ECS 189A - Cryptography - Spring 2011 - List of Lecture Topics

Lecture Topic
Week 1 Lect 01 - M 3/28 Admin stuff: Read course information handout. Introduction: Four classical problems. Key distribution. Dating problem. Millionaire’s problem.
Lect 02 - W 3/30 Physical solution for millionaire’s problem. Protocol for the average-salary problem. The ring \Z_N of integers modulo N. Space aliens: chess is a stupid game.
Lect 03 - F 4/01 Substitution ciphers (a bad encryption scheme). Diaconis’ ciphertext-only attack. Other problems with the scheme. Alphabets, strings. Approximating ln n!
Week 2 Lect 04 - M 4/04 Stream ciphers. Three notions of security: Shannon security, perfect privacy, perfect indistinguishability. One-time pads. Problems with one-time pads.
Lect 05 - W 4/06 PS1 due. Truly random number generators. Breaking PRGs with 2^k time. Fields, irreducible polynomials, primitive polynomials, and LFSRs.
Lect 06 - F 4/08 The recurrence relation associated to an LFSR. Galois form of an LFSR. Trivium. RC4. Dealing with key-setup costs and loss of synchronization: PRFs.
Week 3 Lect 07 - M 4/11 The Data Encryption Standard (DES): history, Feistel networks, definition of the algorithm, implementation comments, exhaustive key search.
Lect 08 - W 4/13 PS2 due. Analysis of exhaustive key search. Protecting DES from it: 3DES and DESX. Why 2DES doesn’t work. Linear & Differential cryptanalysis.
Lect 09 - F 4/15 Description of AES and the process by which it arose. Defining a blockcipher’s security by associating a real number to an adversary: Adv(A).
Week 4 Lect 10 - M 4/18 Review: gjm-security. Too weak. Key-recovery (kr) security. Too weak. The ideal blockcipher, Bloc(n). A reduction: gjm-secure ⇒ kr-secure.
Lect 11 - W 4/20 Review of last lecture. PRP-security (expressed in two way). PRP-security implies key-recovery security (didn’t finish analyzing the reduction).
Lect 12 - F 4/22 PS3 due. Finish analyzing the reduction from last time. Tightness of reductions. ECB mode. Problems with ECB mode. Dealing with the length-restriction issue.
Week 5 Lect 13 - M 4/25 More modes of operation: ECB, CBC#, CBC$, CTR#, CTR$. How do you know if an encryption mode is good? Towards a definition of security (ind-security).
Lect 14 - W 4/27 The ind notion of security. The ind$-notion. ind$-security implies ind-security: a hybrid argument. Trying to break the ind-security of some modes.
Lect 15 - F 4/29 Finish symmetric encryption. Cryptographic hash functions: one-wayness, second preimage resistance, and collision resistance. Applications.
Week 6 Lect 16 - M 5/02 Merkle-Damgaard and Davies-Meyer constructions. Definition of SHA1. Problems defining collision-resistance: the “human ignorance” viewpoint.
Lect 17 - W 5/04 PS4 due. Finish human-ignorance view. Proving Merkle-Damgaard. Constructing a PRF on {0,1}*: keying MD doesn’ work; CR-hash then PRP does.
Lect 18 - F 5/06 Correcting an error from last time. HMAC and its security. The CBC MAC and CMAC, and their security. MACs. PRF-secure implies MAC-secure.
Week 7 Lect 19 - M 5/9 Authenticated encryption. Ways to combine a PRF and an ind-secure encryption scheme. Another wrong approach: adding a checksum to CBC encryption.
Lect 20 - W 5/11 Authenticated encryption, cont. Why adding redundancy to CBC encryption doesn’t work. Associated data. AE modes CCM, GCM, and OCB.
Lect 21 - F 5/13 Finishing OCB: realizing tweakable blockciphers. Public-key encryption. Trapdoor permutations. Diffie-Hellman key exchange. Two DH assumptions.
Week 8 Lect 22 - M 5/16 PS5 due. Review of trapdoor permutations, DH assumptions, and ElGamal encryption. Defining public-key encryption. Defining digital signatures.
Lect 23 - W 5/18 Number-theoretic preliminaries. Description of the raw RSA trapdoor permutation. Raw RSA as an encryption scheme (wrong) or signature scheme (wrong).
Lect 24 - F 5/20 Encrypting with RSA: bit-by-bit enc + random x with lsb(x)=b. PKCS #1, v.1. OAEP. The random-oracle paradigm. Signing with RSA: PKCS #1, v.1, and FDH.
Week 9 Lect 25 - M 5/23 PS6 due. The PSS signature scheme. ElGamal and DSA signatures. Elliptic curve groups (how to define addition) and why they’re used.
Lect 26 - W 5/25 Signing with a hash function: Lamport signatures and Merkle trees. Public-key certificates and IBE. What an FHE scheme does.
Lect 27 - F 5/27 The Oblivious Transfer (OT) problem and an RSA-based solution. 2-Party Secure Function Evaluation (2P SFE) and a solution with OT and a blockcipher.
Week 10 Lect xx - M 5/30 Holiday — no class. Don’t come to class. Go away. Do something interesting. Go study your crypto, of course.
Lect 28 - W 6/01 PS7 due. Zero-knowledge interactive proofs. ZK protocol for GRAPH 3-COLOR. The ambiguous relationship between cryptography and power. Bye!
Lect xx - F 6/03 I will lead a review session (it is of course optional) from 2:10–4 in our usual room.
Week 11 Lect xx - R 6/09 Final – 10:30-12:30 (146 Robbins)