Cryptology I

Lecture spring 2014

Instructor Dominique Unruh <<surname> at ut dot ee>
Teaching assistant
Prastudy Fauzi <<givenname> at ut dot ee>
Lecture Period February 10, 2014 - May 29, 2014
Lectures Mondays, 16:15-17:45, room 206 (Unruh; may sometimes be switched with tutorial)
Practice sessions
Thursdays, 16:15-17:45, room 206 (Unruh)
Course Material Lecture notes, blackboard photos (of practice), and exam study guide.
Language English
Mailing list ut-crypto1@googlegroups.com
Exam Wednesday, June 4, 14:15-17:00, room 206
Contact Dominique Unruh <<surname> at ut dot ee>


Topics covered

2013-02-10 (lecture) Classical ciphers.
2013-02-13 (practice) Breaking a substitution cipher. How to define security of encryption (preview on prefect secrecy).
2013-02-17 (lecture) Perfect secrecy. One-time pad. Security and limitations of OTP.
2013-02-20 (practice) Malleability of OTP. Breaking LFSR with linear algebra.
2013-02-27 (practice) Breaking bad streamciphers. (LFSR-based, and hash-function-based.)
2013-03-03 (lecture) Streamciphers. Best-effort vs provable security. IND-OT-CPA. Pseudorandom generators. Security of streamciphers.
2013-03-06 (practice) Defining and proving security: Random looking encryptions.
2013-03-10 (lecture) Block ciphers. Construction of DES. Feistel networks. 2DES and 3DES. Meet-in-the-middle attack.
2013-03-13 (practice) Attacks on low-round Feistel networks.
2013-03-17 (lecture) Strong PRPs. Modes of operation: ECB, CBC. IND-CPA security.
2013-03-20 (practice) Building authenticated encryption (crypto competition)
2013-03-24 (lecture) Public key encryption. Textbook RSA. RSA-assumption. Weeknesses of textbook RSA
2013-03-27 (practice) Insecurity of ElGamal mod p. Quadratic residues.
2013-03-31 (lecture) ElGamal. DDH assumption. IND-CPA security (public key case). ElGamal is IND-CPA. Malleability of ElGamal.
2013-04-03 (practice) Malleability of ElGamal – example attacks.
2013-04-07 (lecture) IND-CCA security. RSA-OAEP. Hybrid encryption. MACs. Hash functions. Collision-resistance. Iterated hash construction.
2013-04-10 (practice) IND-CCA public key encryption – message length extension (crypto competition)
2013-04-14 (lecture) Security requirements and their modelling. Security requirements elicitation. Patterns and their examples. [Slides: PDF]
2013-04-21 (lecture) Insecurity of iterated hash. Merkle-Damgård. Insecurity of Merkle-Damgård MACs. HMAC. EF-CMA security (for MACs). CBC-MAC
and its insecurity. DMAC.
2013-04-24 (practice) Weakened definitions of EF-CMA and their problems.
2013-04-28 (lecture) PRF as a MAC. MAC message length extension. Davies-Meyer, Miyaguchi-Preneel. Signatures. EF-CMA (for signatures). One-way functions. One-time signatures from OWFs (Lamport).
2013-05-05 (lecture) Signatures from one-way signatures (tree construction, sketch). Full-domain hash (FDH). Random oracle model/heuristic. Security of FDH in ROM.
2013-05-08 (practice)

Homework

Your current amount of points in the homework can be accessed here.
Out / due
Homework
Solution
Feb 18 / Mar 3 Homework 1 Solution 1
Mar 10 / Mar 24
 Homework 2, prg.zip Solution 2
Mar 30 / Apr 7 Homework 3 Solution 3
April 9 / Apr 21 Homework 4, hybrid.py Solution 4, hybrid.py
April 22 / May 5
 Homework 5
 Solution 5
May 7 / May 22 Homework 6 Solution 6
May 22 / May 29 Homework 7 Solution 7

Description

The course "Cryptology I" introduces the basics of cryptography. After discussing historic ciphers and their weaknesses, we introduce modern cryptographic primitives such as encryption and signature schemes, hash functions, one-way functions etc. We explain how the security of cryptographic schemes is defined and proven. We study advanced cryptographic schemes such as zero-knowledge proofs and secure function evaluation.

Requirements

"Elements of Discrete Mathematics" or some comparable mathematical foundations.

Reading

The following reading supplements this lecture (optional!)

Lindell and Katz, Introduction to Modern Cryptography, Chapman & Hall, 2007.
Materials from the course "Topics of Mathematics in Cryptology" (especially the chapter on probability and the one on modular arithmetic).