Online Cryptography Course

Instructor:   Dan Boneh, Stanford University

Online cryptography course preview: This page contains all the lectures in the free cryptography course. To officially take the course, including homeworks, projects, and final exam, please visit the course page at Coursera.

Textbook: The following is a free textbook for the course. The book goes into more depth, including security proofs, and many exercises.

• A Graduate Course in Applied Cryptography by D. Boneh and V. Shoup   (free)

Course syllabus, videos, and slides

•   Course overview (10 min.)
•   What is cryptography (15 min.)
•   History of cryptography (18 min.)

•   Discrete probability (crash course) (18 min.)
•   Discrete probability (crash course, continued) (13 min.)

•   Information theoretic security and the one-time pad (18 min.)
•   Stream ciphers and pseudorandom generators (19 min.)

•   Attacks on stream ciphers and the one-time pad (23 min.)

•   Real-world stream ciphers (19 min.)

•   PRG security definition (24 min.)
•   Semantic security (15 min.)
•   Stream ciphers are semantically secure (10 min.)

•   What are block ciphers (16 min.)

•   The Data Encryption Standard (DES) (21 min.)
•   Exhaustive search attacks (19 min.)
•   More attacks on block ciphers (16 min.)

•   The AES block cipher (13 min.)
•   Block ciphers from PRGs (11 min.)

•   Review: PRPs and PRFs (11 min.)
•   Modes of operation: one-time key (7 min.)

•   Security for many-time key (CPA security) (22 min.)
•   Modes of operation: many-time key (CBC) (16 min.)
•   Modes of operation: many-time key (CTR) (9 min.)

•   Message authentication codes (15 min.)
•   MACs based on PRFs (9 min.)

•   CBC-MAC and NMAC (19 min.)
•   MAC padding (8 min.)
•   PMAC and Carter-Wegman MAC (15 min.)

•   Introduction (10 min.)
•   Generic birthday attack (14 min.)

•   The Merkle-Damgard paradigm (11 min.)
•   Constructing compression functions (8 min.)

•   HMAC (7 min.)
•   Timing attacks on MAC verification (8 min.)

•   Active attacks on CPA-secure encryption (12 min.)
•   Definitions (5 min.)
•   Chosen ciphertext attacks (12 min.)

•   Constructions from ciphers and MACs (20 min.)

•   Case study: TLS 1.2 (17 min.)
•   CBC padding attacks (14 min.)
•   Attacking non-atomic decryption (9 min.)

•   Key derivation (13 min.)

•   Deterministic encryption (14 min.)
•   Deterministic encryption: SIV and wide PRP (20 min.)

•   Tweakable encryption (14 min.)
•   Format preserving encryption (12 min.)

•   Trusted 3rd parties (11 min.)
•   Merkle puzzles (11 min.)

•   The Diffie-Hellman protocol (19 min.)
•   Public-key encryption (10 min.)

•   Notation (14 min.)
•   Fermat and Euler (18 min.)
•   Modular e'th roots (17 min.)

•   Arithmetic algorithms (12 min.)
•   Intractable problems (18 min.)

•   Definitions and security (15 min.)
•   Constructions (10 min.)

•   The RSA trapdoor permutation (17 min.)
•   PKCS1 (21 min.)

•   Is RSA a one-way function? (16 min.)
•   RSA in practice (13 min.)

•   The ElGamal public-key system (19 min.)
•   ElGamal security (13 min.)
•   ElGamal variants with better security (10 min.)

•   A unifying theme (11 min.)
•   Farwell for now (5 min.)