Lecture Schedule, Spring 2018
Note: Entries for past dates reflect what was covered; entries for future dates are tentative and subject to change as the semester progresses. Readings refer to Introduction to Modern Cryptography, 2nd edition.
Note: slides will be posted when available; however, slides will not be used for all lectures.
- [Jan 24: Lecture 1] (slides)
Introduction and overview. Private-key cryptography.
The syntax of private-key encryption. The shift cipher.
Reading: Sections 1.1-1.3.
- [Jan 29: Lecture 2] (slides)
ASCII, hex, and the ASCII shift cipher.
Elementary cryptanalysis and frequency analysis.
The Vigenere cipher.
Reading: Sections 1.3 and 1.4. (Note: The ASCII shift/Vigenere ciphers are not covered in the book.)
- [Jan 31: Lecture 3] (slides)
Modern cryptography: definitions, assumptions, and proofs.
Perfect secrecy. The one-time pad.
Reading: Sections 1.4, 2.1, and 2.2.
- [Feb 5: Lecture 4] (slides)
Proving security of the one-time pad.
Randomness generation and implementing the one-time pad.
Limitations of perfect secrecy.
Toward computational notions of security.
Reading: Sections 2.2, 2.3, and 3.1.
- [Feb 7: Lecture 5] (slides)
A computational notion of security.
Pseudorandomness and pseudorandom generators.
Reading: Sections 3.1, 3.2.1, and 3.3.1.
- [Feb 12: Lecture 6] (slides)
Pseudorandom generators and stream ciphers.
The pseudo-OTP. Proofs by reduction, and a
proof of security for the pseudo-OTP.
Security for multiple encryptions.
Drawbacks of deterministic encryption.
Reading: Sections 3.3.1-3.3.3 and 3.4.1.
- [Feb 14: Lecture 7] (slides)
Chosen-plaintext attacks and CPA-security.
Reading: Sections 3.4.2 and 3.5.1.
- [Feb 19: Lecture 8] (slides)
Pseudorandom permutations and block ciphers.
CPA-security from pseudorandom functions.
Encrypting arbitrary-length messages: block-cipher modes of operation.
Reading: Section 3.5.2 and 3.6.2.
- [Feb 21: Lecture 9] (slides)
Stream ciphers and stream-cipher modes of operation.
Security against chosen-ciphertext attacks.
Reading: Sections 3.6.1, 3.7.1, and 3.7.2.
- [Feb 26: Lecture 10] (slides)
Padding-oracle attacks. Message integrity and message
authentication codes (MACs). Defining security for MACs. A fixed-length MAC.
Reading: Sections 4.1 and 4.2.
- [Feb 28: Lecture 11] (slides)
A fixed-length MAC (continued).
MACs for arbitrary-length messages. CBC-MAC.
Reading: Sections 4.3 and 4.4.1.
- [Mar 5: Lecture 12] (slides)
Exam review. Authenticated encryption and generic constructions. Secure sessions.
Reading: Sections 4.5.1-4.5.4.
- [Mar 7: Midterm] (Note: the exam will be in both the
regular class room as well as ESJ 1224)
The exam will be on any material covered in class through Feb 28.
The exam is open-book/open-notes, but no electronic devices will be allowed.
- [Mar 12: Lecture 13] (slides)
Hash functions and collision resistance.
Birthday attacks on hash functions.
Hash-and-Mac, HMAC. Additional applications of hash functions.
Reading: Sections 5.1.1, 5.3.1, 5.4.1, and 5.6.1.
- [Mar 14: Lecture 14] (slides)
Additional applications of hash functions. Exam review.
Reading: Sections 5.6.2-5.6.4.
- [Mar 26: Lecture 15] (slides)
Practical constructions of stream ciphers. LFSRs.
Adding non-linearity to LFSRs. Trivium.
Reading: Section 6.1.1-6.1.3. (The exam will not cover Section 6.1.3.)
- [Mar 28: Lecture 16] (slides)
RC4. Case study: vulnerabilities in WEP.
Practical constructions of block ciphers. Confusion/diffusion.
Substitution-permutation networks (SPNs).
Reading: Sections 6.1.4 and 6.2.1. (The exam will not cover Section 6.1.4. The material on WEP is not in the book.)
- [Apr 2: Lecture 17] (slides)
Substitution-permutation networks (SPNs).
Attacks on reduced-round SPNs.
Reading: Section 6.2.1.
- [Apr 4: Lecture 18] (slides)
The Data Encryption Standard (DES).
2DES and triple-DES. Meet-in-the-middle attacks.
Reading: Sections 6.2.2, 6.2.3, and 6.2.4.
- [Apr 9: Lecture 19] (slides)
The Advanced Encryption Standard (AES).
The random-oracle model.
Practical constructions of hash functions: the Davies-Meyer and
Reading: Sections 6.2.5, 6.3.1, 5.2, and 5.5.
- [Apr 11: Lecture 20] (slides)
Basic number theory and algorithmic number theory.
Modular arithmetic and efficient algorithms.
Reading: Sections 8.1.1 and 8.1.2;
Appendices B.1 and B.2.1-B.2.3.
- [Apr 16: Lecture 21] (slides)
Reading: Sections 8.1.3 and 8.1.4.
- [Apr 18: Lecture 22] (slides)
The factoring assumption. Primaily testing. The RSA assumption.
Reading: Sections 8.2.1, 8.2.3, and 8.2.4.
- [Apr 23: Lecture 23] (slides)
Cyclic groups. Hardness assumptions in cyclic groups:
the discrete-logarithm assumption and Diffie-Hellman problems.
Reading: Sections 8.3.1-8.3.3.
- [Apr 25: Lecture 24] (slides)
Drawbacks of private-key cryptography.
The Diffie-Hellman key-exchange protocol and the
Public-key encryption: syntax and definitions of security.
Reading: Sections 9.3, 10.1, 10.3, 10.4,
- [Apr 30: Guest Lecture] (slides)
Special topic: secret sharing.
- [May 2: Lecture 25] (slides)
Definitions of security for public-key encryption. Hybrid encryption
and the KEM/DEM paradigm.
El Gamal encryption.
Sections 11.2 (but not the proof of Theorem 11.6), 11.3 (but not the proof of Theorem 11.12), 11.4.1, 11.4.2, and
11.4.4 (just the fact that El Gamal encryption is malleable).
- [May 7: Lecture 26] (slides)
RSA-based encryption. Padded RSA (PKCS #1 v1.5).
PKCS #1 v2.
11.5.1 (through page 412), 11.5.2,
11.5.4, and 12.1.
- [May 9: Lecture 27] (slides)
The hash-and-sign paradigm. RSA-based signatures.
Certificates and public-key infrastructures.
12.2-12.4 and 12.7.
- [May 16: Final Exam] 1:30-3:30 PM
The final exam will be held in ESJ 2208, not the regular classroom.