ECS 127 - Cryptography - Spring 2016 - List of Lecture Topics

Lecture Topic References

Week 1 L01 - M 3/28 Logistics, incl. academic misconduct policy. Introduction. Four basic crypto problems: {priv, auth} x {sym, asym}. Kerchoffs’s principle. [BR: Ch.1], [Be: Ch.1], [DH76]

L02 - W 3/30 Odder crypto problems: the mean salary problem (SFE / MPC) and the Dating Problem (2-party SFE), in physical and msg-based models (MPC)

L03 - F 4/01 Crypto for privacy, security, crypto, and power. Cryptographic activites. Probability review. Prob spaces, events, RVs. Substitution ciphers [Bo Lects 1.4,1.5]

Week 2 L04 - M 4/04 Syntax of a sym encryption scheme. Diaconis algorithm for ciphertext-only attack on a substitution cipher. Problems with substitution ciphers. [D09]

L05 - W 4/06 Three notions of security (perfect privacy, Shannon privacy, real-or-zero). The OTP achieves these notions [KL Ch.2]

L06 - F 4/08 Dealing with the one-time aspect of OTPs: stateful and IV-based encryption. Vernam ciphers. Malleability. The A5/1 stream cipher [PS14]

Week 3 L07 - M 4/11 More stream ciphers: RC4 and Chacha20 Modern syntax and security notion for a stream cipher. [Be2005], [Be2008], (Salsa20)

L08 - W 4/13 Syntax and security defns for a PRG, arbitrary-output-length PRGs, and stream cipher. Syntax for a blockcipher. Description of DES (Blockcipher), (DES), (DES+)

L09 - F 4/15 Dog day! Finish DES and attacks on it. Preliminaries for AES: basics on finite fields (Finite field 1), (Finite field 2)

Week 4 L10 - M 4/18 Quiz. The AES blockcipher: why it was developed and how it works. (AES), [BR:2]

L11 - W 4/20 Security for blockciphers: key-recovery (kr), unrepdictability (unp), PRP secuity. Start PRP-secure implies KR-secure. Reductions [BR:3]

L12 - F 4/22 Finish PRP-secure implies KR-secure. The PRP/PRF switching lemma. Game-based proofs and the fundamental lemma [BR:4], [B:4]

Week 5 L13 - M 4/25 Finish PRP/PRF switching lemma: a birthday bound. CBC encryption w/ zeroIV, ctrIV, randIV, chainIV. Syntax of a sym enc scheme [BR:4], [BR:A]

L14 - W 4/27 Defs of security for prob (or stateful) sym enc: ind1, ind2, lr; ind$. Relationships among them. CTR-ctrIV is secure [BR:4]

L15 - F 4/29 Review of hybrid argument from last time. Attacking schemes using security notions. Nonce-based sym enc [BR:4]

Week 6 L16 - M 5/02 The asymptotic approach to formalizing security: security parameters, PPT, negligibility. CCA security, nonmalleability, authenticity [KL:3]

L17 - W 5/04 Two definitions for authenticated encryption (AE) and their equivalence. The notion of a MAC. The raw CBC MAC [BR:7]

L18 - F 5/06 Making the CBC MAC work: CMAC and Carter-Wegman MACs. ε-AU hashing. Poly evaluation / GF(2^128) is ε-AU for small ε [BR:7]

Week 7 L19 - M 5/9 Midterm .

L20 - W 5/11 Guest lecture: Tor (Tor)

L21 - F 5/13 PRFs are MACs. The notion of associated data. The notion of AEAD. The SIV construction. CCM, GCM, and OCB [B:AE]

Week 8 L22 - M 5/16 Signature of a cryptographic hash functions. Formalizing collision-resistance. Foundational concerns. Hash function uses [BR:6]

L23 - W 5/18 Proof of the Merkle-Damgard theorem. Davies-Meyer. SHA-1’s blockcipher. Spoonge construction and Keccak. Memory-hard hashing (MD), (SHA1), (SHA3), (scrypt)

L24 - F 5/20 A definition for public-key encryption. Some algebra/number theory. Diffie-Hellman Key Exchange. Turning this into an enc scheme [BR:11]

Week 9 L25 - M 5/23 Hash Diffie-Hellman encryption. CDH vs. DDH assumptions. Trapdoor permutations. The RSA trapdoor permutation [BR:11]

L26 - W 5/25 The RSA assumption. Encryptiong with hardcore bits. PKCS #1 encryption. OAEP. Digital signatures. Signing with PKCS #1 [BR:12]

L27 - F 5/27 Signing from a OWF or hash fn: Lamport (one-time) sigs. AKE: man-in-the-middle attacks on DH; signed DH; SSL/TLS (Protocols), (TLS)

Week 10 Lxx - M 5/30 Holiday — no class .

L28 - W 6/01 Award winners: limericks and more. Finishing AKE. Forward secrecy. PAKEs. Why crypto has a political and moral character [R:essay]

Lyy - F 6/03 No lecture. Today is dead day, fellow zombies. Review session at 12:10 pm in 126 Wellman .

Week 11 Lzz - M 6/06 Final – 3:30-5:30 .

