Lecture Schedule, Fall 2012
- [Aug 29: Lecture 1]
Introduction and overview.
Basics of private-key encryption; some historical encryption schemes and their cryptanalysis.
Reading: Sections 1.1, 1.2, and 1.3 (though page 11).
- [Aug 31: Lecture 2]
Historical schemes and their cryptanalysis.
Reading: Section 1.3.
- [Sep 5: Lecture 3]
Defining secure encryption; perfect secrecy and the one-time pad.
Reading: Sections 1.4, 2.1, and 2.2.
- [Sep 7: Lecture 4]
Threat models for encryption; limits of perfectly secret encryption.
Toward a computational notion of security.
Reading:Sections 2.3, 2.5, and 3.1.1.
- [Sep 10: Lecture 5]
A computational notion of security. Indistinguishability in the presence of an eavesdropper.
Reading: Sections 3.1.2 and 3.2.1.
- [Sep 12: Lecture 6]
Pseudorandomness and pseudorandom generators. Non-trivial encryption from any pseudorandom generator.
Reading: Sections 3.3, 3.4.1, and 3.1.3.
- [Sep 14: Lecture 7]
Proof of security for the "pseudo one-time-pad" scheme. Security against
chosen-plaintext attacks.
Reading: Sections 3.1.3, 3.4.1, 3.4.2, and 3.5.
- [Sep 17: Lecture 8] (TA lecture)
Pseudorandom functions.
Reading: Section 3.6.1.
- [Sep 19: Lecture 9]
Pseudorandom functions and permutations/block ciphers. Application to CPA-secure encryption.
Reading: Sections 3.6.1, 3.6.2, and 3.6.3.
- [Sep 21: Lecture 10]
Proof of security for CPA-secure encryption. Encrypting arbitrary-length messages, modes of encryption.
Reading: Sections 3.6.2 and 3.6.4.
- [Sep 24: Lecture 11]
Modes of encryption (CBC-, OFB-, and CTR-mode). Chosen-ciphertext attacks and CCA-security. Padding-oracle attacks. Introduction to message integrity.
Reading: Sections 3.6.4, 3.7, 4.1, and 4.2.
- [Sep 26: Lecture 12] (TA lecture)
Message authentication codes, and a basic construction.
Reading: Sections 4.3 and 4.4.
- [Sep 28: Lecture 13]
Proof of security for the basic MAC. MACs for arbitrary length messages.
Reading: Section 4.4.
- [Oct 1: Lecture 14] (TA lecture)
CBC-MAC. Authenticated encryption.
Reading: Sections 4.4.1, 4.5.1, and 4.5.2 here
- [Oct 3: Lecture 15]
Authenticated encryption and secure sessions.
Reading: Sections 4.5.2 and 4.5.3 here
- [Oct 5: Lecture 16]
Collision-resistant hash functions, HMAC.
Reading: Sections 4.6.1, 4.6.2, and 4.7.1.
(We mentioned HMAC but did not go into the details.)
- [Oct 8: Lecture 17] (TA lecture)
Birthday attacks on hash functions. The Merkle-Damgard transform.
Reading: Sections 4.6.3 (only the basic birthday attack) and 4.6.4.
- [Oct 10: Lecture 18]
The Merkle-Damgard construction. Hash functions in practice. Constructing hash functions from block ciphers.
Reading: Section 4.6.4 and 4.6.5. (The material on constructing hash functions from block ciphers is not in the book.)
- [Oct 12: Lecture 19]
Practical constructions of block ciphers. Substitution/permutation networks (SPNs), and the confusion/diffusion paradigm.
Reading: Pages 159-167
- [Oct 15: Lecture 20]
SPNs, the avalanche effect, and key-recovery attacks against 2-round SPNs.
Feistel networks.
Reading: Pages 167-172. (Note: the attack on a 2-round SPN given in class is different from the attack given in the book.)
- [Oct 17: Midterm exam]
- [Oct 19: Lecture 21]
Midterm review. Introduction to DES.
Reading: page 173
- [Oct 22: Lecture 22]
DES, attacks on reduced-round DES.
Reading: Section 5.3
- [Oct 24: Lecture 23]
Double and triple DES; AES.
Reading: Sections 5.4 and 5.5
- [Oct 26: Lecture 24]
From one-way functions to pseudorandom generators.
Reading: Sections 6.1 and 6.2.
- [Oct 29: Lecture 25]
(Cancelled due to storm)
- [Oct 31: Lecture 26]
Introduction to algorithmic number theory.
Reading: Sections 7.1.1 and 7.1.2; Appendices B.1, B.2.1, and B.2.2.
- [Nov 2: Lecture 27]
Introduction to group theory.
Reading: Appendix B.2.3; Section 7.1.3
- [Nov 5: Lecture 28]
Primality testing and prime-number generation.
Reading: Sections 7.1.4 and 7.2.1.
- [Nov 7: Lecture 29]
The factoring and RSA assumptions. Cyclic groups.
Reading: Sections 7.2.3, 7.2.4, and 7.3.1.
- [Nov 9: Lecture 30]
Cyclic groups and the discrete-logarithm assumption.
Reading: Sections 7.3.2 and 7.3.3.
(The following are not required, but are related to material we talked about in class: Section 7.3.4, Appendix B.3.)
- [Nov 12: Lecture 31]
Cyclic groups and the Diffie-Hellman assumptions.
Reading: Sections 7.3.2 and 7.3.3.
- [Nov 14: Lecture 32]
Diffie-Hellman key exchange.
Reading: Sections 7.3.2, 7.3.3, 9.1, 9.3, and 9.4.
- [Nov 16: Lecture 33]
The public-key setting and public-key encryption.
Reading: Sections 9.1, 9.3, 9.4, 10.1, and 10.2.
- [Nov 19: Lecture 34]
Definitions of security for public-key encryption. El Gamal encryption.
Reading: Sections 10.2 and 10.5.
- [Nov 21: Lecture 35]
RSA encryption.
Reading: Sections 10.4.1 and 10.4.3.
- [Nov 26: Lecture 36]
Key lengths for public-key crypto. Hybrid encryption.
Reading: Section 10.3.
- [Nov 28: Lecture 37]
Chosen-ciphertext attacks and malleability.
Reading: Section 10.6.
- [Nov 30: Lecture 38]
Chosen-ciphertext attacks. Digital signature schemes.
Sections 10.6 and 12.1.
- [Dec 3: Lecture 39]
Signature schemes and definitions. Textbook RSA and padded RSA.
Reading: Sections 12.2 and 12.3.
- [Dec 5: Lecture 40]
DSS. The Lamport one-time signature scheme.
Reading: Sections 12.7 and 12.5.
- [Dec 7: Lecture 41]
The Hash-and-sign paradigm. Certificate authorities and PKI.
Reading: Sections 12.4 and 12.8.
- [Dec 10: Lecture 42]
Putting it all together: the SSL protocol. Course review.