|2017-02-15 (lecture)||Classical ciphers.||[video]|
|2017-02-15b (lecture)||Perfect secrecy. One-time pad. Security and limitations of OTP.
Streamciphers (basic construction). LFSR.||[video]|
|2017-02-22 (lecture)||Stream ciphers (ctd.). IND-OT-CPA security. Pseudo-random generators (PRG). Security proof for stream ciphers.||[video]|
|2017-02-22 (practice)||Breaking a substitution cipher. Malleability of one-time-pad (bank transfer). Attacking the linear congruence randomness generator.|
|2017-03-01 (lecture)||Block ciphers. AES (construction). Feistel networks. Provable security vs. best effort.||[video]|
|2017-03-01 (practice)||Security proof: If G is PRG, then H(x,y):=G(x)||y is PRG. Insecurity of 3-round-Feistel.|
|2017-03-08 (lecture)||Security notions of block ciphers: strong PRP.
Provable security & "best-effort security".
Security of encryption: IND-CPA. Modes of operation: ECB, CBC.
Insecurity of ECB. IND-CPA security of CBC (only claim).||[video]|
|2017-03-08 (practice)||Security of AES with missing AddRoundKey/SubBytes/MixColumns/ShiftRows|
|2017-03-15 (lecture)||Public key encryption. Textbook RSA. RSA-assumption. Weaknesses of textbook RSA.||[video]|
|2017-03-15 (practice)||Malleability of CBC mode, "Crypto competition": Authenticated encryption|
|2017-03-22 (lecture)||ElGamal. Decisional Diffie-Hellman (DDH) assumption.
IND-CPA (public-key). Security of ElGamal.||[video]|
|2017-03-22 (practice)||Breaking 3RSA for small messages. RSA with N=pqr|
|2017-03-29 (lecture)||Malleability of ElGamal. Definition IND-CCA. Hybrid Encryption.
Message authentication codes (MACs). Hash functions. Collision-resistance.||[video]|
|2017-03-29 (practice)||Repetition ElGamal|
|2017-04-05 (lecture)||Iterated hash. Merkle-Damgård construction.
Insecurity of Merkle-Damgård as a MAC. HMAC.||[video]|
|2017-04-05 (practice)||Insecurity of ElGamal mod p. Quadratic residues.|
|2017-04-12 (lecture)||EF-CMA definition. MAC from block cipher/PRF.
Extending message space of MACs. CBC-MAC, DMAC, and their security.
Davies-Meyer. Miyaguchi-Preneel. Birthday attacks for hashes.||[video]|
|2017-04-12 (practice)||Breaking Iterated Hash / Merkle-Damgård with various compression functions.|
|2017-04-19 (lecture)||Signatures. EF-CMA. One-way functions. One-time signature construction.||[video]|
Your current amount of points in the homework can be accessed
|2017-02-17||2017-03-03||Homework 1||Solution 1, otp-xor.py|
|2017-03-03||2017-03-17||Homework 2, ind-ot-cpa.py, prg.py||Solution 2, ind-ot-cpa-solution.py, ind-cpa-solution.py|
|2017-03-21||2017-04-01||Homework 3, ecb-distinguish.py, ecb-distinguish-2.txt, ecb-distinguish-1.txt, 3rsa-aes.py||Solution 3, 3rsa-aes-adv.py, ecb-distinguish-sol.py|
|2017-04-04||2017-04-17||Homework 4, hybrid.py||Solution 4, hybrid-solution.py|
|2017-04-21||2017-05-05||Homework 5, owf.py|| |
The course "Cryptology I" introduces the basics of
cryptography. After discussing historic ciphers and their weaknesses, we
introduce modern cryptographic primitives such as encryption and signature
schemes, hash functions, one-way functions etc. We explain how the
security of cryptographic schemes is defined and proven. We study advanced
cryptographic schemes such as zero-knowledge proofs and secure function
"Elements of Discrete Mathematics" or some
comparable mathematical foundations.
The following reading supplements this lecture (optional!)
Lindell and Katz,
Introduction to Modern Cryptography, Chapman & Hall, 2007.
Materials from the course "Topics
of Mathematics in Cryptology" (especially the chapter on probability
and the one on modular arithmetic).