2018-02-14 (lecture) | Historical ciphers. | [video] |
2018-02-14b (lecture) | Perfect secrecy. One-time pad. Security and limitations of OTP. | [video] |
2018-02-21 (lecture) | Stream ciphers (ctd.). IND-OT-CPA security. Pseudo-random generators (PRG). Security proof for G(k)⊕m encryption scheme. | [video] |
2018-02-21 (practice) | Breaking a substitution cipher. Malleability of one-time-pad (bank transfer). |
2018-03-01 (lecture) | Block ciphers. AES (construction). Feistel networks. Provable security vs. best effort. | [video] |
2018-03-01 (practice) | Security proof: If G is PRG, then H(x,y):=G(x)||y is PRG. Very short intro to linear feedback shift registers (LFSR). |
2018-03-07 (lecture) | Security notions of block ciphers: strong PRP.
Security of encryption: IND-CPA. Modes of operation: ECB, CBC.
Insecurity of ECB. IND-CPA security of CBC (only claim). | [video] |
2018-03-07 (practice) | Security of AES with missing AddRoundKey/SubBytes/MixColumns/ShiftRows |
2018-03-14 (lecture) | Public key encryption. Textbook RSA. RSA-assumption. Weaknesses of textbook RSA. | [video] |
2018-03-14 (practice) | Recap: linear functions. Malleability of CBC mode. "Crypto competition": Authenticated encryption. |
2018-03-21 (lecture) | ElGamal. Decisional Diffie-Hellman (DDH) assumption.
IND-CPA (public-key). Security of ElGamal. | [video] |
2018-03-21 (practice) | Breaking 3RSA for small messages. |
2018-03-28 (lecture) | Malleability of ElGamal. Definition IND-CCA. Hybrid Encryption.
Message authentication codes (MACs). Hash functions. Collision-resistance.
Iterated Hash. Collision-resistance and non-collision-resistance of Iterated Hash. | [video] |
2018-03-28 (practice) | Insecurity of ElGamal mod p. Quadratic residues. Breaking collision resistance for various compression functions. |
2018-04-04 (lecture) | Merkle-Damgård construction. EF-CMA definition.
Insecurity of Merkle-Damgård as a MAC.
CBC-MAC, DMAC, and their security.
MAC from block cipher/PRF.
Extending message space of MACs. | [video] |
2018-04-04 (practice) | Breaking Iterated Hash / Merkle-Damgård with various compression functions. Breaking sponge without padding. |
2018-04-11 (lecture) | Davies-Meyer. Miyaguchi-Preneel. Birthday attacks for hashes.
Signatures. EF-CMA. One-way functions. | [video] |
2018-04-11 (practice) | Two variants of EF-CMA. Constructing bad MACs secure under these variants. |
2018-04-18 (lecture) | One-time signature construction. EF-OT-CMA.
Tree-based signatures (how to get signatures from one-time signatures). | [video] |
2018-04-18 (practice) | Constructing a secure protocol for movie download using PKE and signatures. |
2018-04-25 (lecture) | Full-domain hash (FDH). Random oracle model/heuristic. EF-CMA in random oracle model. Security proof of FDH. | [video] |
2018-04-25 (practice) | Estimating length of tree based signatures. |
2018-05-02 (lecture) | Secure function evaluation. Yao's garbled circuits. Oblivious transfer (OT). | [video] |
2018-05-02 (practice) | Unsoundness of random oracle heuristic. Definition and security proof: One-way functions in the random oracle model. |
2018-05-09 (lecture) | Zero-knowledge proofs. | [video] |
2018-05-09 (practice) | Repetition OT and Yaos protocol. Different more active secure versions of Yaos protocol |
2018-05-16 (lecture) | Symbolic cryptography. Needham-Schröder-(Lowe) protocols (NSL).
Modeling and proving security of NSL symbolically. | [video] |
2018-05-16 (practice) | Schnorr's ZK protocol. |
2018-05-34 (practice) | Symbolic crypto analysis of "movie download" protocol |