Lecture Schedule, Fall 2016

• [Aug 29: Lecture 1]
  Introduction and overview. Private-key cryptography. The syntax of private-key encryption. The shift cipher.
  Reading: Sections 1.1-1.3.
  
  
• [Aug 31: Lecture 2]
  ASCII, hex, and the ASCII shift cipher. Elementary cryptanalysis.
  Reading: Section 1.3. (Note: The ASCII shift cipher is not covered in the book.)
  
  
• [Sept 2: Lecture 3]
  The substitution cipher. Basic cryptanalysis using frequency analysis. The Vigenere cipher and further cryptanalysis.
  Reading: Sections 1.3 and 1.4.
  
  
• [Sept 7: Lecture 4]
  Modern cryptography: definitions, assumptions, and proofs. Toward a definition of perfect secrecy.
  Reading: Section 2.1.
  
  
• [Sept 9: Lecture 5]
  Perfect secrecy. The one-time pad. Randomness generation and implementing the one-time pad.
  Reading: Sections 2.2 and 2.3.
  
  
• [Sept 12: Lecture 6]
  Limitations of perfect secrecy and the one-time pad. Toward computational notions of security.
  Reading: Section 2.3.
  
  
• [Sept 14: Lecture 7]
  A computational notion of security.
  Reading: Sections 3.1 and 3.2.1.
  
  
• [Sept 16: Lecture 8]
  Pseudorandomness and pseudorandom generators.
  Reading: Section 3.3.1.
  
  
• [Sept 19: Lecture 9]
  The pseudo-OTP. Proofs by reduction, and a proof of security for the pseudo-OTP. Stream ciphers. Security for multiple encryptions. Drawbacks of deterministic encryption.
  Reading: Sections 3.3.2, 3.3.3, and 3.4.1. Please also read the part about stream ciphers on pages 64-65 even though we did not cover it yet in class.
  
  
• [Sept 21: Lecture 10]
  Chosen-plaintext attacks and CPA-security. Pseudorandom functions.
  Reading: Sections 3.4.2 and 3.5.1.
  
  
• [Sept 23: Lecture 11]
  Pseudorandom permutations and block ciphers. CPA-security from pseudorandom functions.
  Reading: Section 3.5.2.
  
  
• [Sept 26: Lecture 12]
  CPA-security from pseudorandom functions. Encrypting arbitrary-length messages: block-cipher modes of operation.
  Reading: Section 3.6.2.
  
  
• [Sept 28: Lecture 13]
  Stream-cipher modes of operation. Chosen-ciphertext attacks.
  Reading: Sections 3.3.1, 3.6.1, and 3.7.1.
  
  
• [Sept 30: Lecture 14]
  Security against chosen-ciphertext attacks. Padding-oracle attacks.
  Reading: Section 3.7.2.
  
  
• [Oct 3: Lecture 15]
  Message integrity and message authentication codes (MACs). Defining security for MACs.
  The lecture will be given by a graduate student. A pre-recorded lecture covering the same material is available here.
  Reading: Sections 4.1 and 4.2.
  
  
• [Oct 5: Lecture 16]
  A fixed-length MAC. MACs for arbitrary-length messages.
  Reading: Section 4.3.
  
  
• [Oct 7: Lecture 17]
  CBC-MAC.
  Reading: Section 4.4.1.
  
  
• [Oct 10: Midterm I]
  The exam will be on any material covered in class through Oct 7. The exam is open-book/open-notes, but no electronic devices will be allowed.
  
  
• [Oct 12: Lecture 18]
  Authenticated encryption and generic constructions.
  The lecture will be given by a graduate student. A pre-recorded lecture covering the same material is available here.
  Reading: Sections 4.5.1 and 4.5.2.
  
  
• [Oct 14: Lecture 19]
  Midterm review. Secure communication sessions.
  Reading: Section 4.5.3.
  
  
• [Oct 17: Lecture 20]
  Hash functions and collision resistance. Birthday attacks on hash functions. Hash-and-Mac, HMAC.
  The lecture will be given by a colleague. A pre-recorded lecture covering (mostly) the same material is available here.
  Reading: Sections 5.1.1, 5.3.1, and 5.4.1.
  
