ECS 227 — Winter 2014 — List of Lecture Topics |
|||
---|---|---|---|
Lecture | Topic | ||
Week 1 | Lect 01 - M 1/6 | Intro. Four problems: {privacy, authenticity} x {symmetric, asymmetric}. Authenticated key exchange. Telephone coin flipping: Blum82; Cleve86; MNS09 | |
Lect 02 - W 1/8 | More sample problems: oblivious transfer (and a solution), dating problem, SFE, securely oursourcing computation, PRGs. Defn of a PRG: an advantage measure. | ||
Lect 03 - F 1/10 | One-time-pad encryption. Syntax of a (det, one-time) sym enc scheme. Perfect privacy. Limitations of OTP. Understanding the PRG notion. prg vs prg1 security. | ||
Week 2 | Lect 04 - F 1/17 | Reductions, and hybrid arguments: the equivalence of prg (q sample) and prg1 (one sample) security. | |
Week 3 | Lect 05 -W 1/22 | More discussion of hybrid arguments. PRFs and comparisson with PRGs. Making a PRF from a PRG. Irony. Destroying permutivity. The ChaCha PRF. PRPs. | |
Lect 06 - F 1/24 | Strange metal things. Feistel networks and history of DES. Cryptanalysis of DES. Multiple encryption and DESX. | ||
Week 4 | Lect 07 - M 1/27 | Description of AES. Operations on finite fields. Modes of operation: CBC$, CBC0$. Leaking of repetitions. CTR$ and the utility of parallelizability. | |
Lect 08 - W 1/29 | Wrong notions of encryption-scheme security, like key-recoverability. Good notions: indistinguisability, left-or-right, semantic security. Relations among notions. | ||
Week 5 | Lect 09 - M 2/03 | The ind$ notion of security. ind$ implies ind, but not conversely (how to prove separations). The PRP/PRF switching lemma. Proving the security of CBC$. | |
Lect 10 - W 2/05 | Finish conditional-probablity counterexample and the proof of CBC$. Chosen-ciphertext-attack (CCA) security and nonmalleability. Standard modes are neither. | ||
Week 6 | Lect 11 - M 2/10 | Formalizing nonmalleability. Message authentication codes. The Carter-Wegman paradigm. Constucting AU hash functions. | |
Lect 12 - W 2/12 | Proof of correctness of CW. Attacking the CBC MAC. From EMAC to CMAC. PMAC. Start HMAC. | ||
Week 7 | Lect 13 - W 2/19 | Going of PS2. Defining collision resistance. The Merkle-Damgard paradgigm. Human-ignorance poorf of security. NMAC. | |
Lect 14 - F 2/21 | Finish treatment of HMAC. Nonce-based encryption. Authenticated encryption. Associated data. | ||
Week 8 | Lect 15 - M 2/24 | Encrypt-with-redundancy doesn't work. Pitfalls in implementing encryption. Tweakable blockciphers. OCB from a tweakable blockcipher. | |
Lect 16 - W 2/26 | Constructing an efficient TBC. Very brief description of FPE. Definition of public-key encryption. | ||
Lect 17 - F 2/28 | Review of PK enc def. Trapdoor permutations. Number theory. RSA trapdoor permutation. Raw RSA isn't a good enc scheme. | ||
Week 9 | Lect 18 - M 3/03 | A hardcore bit for RSA. The Goldreich-Levin hardcore bit. RSA PKCS #1. OAEP. The random-oracle model. | |
Lect 19 - W 3/05 | The [CGH] result on random oracles. A proof in the ROM: IND-CPA security for f(R) || G(R) ⊕ M encryption. Defns for digital signatures. | ||
Week A | Lect 20 - M 3/10 | Digital sigantures review. Breaking raw RSA. PKCS #1. Signing in the ROM: FDH and PSS. Lamport signs. Merkle trees. | |
Lect 21 - W 3/12 | Topic to be selected from: EA and KD; zero knowledge; mass-surveillance resistance; a new AE scheme (AEZ) | ||
Lect 22 - F 3/12 | Student presentations, day 1: 1: Haochen (An uninstantiable ROM Scheme) 2: Martin, Daniel Indist Obfuscation) 3: Tom (Completely Nonmalleable Schemes) 4: Fed (Building PRFs from PRPs) 5: Robert (Thorp-Shuffle Enciphering) 6: ChrisP (Poly1305 MAC, Stronger Bounds for WC, Stronger Bounds for Perms) |
||
Week B | Lect 23 - M 3/15 | Student presentations - Day 2:
7: Nathan (Lattice-Based Cryptography); 8: Sophia (Code-Based Game-Playing); 9: James (MACs from Small Differentially-Uniform Perms); 10: Judy (KDM Security); 11: Joseph (Format-Transforming Encryption) (ranking/unranking: [Goldberg, Sipser 85] and [Bellare, Ristenpart, Rogaway 09]) 12: ChrisB (Bitcoin) |