Lecture Schedule, Spring 2019
Note: Entries for dates in the past reflect what was covered; entries for dates in the future are tentative and subject to change as the semester progresses.
Readings refer to Introduction to Modern Cryptography, 2nd edition.
Note: slides will be posted when available; however, slides will not be used for all lectures.
- [Jan 29]
Lecture canceled due to snow.
- [Jan 31: Lecture 1] (slides)
Introduction and overview. Private-key cryptography.
The syntax of private-key encryption. The shift cipher.
Reading: Sections 1.1-1.3.
- [Feb 5: Lecture 2] (slides (updated))
ASCII, hex, and the ASCII shift cipher.
Elementary cryptanalysis and frequency analysis.
The Vigenere cipher.
Reading: Sections 1.3 and 1.4. (Note: The ASCII shift/Vigenere ciphers are not covered in the book.)
- [Feb 7: Lecture 3] (slides)
Modern cryptography: definitions, assumptions, and proofs.
Perfect secrecy. The one-time pad. Proving security of the one-time pad.
Reading: Sections 1.4, 2.1, and 2.2.
- [Feb 12: Lecture 4] (slides)
Randomness generation and implementing the one-time pad.
Limitations of perfect secrecy.
Toward computational notions of security.
Reading: Sections 2.3, 3.1, and 3.2.1.
- [Feb 14: Lecture 5] (slides)
A computational notion of security.
Pseudorandomness and pseudorandom generators.
Reading: Sections 3.2.1 and 3.3.1.
- [Feb 19: Lecture 6] (slides)
The pseudo-OTP. Proofs by reduction, and a
proof of security for the pseudo-OTP.
Security for multiple encryptions.
Reading: Sections 3.3.1-3.3.3 and 3.4.1.
- [Feb 21: Lecture 7] (slides)
Drawbacks of deterministic encryption.
Chosen-plaintext attacks and CPA-security.
Reading: Sections 3.4.2 and 3.5.1.
- [Feb 26: Lecture 8] (slides)
Pseudorandom permutations and block ciphers.
CPA-security from pseudorandom functions.
Reading: Section 3.5.2.
- [Feb 28: Lecture 9] (slides)
Block-cipher and stream-cipher modes of operation.
Message integrity and message
authentication codes (MACs).
Reading: Sections 3.6 and 4.1.
- [Mar 5: Lecture 10] (slides)
Defining security for MACs. A fixed-length MAC.
MACs for arbitrary-length messages. CBC-MAC.
Reading: Sections 4.2, 4.3, and 4.4.1.
- [Mar 7: Lecture 11] (slides)
Chosen-ciphertext attacks and CCA-security. Padding-oracle attacks.
Authenticated encryption and generic constructions.
Reading: Section 4.4.1, 3.7, 4.5.1, 4.5.2, and 4.5.4.
- [Mar 12: Lecture 12] (slides)
Secure sessions. Exam review.
Reading: Section 4.5.3.
- [Mar 14: Midterm]
The exam will be on any material covered in class through Mar 7.
The exam is open-book/open-notes; no electronic devices will be allowed.
- [Mar 26: Lecture 13] (slides)
Hash functions and collision resistance.
Birthday attacks on hash functions. The Merkle-Damgard transform.
Reading: Sections 5.1.1, 5.2, 5.3.1, and 5.4.1. (We did not cover Section 5.3.2 in class, but you should be aware that HMAC is a widely used and standardized message authentication code.)
- [Mar 28: Lecture 14] (slides)
Hash functions as random oracles. Additional applications of hash functions.
Reading: Sections 5.5 and 5.6.1-5.6.4.
- [Apr 2: Lecture 15] (slides)
Practical constructions of stream ciphers. LFSRs.
Adding non-linearity. Correlation attacks. Trivium. RC4.
Reading: Sections 6.1.1 and 6.1.2. (Correlation attacks are not in the book. You don't need to know any details of Trivium or RC4.)
- [Apr 4: Lecture 16] (slides)
Practical constructions of block ciphers.
Substitution-permutation networks (SPNs). Attacks on reduced-round SPNs.
Reading: Section 6.2.1.
- [Apr 9: Lecture 17] (slides)
The Data Encryption Standard (DES).
2DES and triple-DES. Meet-in-the-middle attacks. The Advanced Encryption Standard (AES).
Reading: Sections 6.2.2, 6.2.3, 6.2.4, and 6.2.5.
- [Apr 11: Lecture 18] (slides)
Practical constructions of hash functions: the Davies-Meyer construction.
Basic number theory and algorithmic number theory.
Reading: Sections 6.3.1, 8.1.1, and 8.1.2;
Appendices B.1 and B.2.1-B.2.3.
- [Apr 16: Lecture 19] (slides)
Efficient exponentiation. Group theory.
Reading: Sections 8.1.3 and 8.1.4.
- [Apr 18: Lecture 20] (slides)
Group theory. Primality testing, the factoring assumption, and the RSA assumption.
Reading: Sections 8.2.1, 8.2.3, and 8.2.4.
- [Apr 23: Lecture 21] (slides)
The RSA assumption. Cyclic groups. The discrete-logarithm assumption and the Diffie-Hellman assumptions.
Reading: Sections 8.3.1-8.3.3.
- [Apr 25: Lecture 22] (slides)
Algorithms for factoring and computing discrete logarithms;
Drawbacks of private-key cryptography. Key exchange and
the Diffie-Hellman key-exchange protocol.
Reading: Sections 9.3, 10.1, 10.3, and 10.4.
- [Apr 30: Lecture 23] (slides)
The public-key setting.
Public-key encryption: syntax and definitions of security.
Definitions of security for public-key encryption.
El Gamal encryption.
Sections 11.1, 11.2 (but not the proof of Theorem 11.6), and 11.4.1.
- [May 2: Lecture 24] (slides)
El Gamal encryption. Hybrid encryption
and the KEM/DEM paradigm.
Reading: Sections 11.3 (but not the proof of Theorem 11.12), 11.4.1, 11.4.2, and 11.4.4 (just the fact that El Gamal encryption is malleable).
- [May 7: Lecture 25] (slides)
RSA-based encryption. Padded RSA (PKCS #1 v1.5). RSA-OAEP (PKCS #1 v2).
Reading: Sections 11.5.1 (through page 412), 11.5.2, 11.5.4, and 12.1.
- [May 9: Lecture 26] (slides)
The hash-and-sign paradigm. RSA-based signatures.
(EC)DSA. Certificates and public-key infrastructures.
Reading: Sections 12.2-12.4 and 12.7.
- [May 14: Lecture 27] (slides)
Certificates and public-key infrastructures. SSL/TLS. Final review.
Quantum computing and post-quantum cryptography.
Reading: Section 12.8. The material on quantum computing and post-quantum cryptography will not be on the final exam.
- [May 20: Final Exam] 10:30-12:30 (as per the official schedule)