ECS 227 - Spring 2010 - List of Lecture Topics

Lecture Topic
Week 1 Lect 01 - M 3/29 Introduction. Classical and provable-security approaches. Four useful problems: encryption/authentication in sym/asym settings. Bit commitment and 2-party coin flip.
Lect 02 - W 3/31 More sample problems: PRGs, PRFs, dating problem, 2-party SFE. Yao’s garbled circuit evaluation. Encryption with a one-time pad. Security notions for it.
Week 2 Lect 03 - M 4/05 Blockcipher examples: DES, AES, Threefish. Feistel networks and their invertibility. Working in a finite field.
Lect 04 - W 4/07 CTR mode. Inadequate notions of blockcipher security: key-recovery (KR) and (NNP) security. The PRP definition. Equivalence of two formulations.
Week 3 Lect xx - M 4/12 Instructor out of town — no lecture.
Lect xx - W 4/14 Instructor out of town — no lecture.
Week 4 Lect 05 - M 4/19 PRP security implies key-recovery security an no-new-pair security. PRF security. The PRP/PRF switching lemma. Game-playing proofs.
Lect 06 - W 4/21 Symmetric encryption scheme syntax and security: ind, fg, sem. Using the notions to “break” CBC with a counter IV or with IV-chaining.
Lect 07 - F 4/23 Make-up lecture. Review of ind, fg, sem notions, plus two more: ind$, lr. Equivalences, sample reductions.
Week 5 Lect 08 - M 4/26 Security of CBC$ encryption. Begin symbolic treatment of symmetric encryption from [Abadi-Rogaway].
Lect 09 - W 4/28 Continue symbolic treatment of sym encryption: equivalence; type-0 security; key-cycles. Asymptotic approach for definitions.
Lect 10 - F 4/30 Make-up lecture. Notions of nonmalleability, CCA-security and AE in the sym setting. CBC with redundancy does not achieve AE.
Week 6 Lect 11 - M 5/03 Solution for PS2 problems. An alternative notion for AE. Incorrect ways for achieving AE. PRFs with arbitrary domain. Generic composition.
Lect 12 - W 5/05 Analysis of generic composition mechanisms. PRFs with arbitrary domains and their use as MACs. Attacking the CBC MAC for variable-length inputs. .
Week 7 Lect 13 - M 5/10 Ways to make PRFs. CBC MAC for fixed-length strings. AU-hash functions. The Carter-Wegman construction. XCBC.
Lect 14 - W 5/12 Cryptographic hash functions. The Merkle-Damgård paradigm. The definition of SHA-1. Difficulties with defining collision-intractability.
Week 8 Lect 15 - M 5/17 How to get around the CR-definitional issues. HMAC and its proof, assumptions. Tweakable blockciphers. A one-pass AE scheme.
Lect 16 - W 5/19 Defns for asym encryption (adapted from sym case). Computational number theory. Diffie-Hellman key exchange as an enc scheme (ElGamal scheme).
Week 9 Lect 17 - M 5/24 More comp number th. DL, CDH, DDH assumptions. ElGamal is secure under DDH, not DL/CDH. DDH is false in Zp*. Hardcore bits and Goldreich-Levin.
Lect 18 - W 5/26 Trapdoor permutations and their use for encryption and signatures. random-oracle model. Lamport and Merkle signatures.
Week 10 Lect xx - M 5/31 Holiday — no class.
Lect 19 - W 6/02 Students describe their projects. Class begins at 5 pm (usual room).