  
• [Oct 19: Lecture 21]
  Hash-and-Mac, HMAC. Additional applications of hash functions.
  Reading: Sections 5.3.1, 5.6.1, and 5.6.2.
  
  
• [Oct 21: Lecture 22]
  Practical constructions of stream ciphers. LFSRs.
  Reading: Section 6.1.1.
  
  
• [Oct 24: Lecture 23]
  The random-oracle model and some applications.
  The lecture will be given by a graduate student, but no video will be available.
  Reading: Sections 5.5 and 5.6.4.
  
  
• [Oct 26: Lecture 24]
  Adding non-linearity to LFSRs. Trivium and RC4.
  Reading: Sections 6.1.2-6.1.4. (The exam will not cover Sections 6.1.3 and 6.1.4.)
  
  
• [Oct 28: Lecture 25]
  Practical constructions of block ciphers. Confusion/diffusion.
  Reading: Section 6.2.1.
  
  
• [Oct 31: Lecture 26]
  Substitution-permutation networks (SPNs). Attacks on reduced-round SPNs.
  Reading: Section 6.2.1.
  
  
• [Nov 2: Lecture 27]
  Feistel networks. The Data Encryption Standard (DES).
  Reading: Sections 6.2.2 and 6.2.3.
  
  
• [Nov 4: Lecture 28]
  2DES and triple-DES. Meet-in-the-middle attacks. The Advanced Encryption Standard (AES).
  Reading: Sections 6.2.4 and 6.2.5.
  
  
• [Nov 7: Lecture 29]
  Basic number theory and algorithmic number theory. Modular arithmetic and efficient algorithms.
  Reading: Section 8.1.1 and Appendices B.1 and B.2.1.
  
  
• [Nov 9: Lecture 30]
  Modular arithmetic. Efficient exponentiation.
  Reading: Section 8.1.2 and Appendices B.2.2 and B.2.3.
  
  
• [Nov 11: Lecture 31]
  Group theory.
  Reading: Sections 8.1.3 and 8.1.4.
  
  
• [Nov 14: Lecture 32]
  Group theory. The factoring assumption.
  Reading: Sections 8.2.1 and 8.2.3.
  
  
• [Nov 16: Lecture 33]
  Primaily testing. The RSA assumption.
  Reading: Section 8.2.4.
  
  
• [Nov 18: Midterm II]
  The exam will be on any material covered in class through Chapter 6. The exam is open-book/open-notes, but no electronic devices will be allowed.
  
  
• [Nov 21: Lecture 34]
  Cyclic groups. Hardness assumptions in cyclic groups: the discrete-logarithm assumption.
  Reading: Sections 8.3.1-8.3.3.
  
  
• [Nov 28: Lecture 35]
  Hardness assumptions in cyclic groups: the Diffie-Hellman problems. Drawbacks of private-key cryptography.
  Reading: Sections 10.1, 10.3, and 10.4.
  
  
• [Nov 30: Lecture 36]
  The Diffie-Hellman key-exchange protocol. The public-key setting. Public-key encryption: syntax and definitions of security. Hybrid encryption.
  Reading: Sections 11.1, 11.2 (but not the proof of Theorem 11.6), and 11.3 (but not the proof of Theorem 11.12).
  
  
• [Dec 2: Lecture 37]
  El Gamal encryption.
  Reading: Sections 11.4.1 and 11.4.4 (just the fact that El Gamal encryption is malleable).
  
  
• [Dec 5: Lecture 38]
  The random-oracle model. RSA-based encryption. Padded RSA (PKCS #1 v1.5). Chosen-ciphertext attacks on El Gamal and RSA encryption. PKCS #1 v2.
  Reading: Sections 5.5, 11.5.1 (through page 412), 11.5.2, and 11.5.4.
  
  
• [Dec 7: Lecture 39]
  Digital signatures. The hash-and-sign paradigm. RSA-based signatures. DSA.
  Reading: Sections 12.1-12.4.
  
  
• [Dec 9: Lecture 40]
  Certificates and public-key infrastructures.
  Reading: Section 12.7.
  
  
• [Dec 12: Lecture 41]
  SSL/TLS. Final review (time permitting).
  Reading: Section 12.8.
  
  
• [Dec 20: Final Exam] 8-10 AM in CSIC 2117