Cryptography and Security

Winter 2019 at ENS Lyon

General information

This course is an introduction to modern cryptography.


For some online resources on probability (for computer science), you can look at these notes.


The grading scheme will take into account


Date Topic References
Jan 28th Introduction. Perfect security. One-time pad. Shannon's theorem: Secret key must be long.
Relaxing perfect secrecy: stream ciphers and pseudo-random generators.
Ch 2 and 3 of [BS], Ch 1 and 2 of [KL]
Feb 4th Pseudo-random generetors. Security of a PRG. Unpredictability of a PRG. Equivalence between security and unpredictability.
Semantic security for ciphers (for one-time key and chosen plaintext)
Ch 2 and 3 of [BS], Ch 3 of [KL]
Feb 11th Semantic security for stream ciphers. Pseudo-random functions, construction from PRG. Block ciphers (or PRPs). Brief overview of DES and AES. Encryption with block cipher (deterministic counter mode). Ch 4 of [BS]
Feb 25th CPA security. Randomized countermode is CPA secure. Message authentication codes. Ch 5 and 6 of [BS]
Mar 4th Message authentication codes from PRF. Signing longer messages with CBC-MAC. Authenticated encryption. Ch 6 and 9 of [BS]
Mar 11th Midterm, finished authenticated encryption: encrypt-then-mac. Started hash functions. Ch 9 and 8 of [BS]
Mar 20th Collision-resistant hash function. Hash-then-MAC. Merkle-Damgard construction. Started public key encryption: discussed key establishment with trusted third party. Ch 8 of [BS]
Mar 25th Key exchange using Merkle puzzles. Diffie-Hellman. Public-key encryption: definition and ElGamal. Ch 10 and 11 of [BS]
Apr 1st CCA public-key encryption. Introducing the random oracle model and a simple proof in the model. Ch 8 and 11 of [BS]
Apr 8th One-way trapdoor permutations. Construction based on RSA. CCA public key encryption using trapdoor permutations and security in ROM. Digital signatures, construction using trapdoor permutations. Ch 12 and 13 of [BS]