ECS 127 - Cryptography - Spring 2016 - List of Lecture Topics
	Lecture	Topic	References
Week 1	L01 - M 3/28	Logistics, incl. academic misconduct policy. Introduction. Four basic crypto problems: {priv, auth} x {sym, asym}. Kerchoffs’s principle.	[BR: Ch.1], [Be: Ch.1], [DH76]
	L02 - W 3/30	Odder crypto problems: the mean salary problem (SFE / MPC) and the Dating Problem (2-party SFE), in physical and msg-based models	(MPC)
	L03 - F 4/01	Crypto for privacy, security, crypto, and power. Cryptographic activites. Probability review. Prob spaces, events, RVs. Substitution ciphers	[Bo Lects 1.4,1.5]
Week 2	L04 - M 4/04	Syntax of a sym encryption scheme. Diaconis algorithm for ciphertext-only attack on a substitution cipher. Problems with substitution ciphers.	[D09]
	L05 - W 4/06	Three notions of security (perfect privacy, Shannon privacy, real-or-zero). The OTP achieves these notions	[KL Ch.2]
	L06 - F 4/08	Dealing with the one-time aspect of OTPs: stateful and IV-based encryption. Vernam ciphers. Malleability. The A5/1 stream cipher	[PS14]
Week 3	L07 - M 4/11	More stream ciphers: RC4 and Chacha20 Modern syntax and security notion for a stream cipher.	[Be2005], [Be2008], (Salsa20)
	L08 - W 4/13	Syntax and security defns for a PRG, arbitrary-output-length PRGs, and stream cipher. Syntax for a blockcipher. Description of DES	(Blockcipher), (DES), (DES+)
	L09 - F 4/15	Dog day! Finish DES and attacks on it. Preliminaries for AES: basics on finite fields	(Finite field 1), (Finite field 2)
Week 4	L10 - M 4/18	Quiz. The AES blockcipher: why it was developed and how it works.	(AES), [BR:2]
	L11 - W 4/20	Security for blockciphers: key-recovery (kr), unrepdictability (unp), PRP secuity. Start PRP-secure implies KR-secure. Reductions	[BR:3]
	L12 - F 4/22	Finish PRP-secure implies KR-secure. The PRP/PRF switching lemma. Game-based proofs and the fundamental lemma	[BR:4], [B:4]
Week 5	L13 - M 4/25	Finish PRP/PRF switching lemma: a birthday bound. CBC encryption w/ zeroIV, ctrIV, randIV, chainIV. Syntax of a sym enc scheme	[BR:4], [BR:A]
	L14 - W 4/27	Defs of security for prob (or stateful) sym enc: ind1, ind2, lr; ind$. Relationships among them. CTR-ctrIV is secure	[BR:4]
	L15 - F 4/29	Review of hybrid argument from last time. Attacking schemes using security notions. Nonce-based sym enc	[BR:4]
Week 6	L16 - M 5/02	The asymptotic approach to formalizing security: security parameters, PPT, negligibility. CCA security, nonmalleability, authenticity	[KL:3]
	L17 - W 5/04	Two definitions for authenticated encryption (AE) and their equivalence. The notion of a MAC. The raw CBC MAC	[BR:7]
	L18 - F 5/06	Making the CBC MAC work: CMAC and Carter-Wegman MACs. ε-AU hashing. Poly evaluation / GF(2^128) is ε-AU for small ε	[BR:7]
Week 7	L19 - M 5/9	Midterm	.
	L20 - W 5/11	Guest lecture: Tor	(Tor)
	L21 - F 5/13	PRFs are MACs. The notion of associated data. The notion of AEAD. The SIV construction. CCM, GCM, and OCB	[B:AE]
Week 8	L22 - M 5/16	Signature of a cryptographic hash functions. Formalizing collision-resistance. Foundational concerns. Hash function uses	[BR:6]
	L23 - W 5/18	Proof of the Merkle-Damgard theorem. Davies-Meyer. SHA-1’s blockcipher. Spoonge construction and Keccak. Memory-hard hashing	(MD), (SHA1), (SHA3), (scrypt)
	L24 - F 5/20	A definition for public-key encryption. Some algebra/number theory. Diffie-Hellman Key Exchange. Turning this into an enc scheme	[BR:11]
Week 9	L25 - M 5/23	Hash Diffie-Hellman encryption. CDH vs. DDH assumptions. Trapdoor permutations. The RSA trapdoor permutation	[BR:11]
	L26 - W 5/25	The RSA assumption. Encryptiong with hardcore bits. PKCS #1 encryption. OAEP. Digital signatures. Signing with PKCS #1	[BR:12]
	L27 - F 5/27	Signing from a OWF or hash fn: Lamport (one-time) sigs. AKE: man-in-the-middle attacks on DH; signed DH; SSL/TLS	(Protocols), (TLS)
Week 10	Lxx - M 5/30	Holiday — no class	.
	L28 - W 6/01	Award winners: limericks and more. Finishing AKE. Forward secrecy. PAKEs. Why crypto has a political and moral character	[R:essay]
	Lyy - F 6/03	No lecture. Today is dead day, fellow zombies. Review session at 12:10 pm in 126 Wellman	.
Week 11	Lzz - M 6/06	Final – 3:30-5:30	.