Lecture Schedule

• [Aug 29: Lecture 1]
  Introduction. Overview of private-key encryption; some historical encryption schemes and their cryptanalysis.
  Reading: Sections 1.1, 1.2, 1.3 (through page 13)
  
  
• [Aug 31: Lecture 2]
  Historical encryption schemes and their cryptanalysis.
  Reading: Section 1.3
  
  
• [Sep 5: Lecture 3]
  Principles of modern cryptography.
  Reading: Section 1.4.1
  
  
• [Sep 7: Lecture 4]
  Perfect secrecy.
  Reading: Sections 1.4, 2.1.
  
  
• [Sep 10: Lecture 5]
  The one-time pad encryption scheme. Limitations of perfect secrecy.
  Reading: Sections 2.2, 2.3, and 2.5.
  
  
• [Sep 12: Lecture 6]
  Introduction to computational security.
  Reading: Sections 3.1.1 and 3.1.2.
  
  
• [Sep 14: Lecture 7] (Guest lecture)
  Information-theoretically-secure message authentication
  Reading: None
  
  
• [Sep 17: Lecture 8]
  Computationally-secure private-key encryption, pseudorandomness
  Reading: Sections 3.2.1 and 3.3.
  
  
• [Sep 19: Lecture 9]
  Computationally-secure private-key encryption
  Reading: Sections 1.4.3, 3.1.3, 3.3, and 3.4.1.
  
  
• [Sep 21: Lecture 10]
  Computationally-secure private-key encryption, proofs by reduction, security for multiple encryptions
  Reading: Sections 1.4.3, 3.1.3, and 3.4.
  
  
• [Sep 24: Lecture 11]
  Security for multiple encryptions, security against chosen-plaintext attacks, pseudorandom functions
  Reading: Sections 3.4.3, 3.5, 3.6.1, and 3.6.2.
  
  
• [Sep 26: Lecture 12]
  Security against chosen-plaintext attacks
  Reading: Section 3.6.2.
  
  
• [Sep 28: Lecture 13] (Guest lecture)
  Block ciphers, modes of encryption, security against chosen-ciphertext attacks
  Reading: Sections 3.6.2, 3.6.3, 3.6.4, and 3.7.
  
  
• [Oct 1: Lecture 14]
  Security against chosen-ciphertext attacks. Message integrity and MACs
  Reading: Sections 3.7, 4.1-4.4 (through page 118).
  
  
• [Oct 3: Lecture 15]
  MACs
  Reading: Section 4.4.
  
  
• [Oct 5: Midterm 1]
  
  
• [Oct 8: Lecture 16]
  MACs; Birthday bound; CBC-MAC; Collision-resistant hash functions
  Reading: Sections 4.4, 4.5, 4.6.1 and Appendix A.4.
  
  
• [Oct 10: Lecture 17]
  Collision-resistant hash functions, exam returned
  Reading: Sections 4.6.1, 4.6.3, 4.6.5, and Appendix A.4.
  
  
• [Oct 12: Lecture 18]
  "Hash-and-MAC"; authenticated communication
  Reading: Section 4.9 (through page 153). The "Hash-and-MAC" construction given in class is adapted from (but not identical to) Section 4.7.1; see especially the proof sketch on page 140.
  
  
• [Oct 15: Lecture 19]
  Authenticated communication; constructing pseudorandom permutations
  Reading: Section 4.9 and the beginning of Chapter 5 (pages 159-162)
  
  
• [Oct 17: Lecture 20]
  Block cipher design
  Reading: Section 5.1 (though page 168)
  
  
• [Oct 19: Lecture 20]
  Block cipher design and attacks
  Reading: Sections 5.1 and 5.2
  
  
• [Oct 22: Lecture 21]
  Feistel networks and DES
  Reading: Sections 5.2, 5.3, and 5.4 (through page 182)
  Note: Please read all of Section 5.3; in particular, even though we did not cover Section 5.3.2 in class, I expect you to be able to follow this material based on our earlier discussion of attacks on SPNs
  
  
• [Oct 24: Lecture 22]
  Doubly- and triply-iterated ciphers, introduction to one-way functions
  Reading: Sections 5.4, 5.5, and Chapter 6 through page 198
  
  
• [Oct 26: Lecture 23]
  Block ciphers from one-way functions: a whirlwind tour
  Reading: Sections 6.1, 6.2, and 6.6
  
  
• [Oct 29: Lecture 24]
  Introduction to number theory and computational number theory
  Reading: Sections 7.1.1 and 7.1.2, Appendices B.1 and B.2 (through page 507)
  
  
• [Oct 31: Lecture 25]
  Introduction to group theory
  Reading: Section 7.1.3
  
  
• [Nov 2: Lecture 26]
  Z_N*, generating primes, and hardness of factoring
  Reading: Sections 7.1.4, 7.2.1, and 7.2.3
  Those interested in further details regarding primality testing can see Section 7.2.2. This section is self-contained through page 267; some of the remaining material relies on Section 7.1.5 (that we did not cover in class). This material is not required reading.
  
  
• [Nov 5: Lecture 27]
  The RSA problem and its relation to factoring. Introduction to cyclic groups
  Reading: Sections 7.2.4 and 7.3.1 (page 274)
  
  
• [Nov 7: Lecture 28]
  Cyclic groups, the discrete logarithm problem, and the Diffie-Hellman problems
  Reading: Sections 7.3.1, 7.3.2, and 7.3.3
  
  
• [Nov 9: Lecture 29]
  The decisional Diffie-Hellman (DDH) problem. Private-key management and the public-key revolution
  Reading: Sections 7.3.2, 7.3.3, 9.1. and 9.2
  
  
• [Nov 12: Lecture 30]
  The public-key revolution, Diffie-Hellman key exchange. On to public-key encryption
  Reading: Sections 9.3, 9.4, and 10.1
  
  
• [Nov 14: Lecture 31]
  Public-key encryption
  Reading: Sections 10.1, 10.2, and 10.4.1
  
  
• [Nov 16: Midterm 2]
  
  
• [Nov 19: Lecture 32]
  Textbook RSA and its insecurity
  Reading: Sections 10.4.1 and 10.4.2
  
  
• [Nov 21: Lecture 33]
  Padded RSA, hybrid encryption
  Reading: Sections 10.4.3 and 10.3 (the proof is optional)
  
  
• [Nov 26: Lecture 34]
  El Gamal encryption, chosen ciphertext attacks
  Reading: Sections 10.5 and 10.6
  
  
• [Nov 28: Lecture 35]
  Chosen ciphertext attacks. Signature schemes
  Reading: Sections 10.6 and 12.1
  
  
• [Nov 30: Lecture 36]
  Signature schemes
  Reading: Sections 12.2, 12.3, and 12.4
  
  
• [Dec 3: Lecture 37]
  Lamport's one-time signature scheme
  Reading: Section 12.5
  
  
• [Dec 5: Lecture 38]
  Signature schemes using Merkle trees
  Reading: Section 12.6
  For an understanding of how signature schemes are used in the real world, I recommend Sections 12.7 and 12.8. (These are not required, however.)
  
  
• [Dec 7: Lecture 39]
  Stateless signature schemes that are existentially unforgeable under adaptive chosen-message attacks, Merkle trees
  Reading: Section 12.6