ECS 227 — Course Information — Spring 2010
Our class is scheduled to meet Mondays and Wednesdays from 6:10-7:30 pm in 244 Olson.
I expect that the two week-3 lectures of 4/12 and 4/14 will be rescheduled due to travel.
If the class consents, these will probably be reschedule to the following two Fridays;
or, if students prefer, we can meet for 2-hour (6:10 - 8:00 pm) instead of 1.5 hours for about
six of our class meetings. We will discuss which way to do this during Lecture 1.
Please do your best not to miss any lectures; the material may not be accessible any other way.
My office is 3009 Kemper.
Office hours are either scheduled (hours posted on my homepage, by appointment, or by no
appointment (if you drop by and I'm not too busy, I'll talk with you).
Go to my homepage at
and follow the obvious link to our
course web page.
I expect to lecture on most or the following topics:
introduction - blockciphers - symmetric encryption -
pseudorandom permutations and pseudorandom functions -
symmetric encryption - formata-preserving encryption - hash functions - message authentication codes -
authenticated encryption - asymmetric encryption - digital signatures
entity authentication - authenticated key exchange -
interactive proofs - zero knowledge.
Course material is subject to change depending on
how fast or slow I go, as well as student interests.
You should communicate with me about what you are interested in.
You need to have some mathematical maturity to take this class; most especially,
you need to be able to understand what is (and what is not) a mathematically meaningful
definition. Though we don't use a lot of tools, we sometimes use
rather subtle definitions and proofs.
Courses like ECS 222A (Algorithms) and ECS 120 or ECS 220 (Theory of Computation)
are good for building up the necessary maturity.
Graduate standing in mathematics should also do fine.
I would say that this course is appropriate to first-year grad students with a good
math or CS background, and with an interest and some ability in theory, but it might not
be appropriate to a first-year grad student with minimal math skills or
I have taught 227 most years, but sometimes I skip one and teach a different graduate class.
I do not believe that 227 will be offered next academic year.
There is no "required" text, but
there are evolving course notes by Mihir Bellare and me, accessible from the course web page.
If you'd like an actual, finished book, the closest one in spirit would seem to be that of
Lindell and Katz,
Introduction to Modern Cryptography (2007).
It's pretty good.
There will be occasional homework assignments.
Homeworks should be typeset in LaTeX.
Late homeworks will not be accepted.
You may not consult any old homework solutions in preparing your homework.
Please acknowledge the source of any ideas,
whether it be a book, a paper, a colleague, or an apple tree
(avoid reclining under durian or jackfruit trees).
You may share ideas with someone else as
long as you acknowledge them.
If you work with one or more person on a writeup then
you should turn in a single writeup.
You must read a paper in the provable-security tradition of cryptography,
understand it, and then write something about it.
This year I may experiment with having some or all the students give oral
presentations (lectures) on their projects, which would occupy some or all of the last
two weeks. Writeups need not be long;
about 2-4 pages should do.
But they should be
clear, beautiful, and
They should contain some interesting idea.
You will need my approval for your final project choices, and you
must get this by the end of week 6.
There's no midterm, but there's a sort-of final. I prefer to call
it a discussion. You'll come in to my office for about 25 minutes to chat.
During this time I'll try to ascertain how much you got out of the class.
Don't be worried about it; it ain't a big deal. But it helps
me understand what students are and are not understanding, and what they are
and are not interested in.
Grades are based it on what has been mentioned already, considering your
attendance, homeworks, project, and our final discussion.
This is a non-required graduate class, so I expect students
to be here because they're interested in learning the material.
Like most graduate classes, grades tend to be high.
Research in cryptography
Please treat this class as your "invitation" for doing research in
cryptography, a most unusual and wonderful subject. Welcome!
Phil Rogaway's homepage