ECS 227 - Course Information - Spring 2007
Our course meets Mondays and Wednesdays from 6:10-7:30 pm in 127 Wellman.
Please try not to miss lectures; the material may not be accessible
any other way.
My office is 3063 Kemper.
Office hours are posted on the web, or by appointment, or by no
appointment (if you drop by
and I'm not too busy, I'll talk with you).
Go to my homepage at
and follow the
classes link to the
ECS 227 - Modern Cryptography - Spring 2007 web page.
I expect to lecture on some or all of the following topics:
introduction - blockciphers - symmetric encryption -
pseudorandom permutations and pseudorandom functions -
symmetric encryption - hash functions - message authentication codes -
authenticated encryption - asymmetric encryption - digital signatures
entity authentication - authenticated key exchange -
interactive proofs - zero knowledge.
Course material is subject to change depending on
how fast or slow I go, and depending on student interests.
You should communicate with me about what you are interested in.
You need to have some mathematical maturity to take this class; most especially,
you need to be able to understand what is (and what is not) a mathematically meaningful
definition. Though we don't use a lot of tools, we sometimes use
rather subtle definitions and proofs.
Courses like ECS 222A (Algorithms) and ECS 120 or ECS 220 (Theory of Computation)
are good for building up the necessary maturity.
Graduate standing in mathematics should also do.
I would say that this course is appropriate to first-year grad students with a good
math or CS background, and with an interest and some ability in theory, but it might not
be appropriate to a first-year grad student with minimal math skills or
There is no assigned text, and no published text gives a treatment similar to ours.
Instead, you can use the
evolving course notes by Mihir Bellare and me, accessible from the course web page.
The notes will change as the quarter progresses, so I suggest
that you do not print out any section before we discuss it in class.
If you're interested to have in hand an actual, finished book,
I can recommend two.
[Menezes, van Oorschot, Vanstone],
which is available free on-line.
It is heavy on methods and light on theory, but it useful.
Then there is the two-volume book by Oded Goldreich
that gives a scientific treatment of cryptography, but with sensibilities
rather different from my own.
There will be occasional homework assignments.
Homeworks should be typeset in LaTeX.
Late homeworks will not be accepted.
You may not consult any old homework solutions in preparing your homework.
Please acknowledge the source of any ideas,
whether it be a book, a paper, a colleague, or an apple tree
(avoid reclining under durian and jackfruit trees).
You may share ideas with someone else as
long as you acknowledge them.
If you work with one or more person on a writeup then
you should turn in a single writeup.
You must read a paper in the provable-security tradition of cryptography,
and then write something about it.
Alternatively, you must do some small research project of your own: anything
novel that touches on provable-security cryptography.
Projects are due the last day of class.
Writeups need not be long;
about 2-4 pages should do.
But they should be beautiful:
and preferably with some interesting or semi-interesting idea.
You will need my approval for final project choices, and you
must get this by the end of week 7.
I won't discuss the projects in class. You're on your own to
remember that you have to do this, and to budget your time
There's no midterm, but there's a sort-of final. I prefer to call
it a discussion. You'll come in to my office for about 25 minutes to chat.
During this time I'll try to ascertain how much you got out of the class.
Don't be worried about it; it ain't a big deal. But it helps
me understand what students are and are not understanding, and what they are
and are not interested in.
This is a non-required graduate class, so I expect students
to be here because they're genuinely interested in learning the
It is unfortunate that we are required to assign grades.
I base this on what has been mentioned already:
attendance, homeworks, your project, and our final discussion.
Research in cryptography
Please treat this class as your "invitation" for doing research in
cryptography, a most unusual and wonderful subject. Welcome!
Phil Rogaway's homepage