|Jan 28th||Introduction. Perfect security. One-time pad. Shannon's theorem: Secret key must be long.
Relaxing perfect secrecy: stream ciphers and pseudo-random generators.
|Ch 2 and 3 of [BS], Ch 1 and 2 of [KL]|
|Feb 4th||Pseudo-random generetors. Security of a PRG. Unpredictability of a PRG. Equivalence between security and unpredictability.
Semantic security for ciphers (for one-time key and chosen plaintext)
|Ch 2 and 3 of [BS], Ch 3 of [KL]|
|Feb 11th||Semantic security for stream ciphers. Pseudo-random functions, construction from PRG. Block ciphers (or PRPs). Brief overview of DES and AES. Encryption with block cipher (deterministic counter mode).||Ch 4 of [BS]|
|Feb 25th||CPA security. Randomized countermode is CPA secure. Message authentication codes.||Ch 5 and 6 of [BS]|
|Mar 4th||Message authentication codes from PRF. Signing longer messages with CBC-MAC. Authenticated encryption.||Ch 6 and 9 of [BS]|
|Mar 11th||Midterm, finished authenticated encryption: encrypt-then-mac. Started hash functions.||Ch 9 and 8 of [BS]|
|Mar 20th||Collision-resistant hash function. Hash-then-MAC. Merkle-Damgard construction. Started public key encryption: discussed key establishment with trusted third party.||Ch 8 of [BS]|
|Mar 25th||Key exchange using Merkle puzzles. Diffie-Hellman. Public-key encryption: definition and ElGamal.||Ch 10 and 11 of [BS]|
|Apr 1st||CCA public-key encryption. Introducing the random oracle model and a simple proof in the model.||Ch 8 and 11 of [BS]||Apr 8th||One-way trapdoor permutations. Construction based on RSA. CCA public key encryption using trapdoor permutations and security in ROM. Digital signatures, construction using trapdoor permutations.||Ch 12 and 13 of [BS]|