10 Digital sigantures review. Breaking raw RSA. PKCS #1. Signing in the ROM: FDH and PSS. Lamport signs. Merkle trees.
Lect 21 - W 3/12 Topic to be selected from: EA and KD; zero knowledge; mass-surveillance resistance; a new AE scheme (AEZ)
Lect 22 - F 3/12 Student presentations, day 1:
1: Haochen (An uninstantiable ROM Scheme)
2: Martin, Daniel Indist Obfuscation)
3: Tom (Completely Nonmalleable Schemes)
4: Fed (Building PRFs from PRPs)
5: Robert (Thorp-Shuffle Enciphering)
6: ChrisP (Poly1305 MAC, Stronger Bounds for WC, Stronger Bounds for Perms)
Week B Lect 23 - M 3/15 Student presentations - Day 2:
7: Nathan (Lattice-Based Cryptography);
8: Sophia (Code-Based Game-Playing);
9: James (MACs from Small Differentially-Uniform Perms);
10: Judy (KDM Security);
11: Joseph (Format-Transforming Encryption) (ranking/unranking: [Goldberg, Sipser 85] and [Bellare, Ristenpart, Rogaway 09])
12: ChrisB (Bitcoin)