Syllabus

The following is a tentative list of topics that will be covered. Click on each topic for further details and suggested readings. Details for later topics will be added and/or updated as the course progresses.

Feb 2: Overview of Cryptography

Topics (Lecture Notes)
- Introduction to cryptography
- The one-time pad and perfect secrecy
References
- Boneh-Shoup (Chapter 2.1-2.2)

Feb 4: Cryptographic Definitions and Semantic Security

Topics (Lecture Notes)
- Pseudorandom generators (PRGs)
- Semantic security
References
- Boneh-Shoup (Chapter 2.3-2.4, 3.1-3.5)

Feb 9: Stream Ciphers

Topics (Lecture Notes)
- Stream cipher constructions (LCGs, LFSRs, RC4, ChaCha)
- Chosen-plaintext security (CPA-security)
References
- Boneh-Shoup (Chapter 3.6-3.9, 5.1-5.3)

Feb 11: Block Ciphers

Topics (Lecture Notes)
- Chosen-plaintext security (CPA-security)
- Pseudorandom functions (PRFs) and permutations (PRPs)
- PRF switching lemma
References
- Boneh-Shoup (Chapter 4.1, 4.4, 5.1-5.3)

Feb 16: Using Block Ciphers

Topics (Lecture Notes)
- Block cipher modes of operation (CTR, CBC, ECB)
References
- Boneh-Shoup (Chapter 5.4-5.5)

Feb 18: Constructing Block Ciphers

Topics (Lecture Notes)
- Feistel networks and Luby-Rackoff
- Iterated Even-Mansour constructions
- Block cipher constructions (3DES and AES)
References
- Boneh-Shoup (Chapter 4.2, 4.5, 4.7)

Feb 23: Message Integrity

Topics (Lecture Notes)
- Message authentication codes (MACs)
- MACs from PRFs
- Domain extension for PRFs (ECBC, NMAC, CMAC, PMAC)
References
- Boneh-Shoup (Chapter 6)

Feb 25: Collision-Resistant Hashing

Topics (Lecture Notes)
- Collision resistant hash functions (CRHFs)
- Merkle-Damgård construction
- Davies-Meyer compression function
References
- Boneh-Shoup (Chapter 8.1-8.8)

Mar 2: HMAC and Authenticated Encryption

Topics (Lecture Notes)
- Hash-based MACs: HMAC
- Hash-based key derivation (HKDF)
- Authenticated encryption
References
- Boneh-Shoup (Chapter 9.1-9.7)

Mar 4: Authenticated Encryption

Topics (Lecture Notes)
- Active attacks and chosen-ciphertext security (CCA-security)
- Authenticated encryption with associated data (AEAD)
- Carter-Wegman MAC
- Galois counter mode (GCM)
References
- Boneh-Shoup (Chapter 9.1-9.7)

Mar 9: No Class

Mar 11: Introduction to Prime-Order Groups

Topics (Lecture Notes)
- Key distribution (Kerberos)
- Diffie-Hellman key exchange
- Prime-order groups: definitions and properties
References
- Boneh-Shoup (Chapter 10.4-10.5)

Mar 16: The Discrete Logarithm Problem

Topics (Lecture Notes)
- Computational problems over prime-order groups
- Discrete log, CDH, and DDH
- Concrete instantiations of discrete log groups
References
- Boneh-Shoup (Chapter 10.4-10.5)

Mar 18: Public-Key Encryption

Topics (Lecture Notes)
- Diffie-Hellman key exchange
- Public-key encryption
- ElGamal encryption
References
- Boneh-Shoup (Chapter 11.2-11.3, 11.5)

Mar 23: Introduction to Composite-Order Groups

Topics (Lecture Notes)
- Digital signatures
- Composite-order groups: definitions and properties
- The RSA trapdoor permutation
References
- Boneh-Shoup (Chapter 10.2-10.3, 13.1)

Mar 25: Public-Key Cryptography from RSA

Topics (Lecture Notes)
- Signatures from RSA (RSA-FDH), PKCS1 signatures
- Insecurity of textbook RSA
- Public-key encryption from RSA
References
- Boneh-Shoup (Chapter 11.4, 13.2-13.4)

Mar 30: Authenticated Key Exchange

Topics (Lecture Notes)
- Certificates and the public-key infrastructure (PKI)
- Authenticated key-exchange protocols: constructions and attacks
- Transport Layer Security (TLS)
References
- Boneh-Shoup (Chapter 21.1-21.6, 21.10)

Apr 1: Identification Protocols

Topics (Lecture Notes)
- Identification protocols and threat models
- Password storage and management
- One-time passwords (SecurID, TOTP, S/Key)
- Challenge-response authentication and active security
References
- Boneh-Shoup (Chapter 18.1-18.6)

Apr 6: Introduction to Zero-Knowledge

Topics (Lecture Notes)
- Interactive proof systems
- Defining zero-knowledge and the simulation paradigm
References
- Boneh-Shoup (Chapter 20.1)
- The Knowledge Complexity of Interactive Proof Systems, by Shafi Goldwasser, Silvio Micali, and Charles Rackoff

Apr 8: Zero-Knowledge Proofs

Topics (Lecture Notes)
- Zero-knowledge proofs for NP
References
- Boneh-Shoup (Chapter 19.1, 19.4-19.5)

Apr 13: Proofs of Knowledge

Topics (Lecture Notes)
- Proofs of knowledge
- Schnorr's proof of knowledge of discrete log
- Schnorr's identification protocol
References
- Boneh-Shoup (Chapter 19.1-19.3)

Apr 15: No Class

Apr 20: Non-Interactive Proofs and ECDSA

Topics (Lecture Notes)
- The Fiat-Shamir heuristic
- Schnorr signatures and (EC)DSA signatures
References
- Boneh-Shoup (Chapter 20.3)

Apr 22: Multiparty Computation

Topics (Lecture Notes)
- Motivation and definitions
- Oblivious transfer (OT)
References
- Evans-Kolesnikov-Rosulek (Chapter 1-2, 3.7)

Apr 27: Two-Party Computation

Topics (Lecture Notes)
- Yao's garbled circuit protocol
- Introduction to post-quantum cryptography
References
- Evans-Kolesnikov-Rosulek (Chapter 3.1)

Apr 29: Lattices and Learning with Errors

Topics (Lecture Notes)
- Introduction to lattice-based cryptography
- The learning with errors (LWE) problem
- Public-key encryption from LWE
References
- Peikert (Section 2, 4.2, 5.2)

May 4: Short Integer Solutions

Topics (Lecture Notes)
- The short integer solutions (SIS) problem
- Collision-resistant hash functions from SIS
- Digital signatures and lattice trapdoors
References
- Peikert (Section 4.1, 5.1, 5.4, 5.5.1)

May 6: Lattice-Based Key Exchange

Topics (Lecture Notes)
- Lattice-based key exchange
- Improving efficiency using ring LWE
References
- Peikert (Section 4.4)
- Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE by Bos et al.

Web Analytics