|2017-02-15 (lecture)||Classical ciphers.||[video]|
|2017-02-15b (lecture)||Perfect secrecy. One-time pad. Security and limitations of OTP.
Streamciphers (basic construction). LFSR.||[video]|
|2017-02-22 (lecture)||Stream ciphers (ctd.). IND-OT-CPA security. Pseudo-random generators (PRG). Security proof for stream ciphers.||[video]|
|2017-02-22 (practice)||Breaking a substitution cipher. Malleability of one-time-pad (bank transfer). Attacking the linear congruence randomness generator.|
|2017-03-01 (lecture)||Block ciphers. AES (construction). Feistel networks. Provable security vs. best effort.||[video]|
|2017-03-01 (practice)||Security proof: If G is PRG, then H(x,y):=G(x)||y is PRG. Insecurity of 3-round-Feistel.|
|2017-03-08 (lecture)||Security notions of block ciphers: strong PRP.
Provable security & "best-effort security".
Security of encryption: IND-CPA. Modes of operation: ECB, CBC.
Insecurity of ECB. IND-CPA security of CBC (only claim).||[video]|
|2017-03-08 (practice)||Security of AES with missing AddRoundKey/SubBytes/MixColumns/ShiftRows|
|2017-03-15 (lecture)||Public key encryption. Textbook RSA. RSA-assumption. Weaknesses of textbook RSA.||[video]|
|2017-03-15 (practice)||Malleability of CBC mode, "Crypto competition": Authenticated encryption|
|2017-03-22 (lecture)||ElGamal. Decisional Diffie-Hellman (DDH) assumption.
IND-CPA (public-key). Security of ElGamal.||[video]|
|2017-03-22 (practice)||Breaking 3RSA for small messages. RSA with N=pqr|
|2017-03-29 (lecture)||Malleability of ElGamal. Definition IND-CCA. Hybrid Encryption.
Message authentication codes (MACs). Hash functions. Collision-resistance.||[video]|
|2017-03-29 (practice)||Repetition: ElGamal|
|2017-04-05 (lecture)||Iterated hash. Merkle-Damgård construction.
Insecurity of Merkle-Damgård as a MAC. HMAC.||[video]|
|2017-04-05 (practice)||Insecurity of ElGamal mod p. Quadratic residues.|
|2017-04-12 (lecture)||EF-CMA definition. MAC from block cipher/PRF.
Extending message space of MACs. CBC-MAC, DMAC, and their security.
Davies-Meyer. Miyaguchi-Preneel. Birthday attacks for hashes.||[video]|
|2017-04-12 (practice)||Breaking Iterated Hash / Merkle-Damgård with various compression functions.|
|2017-04-19 (lecture)||Signatures. EF-CMA. One-way functions. One-time signature construction.||[video]|
|2017-04-19 (practice)||Two variants of EF-CMA. Constructing bad MACs secure under these variants.|
|2017-04-26 (lecture)||Tree-based signatures (how to get signatures from one-time signatures).
Full-domain hash (FDH).||[video]|
|2017-04-26 (practice)||Constructing a secure protocol for movie download using PKE and signatures.|
|2017-05-03 (lecture)||Random oracle model/heuristic. EF-CMA in random oracle model. Security proof of FDH.||[video]|
|2017-05-03 (practice)||Constructiong and security proof: One-way functions in the random oracle model. Unsoundness of random oracle heuristic. Insecurity of Lamport's one-time signature in twice-sign-scenario.|
|2017-05-10 (lecture)||Symbolic cryptography. Needham-Schröder-(Lowe) protocols (NSL).
Modeling security of NSL symbolically.||[video]|
|2017-05-10 (practice)||Repetition: PRFs, MACs and Random Oracle Heuristic.|
|2017-05-17 (lecture)||Proving symbolic security of NSL.||[video]|
|2017-05-24 (lecture)||Quantum cryptography (short overview).||[video]|
|2017-05-24 (practice)||Symbolic crypto analysis of "movie download" protocol|