Class | Topic |
---|---|
1M 4/01 | Basics. Read the syllabus. Introduction: four basic problems in cryptography: {priv, auth} x {sym, asym}. Other ways to create asymmetry. |
1W 4/03 | Quiz. Secret Key Exchange (SKE) and the DH protocol. Mean salary computation in the physical and communication model. |
1R 4/04 | PS1 in discussion section |
1F 4/05 | Defined groups. Z_2, Z_N, Z_2^*. Why Z_2^* is cryptographically useful. The OTP encryption scheme. |
2M 4/08 | Quiz. Reviewing OTP encryption. Correctness. Defining perfect privacy for one message or multiple messages. |
2W 4/10 | Review. Secret sharing: 2-of-2, threshold schemes, definition for the general problem. |
2R 4/11 | Solutions to PS2. Map a deal to a point in Z_{C(52,26)}. Breaking LR-privacy for a deterministic, stateless enc scheme. |
2F 4/12 | Quiz. Privacy notion for secret sharing (SS). Shamir SS (original paper) Pseudorandom generators (PRGs). RC4 |
3M 4/15 | Approaches to handling the domain & stretch of a PRG. Reductions. From stretch-1 to long-stretch. |
3W 4/17 | ∃ secure asym PRG ⇒ P≠NP. A reduction: if g is a secure stretch-1 PRG then G[g] is a secure arbitrary-stretch PRG. Problems with RC4/PRGs. |
3R 4/18 | Solutions to PS3. Defining indistinguishability. Asymptotic way to do that. |
3F 4/19 | Quiz. Problems with PRGs and with RC4. Syntax of a PRF (pseudorandom function). A well-designed PRF: Dan Bernstein’s ChaCha20 |
4M 4/22 | The PRF security notion. |Func(n,m)|. Using a PRF to encrypt: prob. enc. with a PRF / ChaCha20. |
4W 4/24 | Quiz. Notions of enc scheme security: LR, ind0, ind$. LR-security is equivalent to ind0-security. ind$ security is stronger. |
4R 4/25 | An alternative Chernoff bound for the HW. A more efficient way to use a minimal-stretch PRG. |
4F 4/26 | Finishing the reduction for ind$ ⇒ ind0. Syntax for blockcipher. Signatures and initial history of DES and AES. |
5M 4/29 | Syntax and security definition for blockciphers. How DES works. Why it’s key is so short. |
5W 5/01 | Cat Day: visits from Peanut and Cloud. Winner’s Do Artifacts have Politics? (recommended), and the key length of DES. AES. Arithmetic in GF(2^8). |
5R 5/02 | Going over a practice quiz, including substitution ciphers and password guessing. Review of GF(2^8) multiplication. |
5F 5/03 | Quiz. Using a PRP to encrypt: ECB mode mode and critique. CTR mode. The PRP/PRF switching lemma. |
6M 5/06 | Game-playing arguments; finish PRP/PRF switching lemma. Proving security of CTR mode. CBC encryption. Malleability of CBC-encrypted text. |
6W 5/08 | CBC-ctr is not ind-secure; CBC$ is. Nonmalleability. CTR and CBC are malleable. MT cutoff. Then: the CBC MAC. The definition of a MAC. |
6R 5/09 | Midterm review sessions: we worked out old midterms, as well as the last problem on the current problem sets. |
6F 5/10 | Midterm 1. Cheat-sheet allowed (one side of one page). Overflow room: Wellman 207. About 20 students should go there. |
7M 5/13 | Midterms weren't great. A dog visits. MACs. PRFs are good MACs. Raw CBC MAC: no good. Fixing it: CMAC. Carter-Wegman MACs. GMAC. |
7W 5/15 | Review of material on MACs. Evaluating polynomials efficiently. Generic composition (prob enc + MAC). |
7R k/16 | MT questions. Authenticated encryption (AE / AEAD) (Slides, we covered 1–19) |
7F 5/17 | Finished AE, covering CCM, OCB, and tweakable blockcipher. Cryptographic hash functions. Collision intractability. |
8M 5/20 | Crypt hash functions: additional uses, Merkle-Damgard,
Davies-Meyer. Making the blockcipher (SHA-1).
PK encryption: syntax. Deadline, 10pm, for +4% early-turnin final project. |
8W 5/22 | Quiz. Defining ind-security for a PK-enc scheme. Using DH key-exchange for an enc scheme. DDH vs. CDH. The random-oracle model (ROM). |
8R 5/23 | HW6, problems 19 and 20. Breaking CBC-enc-with-arbitrary-redundancy as an AEAD scheme. |
8F 5/24 | Review: random oracles, CDH vs. DDH. DH-encryption with DHIES. Trapdoor permutations. Not for direct use. The RSA trapdoor permutation. |
9M 5/27 | Deadline, 10pm, for +3% early-turnin final project. Holiday; no school; you will be lonely all by yourself in Wellman. |
9W 5/29 | Trapdoor permutations, cont. Encrypting by f(M) (no), or by f(R) || H(R)⊕M, OAEP. Digital signatures. Signing by g(M) (no), or by FDH or PSS. |
9R 5/30 | We went over Problem 20 from today’s problem set, then the 2019 final for the class. |
9F 5/31 | Stateful digital signatures from a hash function (Lamport’s scheme, Merkle trees). The grid of goal, revisited. |
9U 6/02 | 8-10pm, totally optional activity: rock climbing (without the rocks) at Rocknasium. Suggest to fill out the waiver in advance. |
10M 6/03 | Midterm 2. Overflow room is Wellman 115 (about 28 students should go there). Deadline, 10pm, for final project. |
10W 6/05 | Talk:
The Last Lecture: A dozen suggestions you
probably don’t want to hear.
Essay I considered for today (if you have time): The Moral Character of Cryptographic Work (2015), On Being a |
10R 6/05 | Optional disc at 11am (TLC 3212) & 2pm (TLC 2218): zero-knowledge proofs. Tea party. Bring a mug and, if you can, a thermos of coffee or tea. You could bake something, too. |