The following summarizes the topic of each lecture. There were 23 lectures, each being 2 hours.

COMP 754 - Term 1 of 2002 - Lecture-by-Lecture Topic Summaries

Lecture - Date Topic

Lect 1 - 06.27 R What is cryptography? Four problems in cryptography: privacy in the symmetric and asymmetric trust models, message authentication in the symmetric and asymmetric trust models. Writing precise, mathematical English: One-to-one functions,

Lect 2 - 07.02 T More practice being mathematically precise; notions of one-to-one functions, onto functions, permutations, strings. Probabilistic notation and computing some simple probabilities.

Lect 3 - 07.04 R Layered look at cryptographic mechanisms. What is a block cipher? History of DES and a complete description of DES. (Reading: Landau article on DES.)

Lect 4 - 07.10 W Group axioms, field axioms. A theorem about the existence and uniqueness of finite fields. Doing arithmetic in GF(2^8). A first look at the structure of AES.

Lect 5 - 07.11 R A complete description of AES. The ECB mode of operation: what is wrong with it?

Lect 6 - 07.16 T Modes of operation. Definitions for encryption-scheme security.

Lect 7 - 07.18 R Formalizing encryption: real-or-random security.

Lect 8 - 07.29 T Working to understand the ind-definition. Distinguishing an oracle that gives random samples in [1..10] from an oracle that gives random samples in [1..11]. CBCrandom and CBCcounter.

Lect 9 - 08.01 R Using our definition of encryption scheme security to break various constructions.

Lect 10 - 08.05 M Definition of PRP security. Reductions. The security of CTRctr.

Lect 11 - 08.06 T A switching lemma. More on the provable-security paradigm. Fully proving the security of of CTRctr.

Lect 12 - 08.07 W Proving the security of CBCrandom. Review of public-key encryption. Mathematical preliminaries for the RSA algorithm.

Lect 13 - 08.08 R Mathematical preliminaries for the RSA algorithm. Definition of the RSA algorithm.

Lect 14 - 08.13 T Review of RSA. Definition of PK encryption-scheme security. (Raw) RSA is NOT secure. Notion of a trapdoor permutation.

Lect 15 - 08.15 R Ways to properly encrypt using a trapdoor permutation. Hardcore bits. The method of PKCS \#1.

Lect 16 - 08.27 T Why PKCS \#1 is not provably secure. Cryptographic hash functions and their uses. Encryption by f(R) || H(R) xor M and OAEP. Merkle-Damgârd iteration. Block-cipher based constructions.

Lect 17 - 08.29 R Definition of SHA1. Formalization of hash-function goals. The Merkle-Damgârd theorem.

Lect 18 - 09.03 T Digital signature: definition of the goal. RSA signatures. The Secure Hash Standard.

Lect 19 - 09.10 T An introduction to key-exchange.

Lect 20 - 09.12 R An introduction to multiparty protocols.

Lect 21 - 09.17 T Student presentations: A Forward-Secure Digital Digital Signature Scheme, Concrete Security Characterization of PRFs and PRPs, Ciphers with Arbitrary Finite Domains, Session Key Distribution Using Smart Cards, The Security of All-or-Nothing Encryption, Public-Key Encryption in a Multi-User Setting

Lect 22 - 09.18 W Student presentations: Tweakable Block Ciphers, How to Leak a Secret, Authenticated Key Exchange Secure Against Dictionary Attacks, Optimal Asymmetric Encryption, Random Oracles are Practical, XOR MAC

Lect 23 - 09.19 R Student presentations Keying Hash Functions for Message Authentication, On the Construction of VIL Ciphers, SDSI & SPKI Specification, Encode-then-Encipher Encryption, Non-Malleable Encryption

COMP 754 - Term 1 of 2002 - Lecture-by-Lecture Topic Summaries
Lecture - Date	Topic
Lect 1 - 06.27 R	What is cryptography? Four problems in cryptography: privacy in the symmetric and asymmetric trust models, message authentication in the symmetric and asymmetric trust models. Writing precise, mathematical English: One-to-one functions,
Lect 2 - 07.02 T	More practice being mathematically precise; notions of one-to-one functions, onto functions, permutations, strings. Probabilistic notation and computing some simple probabilities.
Lect 3 - 07.04 R	Layered look at cryptographic mechanisms. What is a block cipher? History of DES and a complete description of DES. (Reading: Landau article on DES.)
Lect 4 - 07.10 W	Group axioms, field axioms. A theorem about the existence and uniqueness of finite fields. Doing arithmetic in GF(2^8). A first look at the structure of AES.
Lect 5 - 07.11 R	A complete description of AES. The ECB mode of operation: what is wrong with it?
Lect 6 - 07.16 T	Modes of operation. Definitions for encryption-scheme security.
Lect 7 - 07.18 R	Formalizing encryption: real-or-random security.
Lect 8 - 07.29 T	Working to understand the ind-definition. Distinguishing an oracle that gives random samples in [1..10] from an oracle that gives random samples in [1..11]. CBCrandom and CBCcounter.
Lect 9 - 08.01 R	Using our definition of encryption scheme security to break various constructions.
Lect 10 - 08.05 M	Definition of PRP security. Reductions. The security of CTRctr.
Lect 11 - 08.06 T	A switching lemma. More on the provable-security paradigm. Fully proving the security of of CTRctr.
Lect 12 - 08.07 W	Proving the security of CBCrandom. Review of public-key encryption. Mathematical preliminaries for the RSA algorithm.
Lect 13 - 08.08 R	Mathematical preliminaries for the RSA algorithm. Definition of the RSA algorithm.
Lect 14 - 08.13 T	Review of RSA. Definition of PK encryption-scheme security. (Raw) RSA is NOT secure. Notion of a trapdoor permutation.
Lect 15 - 08.15 R	Ways to properly encrypt using a trapdoor permutation. Hardcore bits. The method of PKCS \#1.
Lect 16 - 08.27 T	Why PKCS \#1 is not provably secure. Cryptographic hash functions and their uses. Encryption by f(R) \|\| H(R) xor M and OAEP. Merkle-Damgârd iteration. Block-cipher based constructions.
Lect 17 - 08.29 R	Definition of SHA1. Formalization of hash-function goals. The Merkle-Damgârd theorem.
Lect 18 - 09.03 T	Digital signature: definition of the goal. RSA signatures. The Secure Hash Standard.
Lect 19 - 09.10 T	An introduction to key-exchange.
Lect 20 - 09.12 R	An introduction to multiparty protocols.
Lect 21 - 09.17 T	Student presentations: A Forward-Secure Digital Digital Signature Scheme, Concrete Security Characterization of PRFs and PRPs, Ciphers with Arbitrary Finite Domains, Session Key Distribution Using Smart Cards, The Security of All-or-Nothing Encryption, Public-Key Encryption in a Multi-User Setting
Lect 22 - 09.18 W	Student presentations: Tweakable Block Ciphers, How to Leak a Secret, Authenticated Key Exchange Secure Against Dictionary Attacks, Optimal Asymmetric Encryption, Random Oracles are Practical, XOR MAC
Lect 23 - 09.19 R	Student presentations Keying Hash Functions for Message Authentication, On the Construction of VIL Ciphers, SDSI & SPKI Specification, Encode-then-Encipher Encryption, Non-Malleable Encryption