Syllabus

The following is a tentative list of topics that will be covered. Topics may be added, removed, or updated during the course of the semester. Click on each topic for links to lecture notes and suggested readings. Lecture notes will be available after the lecture.

Topics (Lecture Notes)
- Introduction to cryptography
References
- Boneh-Shoup (Chapter 2.1-2.2)

Topics (Lecture Notes)
- The one-time pad and perfect secrecy
- Pseudorandom generators (PRGs)
References
- Boneh-Shoup (Chapter 3.1-3.3)

Topics (Lecture Notes)
- Cryptographic definitions and security reductions
- Semantic security
- Examples of security reductions
References
- Boneh-Shoup (Chapter 2.3, 3.1-3.3)

Topics (Lecture Notes)
- Linear generators and their insecurity
- Stream cipher candidates
- Chosen-plaintext security (CPA-security)
References
- Boneh-Shoup (Chapter 3.7-3.9, 5.1-5.3)

Topics (Lecture Notes)
- Pseudorandom functions (PRFs) and permutations (PRPs)
- CPA-secure encryption from PRFs
References
- Boneh-Shoup (Chapter 4.1, 4.4, 5.4-5.5)

Topics (Lecture Notes)
- Counter (CTR) mode encryption
- Cipherblock chaining (CBC) mode encryption
References
- Boneh-Shoup (Chapter 4.1, 4.4, 5.4-5.5)

Topics (Lecture Notes)
- Even-Mansour cipher
- Advanced Encryption Standard (AES)
References
- Boneh-Shoup (Chapter 4.2-4.3)

Topics (Lecture Notes)
- Message authentication codes (MACs)
- MACs from PRFs
- Domain extension for PRFs (rawCBC, ECBC, PMAC)
References
- Boneh-Shoup (Chapter 6)

Topics (Lecture Notes)
- Collision resistant hash functions (CRHFs)
- Birthday bound
- Merkle-Damgård construction
References
- Boneh-Shoup (Chapter 6, Chapter 8.1-8.4)

Topics (Lecture Notes)
- Davies-Meyer compression function
- Hash-based MACs
- HMAC and HKDF
References
- Boneh-Shoup (Chapter 8.5-8.7)

Topics (Lecture Notes)
- Authenticated encryption and CCA-security
- Authenticated encryption from encrypt-then-MAC
- Authenticated encryption wtih associated data
References
- Boneh-Shoup (Chapter 9.1-9.7)

Topics (Lecture Notes)
- Merkle puzzles and key-agreement protocols
- Prime-order groups: definitions and properties
References
- Boneh-Shoup (Chapter 10.8, Appendix A)

Topics (Lecture Notes)
- Discrete log, CDH, and DDH
- Concrete instantiations of discrete log groups
- Diffie-Hellman Key Exchange
References
- Boneh-Shoup (Chapter 10.4-10.5)

Topics (Lecture Notes)
- Elliptic-curve groups
- Public-key encryption
References
- Boneh-Shoup (Chapter 11.2-11.3, 15.1-15.3)

Topics (Lecture Notes)
- ElGamal encryption
- CCA-secure public-key encryption
References
- Boneh-Shoup (Chapter 11.5, 12.1-12.2, 12.4)

Topics (Lecture Notes)
- Digital signatures
- Composite-order groups: definitions and properties
- The RSA trapdoor permutation
- RSA-FDH signatures
References
- Boneh-Shoup (Chapter 10.2-10.3, 13.1, 13.3)

Topics (Lecture Notes)
- PKCS1 signatures
- Public-key encryption from RSA
- RSA-OAEP
References
- Boneh-Shoup (Chapter 11.4, 12.8, 13.6)

Topics (Lecture Notes)
- Public-key encryption from RSA
- Certificates and the public-key infrastructure (PKI)
- Transport Layer Security (TLS)
- AKE protocols: constructions and attacks
References
- Boneh-Shoup (Chapter 21.1, 21.10)

Topics (Lecture Notes)
- Identification protocols and threat models
- Password storage and management
- One-time passwords (SecurID, TOTP, S/Key)
- Challenge-response authentication and active security
References
- Boneh-Shoup (Chapter 18.1-18.6)

Topics (Lecture Notes)
- Proof systems
- Interactive proofs
- Defining zero knowledge and the simulation paradigm
- Zero-knowledge proof for 3-coloring
References
- Boneh-Shoup (Chapter 20.1)
- The Knowledge Complexity of Interactive Proof Systems by Shafi Goldwasser, Silvio Micali, and Charles Rackoff

Topics (Lecture Notes, Video)
- Zero knowledge proof for graph 3-coloring
References
- The Knowledge Complexity of Interactive Proof Systems by Shafi Goldwasser, Silvio Micali, and Charles Rackoff

Topics (Lecture Notes)
- Proofs of knowledge
- Schnorr's proof of knowledge of discrete log
References
- Boneh-Shoup (Chapter 19.1-19.3)

Topics (Lecture Notes)
- The Fiat-Shamir heuristic
- Schnorr signatures and (EC)DSA signatures
References
- Boneh-Shoup (Chapter 20.3)

Topics (Lecture Notes)
- Implications of quantum computing on cryptography
- Signatures from one-way functions (Lamport signatures)
References
- Boneh-Shoup (Chapter 14.1-2)

Syllabus

Jan 10: Overview of Cryptography

Jan 12: The One-Time Pad and Stream Ciphers

Jan 17: PRGs and Security Reductions

Jan 19: Stream Cipher Constructions

Jan 24: Pseudorandom Functions

Jan 26: Block Cipher Modes of Operation

Jan 31: University Closure (No Class)

Feb 2: University Closure (No Class)

Feb 7: Block Cipher Constructions

Feb 9: Message Integrity

Feb 14: Collision-Resistant Hash Functions

Feb 16: HMAC and Key Derivation

Feb 21: Authenticated Encryption and CCA Security

Feb 23: Exam 1 (In Class)

Feb 28: Key Agreement and Prime-Order Groups

Mar 2: Diffie-Hellman Key Exchange

Mar 7: Public-Key Encryption

Mar 9: ElGamal Encryption and CCA-Security

Mar 14: Spring Break (No Class)

Mar 16: Spring Break (No Class)

Mar 21: The RSA Problem and Digital Signatures

Mar 23: Public-Key Cryptography from RSA

Mar 28: Authenticated Key Exchange

Mar 30: Identification Protocols

Apr 4: Zero-Knowledge Proofs

Apr 6: Zero Knowledge for NP

Apr 11: Proofs of Knowledge

Apr 13: Non-Interactive Proofs and ECDSA

Apr 18: Post-Quantum Cryptography

Apr 20: Exam 2 (In Class)