- Lectures
- Omar Fawzi
- Mondays 13:30 to 15:30
- Amphi B

- Tutorials
- Dewi Sintiari
- Wednesdays 13:30 to 15:30

- [BS] A Graduate Course on Applied Cryptography
- [KL] Introduction to Modern Cryptography
- [Gal] Mathematics of Public Key Cryptography for the mathematics behind the hard problems we will use in part of the course

- A final exam
- One midterm exam
- Two homeworks

Date | Topic | References |

Jan 28th | Introduction. Perfect security. One-time pad. Shannon's theorem: Secret key must be long. Relaxing perfect secrecy: stream ciphers and pseudo-random generators. |
Ch 2 and 3 of [BS], Ch 1 and 2 of [KL] |

Feb 4th | Pseudo-random generetors. Security of a PRG. Unpredictability of a PRG. Equivalence between security and unpredictability. Semantic security for ciphers (for one-time key and chosen plaintext) |
Ch 2 and 3 of [BS], Ch 3 of [KL] |

Feb 11th | Semantic security for stream ciphers. Pseudo-random functions, construction from PRG. Block ciphers (or PRPs). Brief overview of DES and AES. Encryption with block cipher (deterministic counter mode). | Ch 4 of [BS] |

Feb 25th | CPA security. Randomized countermode is CPA secure. Message authentication codes. | Ch 5 and 6 of [BS] |

Mar 4th | Message authentication codes from PRF. Signing longer messages with CBC-MAC. Authenticated encryption. | Ch 6 and 9 of [BS] |

Mar 11th | Midterm, finished authenticated encryption: encrypt-then-mac. Started hash functions. | Ch 9 and 8 of [BS] |

Mar 20th | Collision-resistant hash function. Hash-then-MAC. Merkle-Damgard construction. Started public key encryption: discussed key establishment with trusted third party. | Ch 8 of [BS] |

Mar 25th | Key exchange using Merkle puzzles. Diffie-Hellman. Public-key encryption: definition and ElGamal. | Ch 10 and 11 of [BS] |

Apr 1st | CCA public-key encryption. Introducing the random oracle model and a simple proof in the model. | Ch 8 and 11 of [BS] |

Apr 8th | One-way trapdoor permutations. Construction based on RSA. CCA public key encryption using trapdoor permutations and security in ROM. Digital signatures, construction using trapdoor permutations. | Ch 12 and 13 of [BS] |