Class 
Topic 
1M 4/01 
Basics. Read the syllabus.
Introduction: four basic problems in cryptography:
{priv, auth} x {sym, asym}.
Other ways to create asymmetry.

1W 4/03 
Quiz.
Secret Key Exchange (SKE) and the DH protocol.
Mean salary computation in the physical and communication model.

1R 4/04 
PS1 in discussion section 
1F 4/05 
Defined groups. Z_2, Z_N, Z_2^*.
Why Z_2^* is cryptographically useful.
The OTP encryption scheme.

2M 4/08 
Quiz. Reviewing OTP encryption. Correctness.
Defining perfect privacy for one message or multiple messages. 
2W 4/10 
Review. Secret sharing:
2of2, threshold schemes, definition for the general problem. 
2R 4/11 
Solutions to PS2. Map a deal to a point in Z_{C(52,26)}. Breaking LRprivacy for
a deterministic, stateless enc scheme.

2F 4/12 
Quiz. Privacy notion for secret sharing (SS). Shamir SS
(original paper)
Pseudorandom generators (PRGs). RC4 
3M 4/15 
Approaches to handling the domain & stretch of a PRG. Reductions.
From stretch1 to longstretch. 
3W 4/17 
∃ secure asym PRG ⇒ P≠NP.
A reduction: if g is a secure stretch1 PRG then
G[g] is a secure arbitrarystretch PRG.
Problems with RC4/PRGs.

3R 4/18 
Solutions to PS3. Defining indistinguishability.
Asymptotic way to do that. 
3F 4/19 
Quiz. Problems with PRGs and with RC4.
Syntax of a PRF (pseudorandom function).
A welldesigned PRF: Dan Bernstein’s
ChaCha20

4M 4/22 
The PRF security notion. Func(n,m).
Using a PRF to encrypt: prob. enc. with a PRF / ChaCha20.

4W 4/24 
Quiz. Notions of enc scheme security: LR, ind0, ind$. LRsecurity is
equivalent to ind0security. ind$ security is stronger. 
4R 4/25 
An alternative Chernoff bound for the HW.
A more efficient way to use a minimalstretch PRG. 
4F 4/26 
Finishing the reduction for ind$ ⇒ ind0.
Syntax for blockcipher. Signatures and initial history of DES and AES. 
5M 4/29 
Syntax and security definition for blockciphers.
How DES works. Why it’s key is so short. 
5W 5/01 
Cat Day: visits from Peanut and Cloud.
Winner’s Do Artifacts have Politics? (recommended),
and the key length of DES. AES. Arithmetic in GF(2^8).

5R 5/02 
Going over a practice quiz, including substitution ciphers and
password guessing. Review of GF(2^8) multiplication.

5F 5/03 
Quiz. Using a PRP to encrypt: ECB mode mode and critique. CTR mode.
The PRP/PRF switching lemma.

6M 5/06 
Gameplaying arguments; finish PRP/PRF switching lemma.
Proving security of CTR mode. CBC encryption.
Malleability of CBCencrypted text. 
6W 5/08 
CBCctr is not indsecure;
CBC$ is. Nonmalleability.
CTR and CBC are malleable.
MT cutoff. Then:
the CBC MAC. The definition of a MAC. 
6R 5/09 
Midterm review sessions: we worked out old midterms, as well as the
last problem on the current problem sets. 
6F 5/10 
Midterm 1. Cheatsheet allowed (one side of one page).
Overflow room: Wellman 207. About 20 students should go
there.

7M 5/13 
Midterms weren't great. A dog visits. MACs.
PRFs are good MACs. Raw CBC MAC: no good. Fixing it: CMAC.
CarterWegman MACs. GMAC.

7W 5/15 
Review of material on MACs. Evaluating polynomials efficiently.
Generic composition (prob enc + MAC).

7R k/16 
MT questions.
Authenticated encryption (AE / AEAD)
(Slides, we covered 1–19)

7F 5/17 
Finished AE, covering CCM, OCB, and tweakable blockcipher.
Cryptographic hash functions. Collision intractability. 
8M 5/20 
Deadline, 10pm, for +4% earlyturnin finalproject. 
8W 5/22 
. 
8R 5/23 
. 
8F 5/24 
. 
9M 5/27 
Deadline, 10pm, for +3% earlyturnin final project.
Holiday; no school; you will be lonely all by yourself in Wellman.

9W 5/29 
. 
9R 5/30 
. 
9F 5/31 
. 
9U 6/02 
810pm, totally optional activity: rock climbing (without the rocks) at
Rocknasium.
Suggest to fill out the waiver
in advance.

10M 6/03 
Midterm 2.
Overflow room is Wellman 115 (about 28 students should go
there). Deadline, 10pm, for final project.

10W 6/05 
Talk: Radical CS. Essay available a few days before. 