20130212 (lecture)

General introduction to cryptography. Classical ciphers.

20130219 (lecture) 
Perfect secrecy. One time pad. Limitations of these.

20130219 (practice) 
Breaking a subsitution cipher. "Two time pad" security. Exploiting malleability.

20130226 (lecture) 
Stream ciphers. INDOTCPA. How security proofs work.

20130226 (practice) 
Defining "random looking ciphertexts". Proof "random looking ciphertexts" implies INDOTCPA.

20130312 (lecture) 
Block ciphers. Feistel networks. DES. 2DES. Meet in the middle. 3DES.

20130312 (practice) 
Breaking 1round and 2round Feistel nets. Meetinthemiddle attack on 4DES.

20130319 (lecture) 
Security of block ciphers. Provable security vs. besteffort design. Strong PRP. INDCPA. Modes of operation: ECB, CBC.

20130319 (practice) 
Modes of operation for authenticated encryption ("crypto competition").

20130326 (lecture) 
Public key encryption. Textbook RSA. RSA assumption. ElGamal.

20130326 (practice) 
Breaking insecure modp ElGamal.

20130402 (lecture) 
Security
of ElGamal. DDHassumption. INDCPA (public key variant). Malleability
of ElGamal (auction example & chosen ciphertext attack). INDCCA.
RSAOAEP. Hybrid encryption.

20130402 (practice) 
Constructing nonmalleable encryption schemes for longer messages ("crypto competition")

20130409 (lecture) 
MACs. Hash functions. Iterated hash + attack. MerkleDamgard. Insecurity of MD as MAC. HMAC

20130409 (practice) 
MD5 with length in the beginning
> attack. Constructing compression function with weakness for
Iterated Hash. Crypto competition: MACs from block ciphers.

20130416 (lecture) 
EFCMA security. CBCMAC +
insecurity of it. DMAC. PRF is MAC. Message space extension of MACs
using hash functions. DaviesMeyer. MiyaguchiPreneel. Birthday attack
on hash functions.

20130416 (practice) 
EFCMA definition: necessity of the MAC and Verifyqueries. Keydependent message security.

20130423 (lecture) 
Signatures. EFCMA (for
signatures). Naive approach: encryption as signature. Oneway
functions. Onetime signatures from OWFs (Lamport's scheme).

20130423 (practice) 
Building a protocol (putting all stuff together).

20130430 (lecture) 
Signatures from onetime signatures: stateful chain construction and stateless tree construction.

20130430 (practice) 
Proof of the tree construction for signatures.

20130507 (lecture) 
Full domain hash (FDH) signatures. Random oracle model / heuristic. Security of RSAFDH. Unsoundness of the random oracle.

20130507 (practice) 
Onewayness of the random oracle.

20130514 (lecture) 
NeedhamSchroeder protocol (attack & fix). Symbolic cryptography

20130514 (practice) 
Symbolic analysis of toy protocols. Modeling XOR in symbolic analysis.

20130521 (lecture) 
Zeroknowledge proofs. Yao's garbled circuits.

20130521 (practice) 
Examples of protocols that are/are not ZK proofs. Parallel composition of ZK proofs.

20130528 (lecture) 

20130528 (practice) 
