ECS 227 - Course Information - Fall 2003
Our course meets Wednesdays from 6:10-9:00 pm in 1134 Bainer.
There are ten three-hour lectures.
Please do not miss lectures.
If you do miss a lecture, video tapes are available from Fall 2001, but
the contents may or may not be a close match.
When you are in class, try to think.
I would like to reschedule one class meeting: the Wednesday before
Thanksgiving (Nov 26) I would like to move to the Monday of that week (Nov 24).
Making this change requires class consent.
If you object to the change, please see me or send me email this week.
Assuming I don't hear from anybody objecting to this change, I'll circulate
a list next week for you to sign, authorizing the rescheduling of the
My office is 3063 Kemper (formerly Eng II).
Office hours are by appointment, or by no appointment: if you drop by
and I'm not too busy, I'll talk with you.
(In the past I set official hours for this course, but nobody
ever seemed to come at the scheduled times, so I'll abandon that
unless there is demand.)
Most everything will be collected on-line.
Go to my homepage at
and follow the
classes link to the
ECS 227 - Modern Cryptography - Fall 2003 web page.
I expect to lecture on some or all of the following topics:
introduction - symmetric encryption - block ciphers -
pseudorandom permutations and pseudorandom functions -
one-way functions - pseudorandom generators -
symmetric encryption - hash functions - message authentication -
authenticated encryption - asymmetric encryption - digital signatures
- authenticated key exchange - interactive proofs - zero knowledge.
Course material is subject to change depending on
how fast (or slow) I go, and depending on student interests.
You should communicate with me about what you are interested in.
You need to have some mathematical maturity to take this class; most especially,
you need to be able to understand what is (and what is not) a mathematically meaningful
definition. Though we don't use a lot of tools, we sometimes use
rather subtle definitions and proofs.
Courses like ECS 222A (Algorithm) and ECS 120 (Theory of Computation) are good for
building up the necessary maturity and should be taken as nominal prerequisites.
Graduate standing in mathematics is a fine substitute, though you may wish you
had heard of things like "Turing machines" before.
It is the student's responsibility to make sure s/he is not "in too deep".
I would say that this course is appropriate to first-year grad students with a good
background, with an interest and some ability in theory; but it might not be
appropriate to a first-year student with minimal math skill or theory background.
There is no assigned text, and no reasonable text is currently available for the
material of this course. Evolving course notes can be found on-line, as well
as some supplemental papers.
If you're interested to have an actual, finished book,
the most useful may be that of
van Oorschot, Vanstone], which is available on-line, for free.
There is also a new book by
which gives a much more
scientific treatment of cryptography, but the scope is very limited and the
treatment will be quite different from ours.
There will be occasional homework assignments.
Homeworks should be typeset in LaTeX.
Late homeworks will not be accepted.
You may not consult any old homework solutions in preparing your homework.
Acknowledge the source of any ideas, whether it be a book, paper, colleague, or
You may share ideas with someone else as
long as you acknowledge them.
If you work with one or more person closely then
you should turn in a single writeup.
I myself believe that working closely with other students
tends to lead to an inferior understanding of course material,
but I don't forbid it,
both because it is impractical and because
some students honestly believe that they learn more working
with a friend.
You must read a paper in the provable-security tradition of cryptography,
and then write something about it.
Alternatively, you must do some small research project of your own: anything
novel that touches on provable-security cryptography.
Projects are due the last day of class.
Writeups need not be long;
about 2-4 pages should do.
But they should be beautiful:
nicely typeset (LaTeX, please),
and preferably with some interesting or semi-interesting idea.
If you have any doubt if your envisioned paper/project is OK, talk to me,
and do so more than two weeks before the project is due.
If you are reading a research paper,
going with one of
Mihir Bellare makes
a particularly safe choice, but this is certainly not required.
I won't discuss the projects in class. You're on your own to
remember that you have to do this, and to budget your time
There's no midterm, but there's a sort-of final. I prefer to call
it a "discussion". You'll come in to my office for 20-30 minutes,
we'll talk, and I'll try to ascertain how much you got out of the class.
Don't be worried about it; it ain't a big deal. But it helps
me understand what students are and are not understanding, and what they are
and are not interested in.
I am required to give grades, which will be based on
what has already been mentioned:
homeworks, your project, our final discussion, and attendance.
This is a non-required graduate class, so I expect students
to be here because they're genuinely interested in learning the
Research in cryptography
You may treat this class as your "invitation" for doing research in
cryptography, a most unusual and wonderful subject. Welcome!
Phil Rogaway's homepage