Most lectures will be two hours, and I expect that there will be about 22 lectures.

COMP 745 - Term 2 of 2002 - Lecture topics to date

..Lect.. ........Date........ Topic

Lect 0 10.28.02 Mon Organizational meeting. Example problems in cryptography (zero knowledge, dating problem).

Lect 1 10.30.02 Wed Introduction, v. 1. Sample problems in cryptography: interactive proofs, zero knowledge, commitment schemes, telephone coin flipping.

Lect 2 11.04.02 Mon Introduction, v. 2. The provable-security paradigm. A layered-look at building secure protocols. Block ciphers. Syntax. Counting how many.

Lect 3 11.06.02 Wed Block ciphers, continued. Description of DES. Description of AES, part 1: finite field arithmetic (the field with 256 points).

Lect 4 11.11.02 Mon Finish AES. Notation for describing experiments. KPA, CPA, CCA attacks. A definition of block-cipher security: fnp-cpa (find a new pair).

Lect 5 11.13.02 Wed More notions of block-cipher security: key-recovery security. PRP security.

. . Phil out of town

Lect 6 11.27.02 Wed PRP security implies KR-security. PRF security. PRP security and PRF security are almost the same. Block-cipher modes of operation.

Lect 7 11.29.02 Fri An example of a hybrid argument: showing that PRP is unchanged by the addition of a reference enciphering oracle.

Lect 8 12.02.02 Mon Definitions of encryption-scheme security: ind, find-then-guess, semantic security, and ind$.

. . Mini-break (never quite understood the reason, but that's ok!)

Lect 9 12.11.02 Wed Proving relationships among notions of encryption-scheme security. Breaking wrong schemes: CTRctr, CBCctr, CBCchain.

Lect 10 12.16.02 Mon Proving security of CTRrnd. Proving security of CBCrnd.

Lect 11 12.20.02 Fri Hash functions. The Merkle-Damgard construction and its proof. SHA1. Applications of hash functions. Foundational problems.

Lect 12 01.03.03 Fri Definitions for hash functions: collision-resistance, UOWHFs, and AU2.

Lect 13 01.06.03 Mon Constructions for AU2 hash functions.

Lect 14 01.10.03 Fri Message authentication. Definitions. Encryption with redundancy doesn't work. Breaking the CBC MAC. HMAC and CBC MAC variants.

Lect 15 01.13.03 Mon The CW approach. Combining encryption and MAC. Number theory background.

Lect 16 01.17.03 Fri Finish number theory. The complexity-theoretic approach to definitions.

Lect 17 01.20.03 Mon Public-key encryption from RSA. The RSA assumption. Public-key encryption from DH. The DH assumptions.

Lect 18 01.24.03 Fri .

Lect 19 01.27.03 Mon .

Lect 20 01.31.03. Fri .

Lect 21 02.03.03 Mon .

Lect 22 02.07.03 Fri .

COMP 745 - Term 2 of 2002 - Lecture topics to date
..Lect..	........Date........	Topic
Lect 0	10.28.02 Mon	Organizational meeting. Example problems in cryptography (zero knowledge, dating problem).
Lect 1	10.30.02 Wed	Introduction, v. 1. Sample problems in cryptography: interactive proofs, zero knowledge, commitment schemes, telephone coin flipping.
Lect 2	11.04.02 Mon	Introduction, v. 2. The provable-security paradigm. A layered-look at building secure protocols. Block ciphers. Syntax. Counting how many.
Lect 3	11.06.02 Wed	Block ciphers, continued. Description of DES. Description of AES, part 1: finite field arithmetic (the field with 256 points).
Lect 4	11.11.02 Mon	Finish AES. Notation for describing experiments. KPA, CPA, CCA attacks. A definition of block-cipher security: fnp-cpa (find a new pair).
Lect 5	11.13.02 Wed	More notions of block-cipher security: key-recovery security. PRP security.
.	.	Phil out of town
Lect 6	11.27.02 Wed	PRP security implies KR-security. PRF security. PRP security and PRF security are almost the same. Block-cipher modes of operation.
Lect 7	11.29.02 Fri	An example of a hybrid argument: showing that PRP is unchanged by the addition of a reference enciphering oracle.
Lect 8	12.02.02 Mon	Definitions of encryption-scheme security: ind, find-then-guess, semantic security, and ind$.
.	.	Mini-break (never quite understood the reason, but that's ok!)
Lect 9	12.11.02 Wed	Proving relationships among notions of encryption-scheme security. Breaking wrong schemes: CTRctr, CBCctr, CBCchain.
Lect 10	12.16.02 Mon	Proving security of CTRrnd. Proving security of CBCrnd.
Lect 11	12.20.02 Fri	Hash functions. The Merkle-Damgard construction and its proof. SHA1. Applications of hash functions. Foundational problems.
Lect 12	01.03.03 Fri	Definitions for hash functions: collision-resistance, UOWHFs, and AU2.
Lect 13	01.06.03 Mon	Constructions for AU2 hash functions.
Lect 14	01.10.03 Fri	Message authentication. Definitions. Encryption with redundancy doesn't work. Breaking the CBC MAC. HMAC and CBC MAC variants.
Lect 15	01.13.03 Mon	The CW approach. Combining encryption and MAC. Number theory background.
Lect 16	01.17.03 Fri	Finish number theory. The complexity-theoretic approach to definitions.
Lect 17	01.20.03 Mon	Public-key encryption from RSA. The RSA assumption. Public-key encryption from DH. The DH assumptions.
Lect 18	01.24.03 Fri	.
Lect 19	01.27.03 Mon	.
Lect 20	01.31.03. Fri	.
Lect 21	02.03.03 Mon	.
Lect 22	02.07.03 Fri	.