20130210 (lecture) 
Classical ciphers.

20130213 (practice) 
Breaking a substitution cipher. How
to define security of encryption (preview on prefect secrecy).

20130217 (lecture) 
Perfect secrecy. Onetime pad.
Security and limitations of OTP. 
20130220 (practice) 
Malleability of OTP. Breaking LFSR
with linear algebra.

20130227 (practice) 
Breaking bad streamciphers.
(LFSRbased, and hashfunctionbased.)

20130303 (lecture) 
Streamciphers. Besteffort vs
provable security. INDOTCPA. Pseudorandom generators. Security of
streamciphers.

20130306 (practice) 
Defining and proving security: Random
looking encryptions.

20130310 (lecture)

Block ciphers. Construction of DES.
Feistel networks. 2DES and 3DES. Meetinthemiddle attack.

20130313 (practice) 
Attacks on lowround Feistel
networks.

20130317
(lecture) 
Strong PRPs. Modes of operation: ECB,
CBC. INDCPA security.

20130320 (practice) 
Building authenticated encryption
(crypto competition)

20130324
(lecture) 
Public key encryption. Textbook RSA.
RSAassumption. Weeknesses of textbook RSA

20130327 (practice) 
Insecurity of ElGamal mod p.
Quadratic residues.

20130331
(lecture) 
ElGamal. DDH assumption. INDCPA
security (public key case). ElGamal is INDCPA. Malleability of
ElGamal.

20130403 (practice) 
Malleability of ElGamal – example
attacks.

20130407
(lecture) 
INDCCA security. RSAOAEP. Hybrid
encryption. MACs. Hash functions. Collisionresistance. Iterated
hash construction.

20130410 (practice) 
INDCCA public key encryption –
message length extension (crypto competition) 
20130414
(lecture) 
Security requirements and their
modelling. Security requirements elicitation. Patterns and their
examples. [Slides: PDF]

20130421
(lecture) 
Insecurity of iterated hash.
MerkleDamgård. Insecurity of MerkleDamgård MACs. HMAC. EFCMA
security (for MACs). CBCMAC
and its insecurity. DMAC.

20130424 (practice) 
Weakened definitions of EFCMA and
their problems.

20130428 (lecture) 
PRF as a MAC. MAC message length extension. DaviesMeyer,
MiyaguchiPreneel. Signatures. EFCMA (for signatures). Oneway
functions. Onetime signatures from OWFs (Lamport). 
20130505 (lecture) 
Signatures from oneway signatures (tree construction, sketch).
Fulldomain hash (FDH). Random oracle model/heuristic. Security of
FDH in ROM.

20130508 (practice) 
