2019-02-13 (lecture) | Historical ciphers. Perfect secrecy. One-time pad. | [video] |
2019-02-20 (practice) | Breaking a substitution cipher. Malleability of one-time-pad (bank transfer). |
2019-02-27 (lecture) | Limitations of one-time-pad/perfect security. Streamciphers. IND-OT-CPA security. | [video] |
2019-02-27 (practice) | Brief introduction to PRGs. Security proof: If G is PRG, then H(x,y):=G(x)||y is PRG. Very short intro to linear feedback shift registers (LFSR). |
2019-03-06 (lecture) | Pseudo-random generators (PRG). Security proof for G(k)⊕m encryption scheme. Blockciphers. AES (started). | [video] |
2019-03-06 (practice) | Game-based security of one-time pad. |
2019-03-13 (lecture) | AES (continued). Feistel networks. Definition: strong pseudorandom permutation (PRP). | [video] |
2019-03-13 (practice) | Security of AES with missing AddRoundKey/SubBytes/MixColumns/ShiftRows. Insecurity of 1-round, 2-round and 3-round-Feistel. |
2019-03-20 (lecture) | Definition IND-CPA. ECB mode (and its weakness). CBC mode. IND-CPA security of CBC. | [video] |
2019-03-20 (practice) | Malleability of CBC mode. Recap: Strong PRP. 3-round-Feistel is not strong PRP. |
2019-03-27 (lecture) | Public key encryption. Textbook RSA. RSA assumption. Weaknesses of textbook RSA. | [video] |
2019-03-27 (practice) | Crypto competition: authenticated encryption |
2019-04-03 (lecture) | ElGamal encryption. Decisional Diffie-Hellman (DDH) assumption. IND-CPA security (public key case). ElGamal is IND-CPA secure. | [video] |
2019-04-03 (practice) | (In)security of small variants of RSA |
2019-04-10 (lecture) | Malleability of ElGamal. IND-CCA security. RSA-OAEP. Hybrid encryption. |
2019-04-10 (practice) | Insecurity of ElGamal modulo prime. |
2019-04-17 (lecture) | Hash functions. Collision-resistance. Davies-Meyer. Miyaguchi-Preneel. Iterated Hash. Collision-resistance and non-collision-resistance of Iterated Hash.
Merkle-Damgård construction. Message authentication codes (MACs). Insecurity of Merkle-Damgård as a MAC. | [video] |
2019-04-17 (practice) | Breaking collision resistance for various compression functions. Breaking sponge without padding. |
2019-04-24 (lecture) | Constructions of MACs (secure/insecure): HMAC, CBC-MAC, DMAC, blockcipher as MAC, message length extension using hash functions. EF-CMA security. Birthday attack on hash functions. | [video] |
2019-04-24 (practice) | Variants of EF-CMA (EF-NMA, EF-OT-CMA). Building information-theoretically secure EF-OT-CMA MACs |
2019-05-08 (lecture) | Signatures. EF-CMA security (for signatures).
Naive construction of signatures. One-way functions.
Lamport's one-time signatures | [video] |
2019-05-08 (practice) | Design of a movie download protocol |
2019-05-15 (lecture) | Tree-based signatures (how to get signatures from one-time signatures). | [video] |
2019-05-15 (practice) | Insecurity of Lamport's one-time signature in twice-sign-scenario.
Estimating length of tree based signatures. |
2019-05-22 (lecture) | Unsoundness of random oracle heuristic. Definition and security proof: One-way functions in the random oracle model. |