Lecture Schedule, Spring 2022
Note: Entries for dates in the past reflect what was covered; entries for dates in the future are tentative and subject to change as the semester progresses.
Readings refer to Introduction to Modern Cryptography, 3rd edition.
Note: slides will be posted when available; however, slides may not be used for all lectures and may not correspond exactly to what was covered in class.
- [Jan 25: Lecture 1] (slides)
HW1 out -- due Feb 4
Introduction and overview. Private-key cryptography.
The syntax of private-key encryption. The shift cipher.
Reading: Sections 1.1-1.3.
- [Jan 27: Lecture 2] (slides)
ASCII, hex, and the ASCII shift cipher.
Elementary cryptanalysis and frequency analysis.
The Vigenere cipher.
Reading: Sections 1.3 and 1.4. (Note: The ASCII shift/Vigenere ciphers are not covered in the book.)
- [Feb 1: Lecture 3] (slides)
Modern cryptography: definitions, assumptions, and proofs.
Perfect secrecy. The one-time pad. Proving security of the one-time pad (OTP).
Reading: Sections 1.4, 2.1, and 2.2.
- [Feb 3: Lecture 4] (slides)
HW2 out -- due Feb 11
Limitations of perfect secrecy.
A computational notion of security.
Reading: Sections 2.3, 3.1, and 3.2.1.
- [Feb 8: Lecture 5] (slides)
Pseudorandomness and pseudorandom generators.
Reading: Sections 3.2.1 and 3.3.1.
- [Feb 10: Lecture 6] (slides)
The pseudo-OTP. Proofs by reduction, and a
proof of security for the pseudo-OTP.
Security for multiple encryptions.
Reading: Sections 3.3.1-3.3.3 and 3.4.1.
- [Feb 15: Lecture 7] (slides)
HW3 out -- due Feb 25
Drawbacks of deterministic encryption.
Chosen-plaintext attacks and CPA-security.
Pseudorandom functions.
Reading: Sections 3.4.2 and 3.5.1.
- [Feb 17: Lecture 8] (slides)
Pseudorandom permutations and block ciphers.
CPA-security from pseudorandom functions.
Reading: Section 3.5.2.
- [Feb 22: Lecture 9] (slides)
Stream ciphers. Stream-cipher and block-cipher modes of operation.
Message integrity and message authentication codes (MACs).
Reading: Sections 3.6.1-3.6.3 and 4.1.
- [Feb 24: Lecture 10] (slides)
HW4 out -- due Mar 4
Defining security for MACs. A fixed-length MAC.
MACs for arbitrary-length messages. CBC-MAC.
Reading: Sections 4.2, 4.3, and 4.4.1.
- [Mar 1: Lecture 11] (slides)
CBC-MAC.
Chosen-ciphertext attacks and CCA-security. Padding-oracle attacks.
Reading: Sections 4.4.1 and 5.1.
- [Mar 3: Lecture 12] (slides)
HW5 out -- due Mar 28
Authenticated encryption and generic constructions. Secure sessions.
Reading: Sections 5.2, 5.3.1, and 5.4.
- [Mar 8: Lecture 13] (slides)
Hash functions and collision resistance.
Birthday attacks on hash functions. The Merkle-Damgard transform.
HMAC.
Reading: Sections 6.1.1, 6.2, 6.3.1, and 6.4.1.
- [Mar 10: Lecture 14] (slides)
Additional applications of hash functions. Hash functions as random oracles.
Reading: Sections 6.5 and 6.6.1-6.6.4.
- [Mar 15: Lecture 15] (slides)
Practical constructions of stream ciphers. LFSRs.
Adding non-linearity.
Reading: Sections 7.1.1 and 7.1.2.
- [Mar 17: Midterm]
The exam will be on any material covered in class through Mar 10.
The exam is open-book/open-notes; no electronic devices are allowed.
- Spring break
- [Mar 29: Lecture 16] (slides)
HW6 out -- due Apr 13
Correlation attacks on combination generators.
Trivium and RC4.
Practical constructions of block ciphers.
Substitution-permutation networks (SPNs).
Reading: Sections 7.1.3, 7.1.4, and 7.2.1.
- [Mar 31: Lecture 17] (slides)
Substitution-permutation networks (SPNs) and
attacks on reduced-round SPNs.
Reading: Sections 7.2.1 and 7.2.2.
- [Apr 5: Lecture 18] (slides)
Feistel networks.
The Data Encryption Standard (DES),
2DES, and triple-DES. Meet-in-the-middle attacks.
The Advanced Encryption Standard (AES).
Practical constructions of hash functions: the Davies-Meyer construction.
Reading: Sections 7.2.3-7.2.5, 7.3.1, and 7.3.2.
- [Apr 7: Lecture 19] (slides)
Basic number theory and algorithmic number theory.
Modular arithmetic.
Efficient exponentiation.
Reading: Sections 9.1.1 and 9.1.2;
Appendices B.1 and B.2.1-B.2.3.
- [Apr 12: Lecture 20] (slides)
Group theory.
Reading: Sections 9.1.3 and 9.1.4.
- [Apr 14: Lecture 21] (slides)
HW7 out -- due April 25
Primality testing, the factoring assumption, and the RSA assumption.
Reading: Sections , 9.2.1, 9.2.3, and 9.2.4.
- [Apr 19: Lecture 22] (slides)
Cyclic groups. The discrete-logarithm and Diffie-Hellman assumptions.
Concrete parameters.
Reading: Sections 9.3.1-9.3.3, and 10.4.
- [Apr 21: Lecture 23] (slides)
Drawbacks of private-key cryptography. Key exchange and
the Diffie-Hellman key-exchange protocol.
The public-key setting.
Public-key encryption: syntax and definitions of security.
Definitions of security for public-key encryption.
Reading:
Sections 11.1, 11.3, 11.4, 12.1, and 12.2.
- [Apr 26: Lecture 24] (slides)
HW8 out -- due May 5
Hybrid encryption and the KEM/DEM paradigm.
El Gamal encryption. DDH-based key encapsulation.
Reading: Sections 12.3, 12.4.1, and 12.4.2.
- [Apr 28: Lecture 25] (slides)
RSA-based encryption. Padded RSA (PKCS #1 v1.5). RSA-OAEP (PKCS #1 v2).
Digital signatures.
Reading: Sections 12.5.1, 12.5.2, 12.5.4, and 13.1.
- [May 3: Lecture 26] (slides)
The hash-and-sign paradigm. RSA-based signatures.
Schnorr signatures and (EC)DSA. Certificates and public-key infrastructures.
Reading: Sections 13.2-13.6.
- [May 5: Lecture 27] (slides)
Certificates and public-key infrastructures. SSL/TLS.
Reading: Sections 13.6 and 13.7.
- [May 10: Lecture 28] (slides)
Post-quantum cryptography.
Reading: Sections 14.1-14.3.
- [May 13: Final Exam] 8:00-10:00 (as per the official schedule)
The exam will be on any material covered in class through May 5.
Further details will be announced in class.
Web Accessibility