ECS 227 — Course Information — Winter 2014


Our class meets MW 5:10-6:30 and, sometimes, F 5:10-6:30, in 1070 Bainer.

The Friday meetings are officially a discussion section, but I will use them, first, as a “make-up day” if a class needs to be rescheduled. And, in fact, I must reschedule two classes I know of: there is no class on Jan 13 or Jan 15 (MW of week-2). In place of these days, we will use the Friday timeslot for the first two or three weeks: Jan 10, Jan 17, and possibly Jan 24. We will also use the Friday timeslot for student presentations, near the end of the term. I will tell you at least a week in advance if I plan to use the Friday slot.

Please do your best not to miss any lectures—the material may not be accessible any other way. I will keep an attendance list.

Office Hours

My office is 3009 Kemper. Office hours are on my web page. You can also make an appointment. If you drop by and I’m not too busy, I’ll be happy to talk.

I have an “unusual” request: please do not wear scented products when coming to see me in my office. I am absurdly sensitive to smell, and scents often make it so I cannot breathe.

Course Webpage

Go to my homepage at and follow the obvious link to our course web page. I am not routinely use SmartSite.


I expect to lecture on most or the following topics: introduction - blockciphers - symmetric encryption - pseudorandom permutations and pseudorandom functions - symmetric encryption - format-preserving encryption - hash functions - message authentication codes - authenticated encryption - asymmetric encryption - digital signatures - authenticated key exchange - interactive proofs - zero knowledge. Course material is subject to change depending on how fast or slow I go, and on student interests. You should communicate with me about what you are interested in.


You need to have some mathematical maturity to take this class; most especially, you need to be able to understand what is, and what is not, a mathematically meaningful definition. Though we don’t use a lot of tools, we sometimes use rather subtle definitions and proofs. Courses like ECS 222A (Algorithms) and ECS 120/220 (Theory of Computation) are good for building up the necessary maturity. Graduate standing in mathematics is a fine alternative. Sometimes other graduate students from other departments or graduate groups, like EE, take the class and do well. I would say that this course is appropriate to first-year grad students with a good math or CS background, and with an interest and some ability in theory, but it might not be appropriate to a first-year grad students or undergrads with poorer math skills or theory background.


There is no “required” text, but there are rough by Mihir Bellare and some useful books, particularly that of Katz and Lindell, Introduction to Modern Cryptography (2007). I will collect pointers to books and notes on the course homepage.


There will be occasional homework assignments, probably around four. Homeworks should be typeset in LaTeX. Late homeworks will not be accepted. You may not consult any old homework solutions in preparing your homework. You may share ideas with others in the class, or not in the class. Please acknowledge any sources of ideas you use, whether a book, paper, colleague, or apple tree. If you work closely with one or more person on a writeup then please turn in a single writeup.


You must read a paper in the provable-security tradition of cryptography, understand it, and then write something about it. I will also ask you to give a brief oral description, which would happen during the last class or two. Writeups need not be long; about 2-4 pages should do. But they should be clear, beautiful, and meticulously written. They should contain some interesting idea. You will need my approval for your final project choices, and you must get this by the end of week 6.


There is no midterm, but there is a sort-of final. I prefer to call it a discussion. You’ll come by my office for about 20 minutes to chat. During this time I’ll try to ascertain how much you got out of the class. Don&squo;t be worried about it; it’s not that big a deal. But it helps me understand what students are and are not understanding, what they are and are not interested in, and, of course, what grade I ought assign.


Grades are based it on what has been mentioned above: attendance, homeworks, project, and our final discussion. This is a non-required graduate class, so I expect students to be here because they’re interested in learning the material.

Research in cryptography

Please treat this class as your “invitation” for doing research in cryptography, a most unusual and wonderful subject. Welcome!
Phil Rogaway’s homepage