2017-02-15 (lecture) | Classical ciphers. | [video] |
2017-02-15b (lecture) | Perfect secrecy. One-time pad. Security and limitations of OTP.
Streamciphers (basic construction). LFSR. | [video] |
2017-02-22 (lecture) | Stream ciphers (ctd.). IND-OT-CPA security. Pseudo-random generators (PRG). Security proof for stream ciphers. | [video] |
2017-02-22 (practice) | Breaking a substitution cipher. Malleability of one-time-pad (bank transfer). Attacking the linear congruence randomness generator. |
2017-03-01 (lecture) | Block ciphers. AES (construction). Feistel networks. Provable security vs. best effort. | [video] |
2017-03-01 (practice) | Security proof: If G is PRG, then H(x,y):=G(x)||y is PRG. Insecurity of 3-round-Feistel. |
2017-03-08 (lecture) | Security notions of block ciphers: strong PRP.
Provable security & "best-effort security".
Security of encryption: IND-CPA. Modes of operation: ECB, CBC.
Insecurity of ECB. IND-CPA security of CBC (only claim). | [video] |
2017-03-08 (practice) | Security of AES with missing AddRoundKey/SubBytes/MixColumns/ShiftRows |
2017-03-15 (lecture) | Public key encryption. Textbook RSA. RSA-assumption. Weaknesses of textbook RSA. | [video] |
2017-03-15 (practice) | Malleability of CBC mode, "Crypto competition": Authenticated encryption |
2017-03-22 (lecture) | ElGamal. Decisional Diffie-Hellman (DDH) assumption.
IND-CPA (public-key). Security of ElGamal. | [video] |
2017-03-22 (practice) | Breaking 3RSA for small messages. RSA with N=pqr |
2017-03-29 (lecture) | Malleability of ElGamal. Definition IND-CCA. Hybrid Encryption.
Message authentication codes (MACs). Hash functions. Collision-resistance. | [video] |
2017-03-29 (practice) | Repetition: ElGamal |
2017-04-05 (lecture) | Iterated hash. Merkle-Damgård construction.
Insecurity of Merkle-Damgård as a MAC. HMAC. | [video] |
2017-04-05 (practice) | Insecurity of ElGamal mod p. Quadratic residues. |
2017-04-12 (lecture) | EF-CMA definition. MAC from block cipher/PRF.
Extending message space of MACs. CBC-MAC, DMAC, and their security.
Davies-Meyer. Miyaguchi-Preneel. Birthday attacks for hashes. | [video] |
2017-04-12 (practice) | Breaking Iterated Hash / Merkle-Damgård with various compression functions. |
2017-04-19 (lecture) | Signatures. EF-CMA. One-way functions. One-time signature construction. | [video] |
2017-04-19 (practice) | Two variants of EF-CMA. Constructing bad MACs secure under these variants. |
2017-04-26 (lecture) | Tree-based signatures (how to get signatures from one-time signatures).
Full-domain hash (FDH). | [video] |
2017-04-26 (practice) | Constructing a secure protocol for movie download using PKE and signatures. |
2017-05-03 (lecture) | Random oracle model/heuristic. EF-CMA in random oracle model. Security proof of FDH. | [video] |
2017-05-03 (practice) | Constructiong and security proof: One-way functions in the random oracle model. Unsoundness of random oracle heuristic. Insecurity of Lamport's one-time signature in twice-sign-scenario. |
2017-05-10 (lecture) | Symbolic cryptography. Needham-Schröder-(Lowe) protocols (NSL).
Modeling security of NSL symbolically. | [video] |
2017-05-10 (practice) | Repetition: PRFs, MACs and Random Oracle Heuristic. |
2017-05-17 (lecture) | Proving symbolic security of NSL. | [video] |
2017-05-17 (practice) | Merkle-Puzzles. |
2017-05-24 (lecture) | Quantum cryptography (short overview). | [video] |
2017-05-24 (practice) | Symbolic crypto analysis of "movie download" protocol |