Course Syllabus
Winter 2010
Optional reading can be found in two texts listed below (KL and HAC). Only one of these books is needed and KL is a much better fit for the class. Students opting for a free book can find some of the material in HAC.
- KL: Introduction to Modern Cryptography by J. Katz and Y. Lindell.
- HAC: (free) Handbook of Applied Cryptography by A. Menezes, P. Van Oorschot, S. Vanstone.
Syllabus
|
Lecture 1:
1/ 4/10
|
History and overview of cryptography
|
| Basic symmetric-key encryption | |
|
Lecture 2:
1/ 6/10
|
One time pad and stream ciphers
perfect secrecy and the one time pad.
Reading:
KL 29-40, 61-77 ; HAC 20-21, 191-194.
semantic security and stream ciphers. |
|
Lecture 3:
1/11/10
|
Block ciphers
Case studies: Feistel networks, DES, 3DES, and AES.
Reading:
KL 159-187; HAC 233-237, 250-259
basic modes of operation: CBC and counter mode. |
|
Lecture 4:
1/13/10
|
Block cipher abstractions: PRPs and PRFs
[pdf]
Pseudo Random Permutations (PRP); Pseudo Random Functions (PRF);
Reading:
KL 86-88, 94-102 ; HAC 228-230
security against chosen plaintext attacks (CPA); nonce-based CBC encryption and nonce-based counter mode. |
|
Holiday: 1/18/10 |
MLK: no classes |
|
Lecture 5:
1/20/10
|
Attacks on block ciphers
exhaustive search, time-space tradeoffs,
Reading:
KL 82-85, 89-90
differential & linear cryptanalysis, meet in the middle, side channels. |
| Message integrity | |
|
Lecture 6:
1/25/10
|
Message integrity: definition and applications
CBC-MAC and PMAC.
Reading:
KL 111-126
|
|
Lecture 7:
1/27/10
|
Collision resistant hashing
Merkle-Damgard and Davies-Meyer. MACs from collision resistance.
Reading:
KL 127-143 ; HAC 333-335, 339-341, 348
Case studies: SHA and HMAC. |
|
Lecture 8:
2/ 1/10
|
Authenticated encryption: security against active attacks
also: intro to session setup using a key distribution center (KDC).
Reading:
KL 148-154
|
| Public key cryptography | |
|
Lecture 9:
2/ 3/10
|
Arithmetic modulo primes
Summary of relevant facts: pdf. |
|
Lecture 10:
2/ 8/10
|
Cryptography using arithmetic modulo primes
vanilla key exchange (Diffie-Hellman);
the CDH and discrete-log assumptions
Reading:
KL 315-339, 364-368
|
|
Lecture 11:
2/10/10
|
Public key encryption
semantically secure ElGamal encryption;
CCA security
Reading:
KL 315-339, 364-368
|
|
Holiday: 2/15/10 |
President's day: no classes. |
|
Lecture 12:
2/17/10
|
Arithmetic modulo composites
[pdf]
RSA and Rabin functions.
Reading:
KL 355-364 how to encrypt with trapdoor permutations. Summary of relevant facts: pdf. |
| Digital signatures | |
|
Lecture 13:
2/22/10
|
Digital signatures: definitions and applications
How to sign using RSA.
Reading:
KL 421-432
|
|
Lecture 14:
2/24/10
|
More signature schemes
Lamport and Merkle schemes.
Reading:
KL 432-453
overview of signatures based on discrete-log. certificates and trust management. |
| Final topics | |
|
Lecture 15:
3/ 1/10
|
Real world crypto: SSL/TLS and IPsec
record protocol. key exchange. password-based key exchange.
Reading:
None.
|
|
Lecture 16:
3/ 3/10
|
Identification protocols
[pdf]
UNIX passwords and salts; one time passwords (S/Key and SecurID);
Reading:
HAC Ch. 10.
challenge response authentication. |
|
Lecture 17:
3/ 8/10
|
Privacy mechanisms
group signatures and private information retrieval.
Reading:
None.
|
|
Lecture 18:
3/10/10
|
Advanced topics. TBD
|