Syllabus

Date	Topic and Readings
	Symmetric Cryptography
January 13	Overview of Cryptography (Lecture Notes) Overview of cryptography The one-time pad and perfect secrecy References Boneh-Shoup (Chapter 2.1-2.2)
January 14	Stream Ciphers (Lecture Notes) Pseudorandom generators (PRGs) Semantic security References Boneh-Shoup (Chapter 2.3-2.4, 3.1-3.5)
January 20	No class: MLK Day
January 21	Stream Ciphers (Lecture Notes) Stream cipher constructions (LCGs, LFSRs, RC4, ChaCha) Chosen-plaintext security (CPA-security) References Boneh-Shoup (Chapter 3.6-3.9, 5.1-5.3)
January 27	Block Ciphers (Lecture Notes) Chosen-plaintext security (CPA-security) Pseudorandom functions (PRFs) and permutations (PRPs) PRF switching lemma References Boneh-Shoup (Chapter 4.1, 4.4, 5.1-5.3)
January 28	Using Block Ciphers (Lecture Notes) Block cipher modes of operation (CTR, CBC, ECB) References Boneh-Shoup (Chapter 5.4-5.5)
February 3	Constructing Block Ciphers (Lecture Notes) Feistel networks and Luby-Rackoff Iterated Even-Mansour constructions Block cipher constructions (3DES and AES) References Boneh-Shoup (Chapter 4.2, 4.5, 4.7)
February 4	Message Integrity (Lecture Notes) Message authentication codes (MACs) MACs from PRFs Domain extension for PRFs (ECBC, NMAC, CMAC, PMAC) References Boneh-Shoup (Chapter 6)
February 10	Collision-Resistant Hashing (Lecture Notes) Collision resistant hash functions (CRHFs) Merkle-Damgård construction Davies-Meyer compression function Hash-based MACs: HMAC References Boneh-Shoup (Chapter 8.1-8.8)
February 11	Authenticated Encryption (Lecture Notes) Active attacks and chosen-ciphertext security (CCA-security) Authenticated encryption with associated data (AEAD) Carter-Wegman MAC Galois counter mode (GCM) References Boneh-Shoup (Chapter 9.1-9.7)
	Public-Key Cryptography
February 17	Introduction to Prime-Order Groups (Lecture Notes) Diffie-Hellman key exchange Prime-order groups: definitions and properties References Boneh-Shoup (Chapter 10.4-10.5)
February 18	The Discrete Logarithm Problem (Lecture Notes) Computational problems over prime-order groups Discrete log, CDH, and DDH Concrete instantiations of discrete log groups References Boneh-Shoup (Chapter 10.4-10.5)
February 24	Public-Key Encryption (Lecture Notes) Self-reducibility of discrete log Public-key encryption Diffie-Hellman key exchange and ElGamal encryption References Boneh-Shoup (Chapter 11.2-11.3, 11.5)
February 25	Introduction to Composite-Order Groups (Lecture Notes) Digital signatures Composite-order groups: definitions and properties The RSA trapdoor permutation References Boneh-Shoup (Chapter 10.2-10.3, 13.1)
March 2	Public-Key Cryptography from RSA (Lecture Notes) Signatures from RSA (RSA-FDH), PKCS1 signatures Insecurity of textbook RSA Public-key encryption from RSA References Boneh-Shoup (Chapter 11.4, 13.2-13.4)
March 3	Authenticated Key Exchange (Lecture Notes) Certificates and the public-key infrastructure (PKI) Authenticated key-exchange protocols: constructions and attacks Transport Layer Security (TLS) References Boneh-Shoup (Chapter 21.1-21.6, 21.10)
March 9	No class: Spring Break
March 10	No class: Spring Break
March 16	No class: Spring Break
March 17	No class: Spring Break
March 23	No class: Take-Home Midterm
March 24	No class: Take-Home Midterm
	Cryptographic Protocols
March 30	Identification Protocols (Lecture Notes) Identification protocols and threat models Password storage and management One-time passwords (SecurID, TOTP, S/Key) Challenge-response authentication and active security References Boneh-Shoup (Chapter 18.1-18.6)
March 31	Introduction to Zero-Knowledge (Lecture Notes) Interactive proof systems Defining zero-knowledge and the simulation paradigm References Boneh-Shoup (Chapter 20.1) The Knowledge Complexity of Interactive Proof Systems, by Shafi Goldwasser, Silvio Micali, and Charles Rackoff
April 6	Zero-Knowledge Proofs (Lecture Notes) Zero-knowledge proofs for NP Proofs of knowledge Schnorr's proof of knowledge of discrete log References Boneh-Shoup (Chapter 19.1, 19.4-19.5)
April 7	Sigma Protocols (Lecture Notes) Schnorr's identification protocol Sigma protocols and proving relations in the exponent References Boneh-Shoup (Chapter 19.1, 19.4)
April 13	Sigma Protocols (Lecture Notes) Chaum-Pedersen proofs for DDH tuples The OR-proof construction References Boneh-Shoup (Chapter 19.5, 19.7, 20.2)
April 14	Non-Interactive Zero-Knowledge (Lecture Notes) The Fiat-Shamir heuristic Schnorr signatures and (EC)DSA signatures References Boneh-Shoup (Chapter 19.2-19.3, 20.3)
April 20	Introduction to Multiparty Computation (Lecture Notes) Motivation and definitions Oblivious transfer (OT) References Evans-Kolesnikov-Rosulek (Chapter 1-2, 3.7)
April 21	Two-Party Computation (Lecture Notes) Yao's garbled circuit protocol References Evans-Kolesnikov-Rosulek (Chapter 3.1)
April 27	Secret Sharing (Lecture Notes) Lagrange interpolation and Shamir secret sharing Threshold signatures References Evans-Kolesnikov-Rosulek (Chapter 3.4) How to Share a Secret, by Adi Shamir
April 28	Multiparty Computation (Lecture Notes) Beaver's multiplication protocol MPC in the preprocessing model Recap and concluding remarks References Evans-Kolesnikov-Rosulek (Chapter 3.4)