Lecture Schedule, Spring 2016

• [Jan 25: Cancelled due to snow]
  
  
• [Jan 27: Lecture 1]
  Introduction and overview. Private-key cryptography. The syntax of private-key encryption. The shift cipher.
  Reading: Sections 1.1-1.3.
  
  
• [Jan 29: Lecture 2]
  ASCII, hex, and the ASCII shift cipher. Basic cryptanalysis using frequency analysis.
  Reading: Section 1.3. (Note: please read about the substitution cipher even though we did not cover it in class.)
  
  
• [Feb 1: Lecture 3]
  The Vigenere cipher and further cryptanalysis. Modern cryptography: definitions, assumptions, and proofs.
  Reading: Sections 1.3 and 1.4.
  
  
• [Feb 3: Lecture 4]
  Perfect secrecy.
  Reading: Section 2.1.
  
  
• [Feb 5: Lecture 5]
  The one-time pad and its limitations. Generating high-quality randomness.
  Reading: Sections 2.2 and 2.3.
  
  
• [Feb 8: Lecture 6]
  Limitations of perfect secrecy. Toward computational notions of security. A computational notion of secrecy.
  Reading: Sections 2.3, 3.1, and 3.2.1.
  
  
• [Feb 10: Lecture 7]
  Pseudorandomness.
  Reading: Section 3.3.1.
  
  
• [Feb 12: Lecture 8]
  Pseudorandom generators. The pseudo-OTP: Non-trivial encryption from any pseudorandom generator. Proofs by reduction. Proof of security for the pseudo-OTP.
  Reading: Section 3.3.
  
  
• [Feb 15: Cancelled due to snow]
  
  
• [Feb 17: Lecture 9]
  Stream ciphers. Security for multiple encryptions.
  Reading: Sections 3.3 and 3.4.1.
  
  
• [Feb 19: Lecture 10]
  Drawbacks of deterministic encryption. Chosen-plaintext attacks. Pseudorandom functions.
  Reading: Sections 3.4.2 and 3.5.1.
  
  
• [Feb 22: Lecture 11]
  Pseudorandom permutations and block ciphers. CPA-security from pseudorandom functions.
  Reading: Section 3.5.2.
  
  
• [Feb 24: Lecture 12]
  CPA-security from pseudorandom functions. Encrypting arbitrary-length messages.
  Reading: Section 3.6.
  
  
• [Feb 26: Lecture 13]
  Stream-cipher and block-cipher modes of operation.
  Reading: Section 3.6.
  
  
• [Feb 29: Lecture 14]
  Security against chosen-ciphertext attacks. Padding-oracle attacks.
  Reading: Section 3.7.
  
  
• [Mar 2: Lecture 15]
  Padding-oracle attacks. Message integrity and message authentication codes (MACs).
  Reading: Section 4.1.
  
  
• [Mar 4: Lecture 16]
  Defining security for MACs. A fixed-length MAC. MACs for arbitrary-length messages.
  Reading: Sections 4.2 and 4.3.
  
  
• [Mar 7: Lecture 17]
  CBC-MAC.
  Reading: Section 4.4.1.
  
  
• [Mar 9: Midterm]
  The exam will be on any material covered in class through Mar 4. The exam is open-book/open-notes.
  
  
• [Mar 11: Lecture 18]
  Authenticated encryption and generic constructions.
  Reading: Sections 4.5.1 and 4.5.2.
  
  
• [Mar 21: Lecture 19]
  Authenticated encryption. The encrypt-then-authenticate construction. Secure communication sessions. Exam review.
  Reading: Sections 4.5.3 and 4.5.4.
  
  
• [Mar 23: Lecture 20]
  Hash functions and collision resistance. Hash-and-Mac, HMAC. Birthday attacks on hash functions.
  Reading: Sections 5.1, 5.3.1, and 5.4.1.
  
  
• [Mar 25: Lecture 21]
  Additional applications of hash functions. The random-oracle model.
  Reading: Sections 5.5, 5.6.1-5.6.4.
  
  
• [Mar 28: Lecture 22]
  Practical constructions of stream ciphers. LFSRs. Adding non-linearity to LFSRs. Trivium.
  Reading: Sections 6.1.1-6.1.3.
  
  
• [Mar 30: Lecture 23]
  Practical constructions of block ciphers. Substitution-permutation networks (SPNs). Attacks on reduced-round SPNs.
  Reading: Section 6.2.1.
  
  
• [Apr 1: Lecture 24]
  Attacks on reduced-round SPNs. Feistel networks.
  Reading: Section 6.2.2.
  
  
• [Apr 4: Lecture 25]
  The Data Encryption Standard (DES).
  Reading: Section 6.2.3.
  
  
• [Apr 6: Lecture 26]
  2DES and triple-DES. Meet-in-the-middle attacks.
  Reading: Section 6.2.4.
  
  
• [Apr 8: Lecture 27]
  AES. Practical constructions of hash functions. The Merkle-Damgard transform.
  Reading: Sections 6.2.5, 6.3.1, and 5.2.
  
  
• [Apr 11: Lecture 28]
  Basic number theory and algorithmic number theory.
  Reading: Section 8.1.1 and Appendices B.1, B.2.1-B.2.3.
  
  
• [Apr 13: Lecture 29]
  Modular arithmetic and efficient algorithms.
  Reading: Section 8.1.2.
  
  
• [Apr 15: Lecture 30]
  Group theory.
  Reading: Sections 8.1.3 and 8.1.4.
  
  
• [Apr 18: Lecture 31]
  Group theory.
  Reading: Sections 8.1.3 and 8.1.4.
  
  
• [Apr 20: Lecture 32]
  The factoring assumption.
  Reading: Sections 8.2.1 and 8.2.3.
  
  
• [Apr 22: Lecture 33]
  The factoring and RSA assumptions.
  Reading: Sections 8.2.3 and 8.2.4.
  
  
• [Apr 25: Lecture 34]
  Cyclic groups. Hardness assumptions in cyclic groups: the discrete-logarithm assumption.
  Reading: Sections 8.3.1-8.3.3.
  
  
• [Apr 27: Lecture 35]
  The decisional Diffie-Hellman problem. Drawbacks of private-key cryptography. The Diffie-Hellman key-exchange protocol, and how it addresses these drawbacks. The public-key setting.
  Reading: Sections 10.1, 10.3, and 10.4.
  
  
• [Apr 29: Lecture 36]
  Public-key encryption: syntax and definitions of security. The KEM/DEM paradigm and hybrid encryption.
  Reading: Sections 11.1, 11.2 (but not 11.2.2), and 11.3 (but not the proof of Theorem 11.12).
  
  
• [May 2: Lecture 37]
  Hybrid encryption. El Gamal encryption.
  Reading: Sections 11.4.1 and the beginning of 11.4.4 (the fact that El Gamal encryption is malleable).
  
  
• [May 4: Lecture 38]
  RSA-based encryption. Padded RSA (PKCS #1 v1.5). Digital signatures.
  Reading: Sections 11.5.1 (through page 412), 11.5.2, 11.5.4, and 12.1.
  
  
• [May 6: Lecture 39]
  Digital signatures. The hash-and-sign paradigm. RSA-based signatures.
  Reading: Sections 12.2, 12.3, and 12.4.
  
  
• [May 9: Lecture 40]
  Final review. Certificates and public-key infrastructures. SSL/TLS.
  Reading: Sections 12.7 and 12.8.
  
  
• [May 18, 8:00-10:00: Final Exam] in CSIC 2117