Lecture Schedule, Fall 2010

• [Aug 30: Lecture 1]
  Introduction and overview. Basics of private-key encryption; some historical encryption schemes and their cryptanalysis.
  Reading: Sections 1.1, 1.2, and 1.3 (through page 14)
  
  
• [Sept 1: Lecture 2]
  Historical encryption schemes and their cryptanalysis. Principles of modern cryptography: definitions, assumptions, proofs. Perfect secrecy and the one-time pad encryption scheme.
  Reading: Sections 1.3, 1.4, 2.1, and 2.2
  
  
• [Sep 8: Lecture 3]
  Limitations of perfect secrecy. Perfect indistinguishability and its equivalence to perfect secrecy. Computational security.
  Reading: Sections 2.2, 2.3, 3.1.1, 3.1.2, and 3.2.1
  
  
• [Sep 13: Lecture 4]
  Computational security, examples. Pseudorandom generators.
  Reading: Sections 3.2.1 and 3.3
  
  
• [Sep 15: Lecture 5]
  From pseudorandom generators to secure encryption (with a key shorter than the message). Proofs by reduction. Pseudorandom functions.
  Reading: Sections 3.1.3, 3.4.1, and 3.6.1. (Note: although we did not cover it in class, please also read Sections 3.4.2 and 3.4.3.)
  
  
• [Sep 20: Lecture 6]
  Pseudorandom functions, block ciphers. Security for multiple encryptions and CPA-security. Importance of randomized encryption. A CPA-secure encryption scheme from any pseudorandom function.
  Reading: Sections 3.4.3, 3.5, 3.6.2, and 3.6.3.
  
  
• [Sep 22: Lecture 7]
  A CPA-secure encryption scheme from any pseudorandom function. Encrypting long messages; modes of encryption.
  Reading: Sections 3.6.3 and 3.6.4.
  
  
• [Sep 27: Lecture 8]
  Security against chosen-ciphertext attacks; non-malleability. Message integrity and message authentication codes.
  Reading: Sections 3.7, 4.1, 4.2, and 4.3.
  
  
• [Sep 29: Lecture 9]
  A message authentication code (MAC) for short messages. Extending it to handle long messages. CBC-MAC.
  Reading: Sections 4.4 and 4.5.
  
  
• [Oct 4: Lecture 10]
  Cryptographic hash functions; collision-resistance. "Hash-and-MAC" (HMAC).
  Reading: Sections 4.6.1, 4.6.2, and 4.7.1.
  
  
• [Oct 6: Lecture 11]
  Birthday attacks on hash functions. The Merkle-Damgard transformation. Hash functions in practice. CCA-secure private-key encryption.
  Reading: Sections 4.6.3-4.6.5, 4.8. (See also Appendix A.4 for a formal treatment of birthday attacks.)
  Some more information about the ASP.NET vulnerability we discussed in class can be found here
  
  
• [Oct 11: Lecture 12]
  Secure message transmission: secure combination of encryption and message authentication. Block cipher design principles
  Reading: Sections 4.9 and 5.1.
  
  
• [Oct 13: Lecture 13]
  Block cipher design principles: substitution/permutation networks; Feistel networks.
  Reading: Sections 5.1 and 5.2.
  
  
• [Oct 18: Lecture 14]
  DES, triple-DES, and AES.
  Reading: Sections 5.3-5.5.
  
  
• [Oct 20: Midterm Exam]
  
  
• [Oct 25: Lecture 15]
  Midterm review. One-way functions and using them to construct pseudorandom generators.
  Reading: Sections 6.1, 6.2, and 6.4.
  
  
• [Oct 27: Lecture 16]
  Introduction to number theory. Primes, divisibility, modular arithmetic, efficient modular exponentiation.
  Reading: Sections 7.1.1, 7.1.2, B.1, B.2.1-B.2.3.
  
  
• [Nov 1: Lecture 17]
  Introduction to group theory, Z_N, and Z*_N.
  Reading: Sections 7.1.3 and 7.1.4.
  
  
• [Nov 3: Lecture 18]
  Primes, the factoring assumption, and the RSA problem.
  Reading: Section 7.2 (except 7.2.2)
  
  
• [Nov 8: Lecture 19]
  Cyclic groups, generators. (25 minute lecture due to Odlyzko's colloquium talk.)
  Reading: Section 7.3.1
  
  
• [Nov 10: Lecture 20]
  The discrete logarithm and Diffie-Hellman problems. The public-key revolution.
  Reading: Sections 7.3.2, 7.3.3, 9.1, and 9.3.
  
  
• [Nov 15: Lecture 21]
  Diffie-Hellman key exchange. Introduction to public-key encryption.
  Reading: Sections 9.4, 10.1, and 10.2.
  
  
• [Nov 17: Lecture 22]
  (Guest lecture by Seung Geol Choi.) Hybrid encryption. RSA encryption.
  Reading: Sections 10.3 and 10.4.
  
  
• [Nov 22: Lecture 23]
  (Guest lecture by Prof. Bill Gasarch.) Private information retrieval.
  Reading: None.
  
  
• [Nov 24: Lecture 24]
  Hybrid encryption; "textbook RSA" encryption and why it should not be used; padded RSA. El Gamal encryption.
  Reading: Sections 10.3, 10.4, and 10.5.
  
  
• [Nov 29: Lecture 25]
  Chosen-ciphertext security for public-key encryption. Digital signature schemes.
  Reading: Sections 10.6, 12.1, and 12.2.
  
  
• [Dec 1: Lecture 26]
  "Textbook RSA" signatures and why they are insecure. Hash-and-sign; hashed RSA. Lamport's one-time signature scheme and chain-based signatures.
  Reading: Sections 12.3, 12.4, 12.5, and 12.6.1
  
  
• [Dec 6: Lecture 27]
  Stateful signature schemes. Chain-based and tree-based signature schemes. Certificates and public-key infrastructures.
  Reading: Sections 12.6 and 12.8.
  
  
• [Dec 8: Lecture 28]
  Course review
  Reading: Here are the slides from class