2016-02-10 (lecture) | Classical ciphers. | [video] |
2016-02-12 (practice) | Breaking a substitution cipher.
How to define security of encryption (sketches). |
2016-02-17 (lecture) | Perfect secrecy. One-time pad. Security and limitations of OTP.
Streamciphers (basic construction). LFSR. | [video] |
2016-02-19 (practice) | Breaking LFSRs with linear algebra. Malleability of one-time-pad (bank transfer). Attacking the linear congruence randomness generator |
2016-02-26 (lecture) | Stream ciphers (ctd.). IND-OT-CPA security. Pseudo-random generators (PRG). Security proof for stream ciphers. | [video] |
2016-03-02 (lecture) | Block ciphers. DES (construction). Feistel networks. 2DES, 3DES. Meet-in-the-middle attack | [video] |
2016-03-04 (practice) | Security proof: If G is PRG, then H(x,y):=G(x)||y is PRG |
2016-03-09 (lecture) | Security notions of block ciphers: strong PRP. Security of encryption: IND-CPA. Modes of operation: ECB, CBC.
Insecurity of ECB. IND-CPA security of CBC. | [video] |
2016-03-11 (practice) | Details of stream cipher security proof. Malleability of CBC mode |
2016-03-16 (lecture) | Public key encryption. Textbook RSA. RSA-assumption. Weaknesses of textbook RSA. ElGamal. | [video] |
2016-03-18 (practice) | "Crypto competition": Authenticated encryption |
2016-03-23 (practice) | Breaking 3RSA for small messages. RSA with N=pqr |
2016-03-30 (lecture) | ElGamal. Decisional Diffie-Hellman (DDH) assumption. IND-CPA (public-key). Security of ElGamal. Malleability of ElGamal. Hybrid Encryption | [video] |
2016-04-01 (lecture) | Message authentication codes (MAC). Hash functions. Collision resistance. Iterated hash. Merkle-Damgård construction. |
2016-04-06 (lecture) | Merkle-Damgård. Davies-Meyer. Miyaguchi-Preneel. Insecurity of Merkle-Damgård as a MAC. HMAC. EF-CMA definition. MAC from block cipher/PRF. Extending message space of MACs. | [video] |
2016-04-08 (practice) | Two variants of EF-CMA. Constructing bad MACs secure under these variants. |
2016-04-13 (lecture) | Signatures. EF-CMA. One-way functions. One-time signature construction. | [video] |
2016-04-15 (practice) | Constructing a secure protocol for movie download using PKE and signatures. |
2016-04-20 (lecture) | Tree-based signatures (how to get signatures from one-time signatures). | [video] |
2016-04-22 (practice) | Security proof of one-time signatures scheme (partial) |
2016-04-27 (lecture) | Full Domain Hash (FDH) signatures. Random oracle model/heuristic. Unsoundness of random oracle heuristic. | [video] |
2016-04-29 (practice) | Constructiong and security proof: One-way functions in the random oracle model |
2016-05-04 (lecture) | Symbolic cryptography. Needham-Schröder-(Lowe) protocols. | [video] |
2016-05-06 (practice) | Symbolic crypto analysis of "movie download" protocol |
2016-05-11 (practice) | Developing a (simple) protocol for secure channels (à la TLS). |
2016-05-13 (lecture) | Secure function evaluation. Yao's garbled circuits. Oblivious transfer (OT). | [video] |
2016-05-18 (lecture) | Overview of quantum cryptography (post-quantum crypto, quantum protocols). | [video] |
2016-05-20 (practice) | (Trying to) make a passive OT protocol actively secure. |
2016-05-25 (lecture) | Zero-knowledge proofs. | [video] |