Lecture plan and notes
This is only the tentative plan and it will be changed through the semester. Those in grey are mostly copied from the previous lecture and they are subject to change. Contents for the current week are colored in blue.
TEXTBOOK: Notes of Boneh and Shoup (denoted by BS). Our lectures closely follow BS.
SYM, DH, PKE, SHOR and SIG refer to much older lecture notes which we rarely use. HAC is the "Handbook of Applied Cryptography". NTA is "A Computational Introduction to Number Theory and Algebra".
Highly recommend to check the detailed summary of our lectures in each week here.
| Week | Topic | Key themes and references in the textbook | Classroom notes | Remarks |
|---|---|---|---|---|
| 34 | Introduction. One-time Pad. | Admin. Introduction to Crypto. Classical ciphers (SYM 3.1-3). One-time pad and perfect security (BS 2.1). | Mon., Wed. | The only time we use the note of 2019. We won't use it anymore this semester. |
| 35 | Stream ciphers. | Computational security and useful terms (BS 2.2, 2.3), Stream ciphers and pseudo-random generators (BS 3) | Mon., Wed. | |
| 36 | Stream ciphers (cont.). Block ciphers. | Stream ciphers (BS 3). Block ciphers (BS 4.1, 4.2). CPA security (BS 5.3) Modes of operations (BS 4.1.4, and 5.4.2, 5.4.3). | Mon., Wed. | |
| 37 | CPA security (cont.). Message authentication | CPA security from PRF + semantic security (BS 5.4), Message authentication (BS 6.1-6.3) | Mon., Wed. | Starting from this week, we will use whiteboard presentation. |
| 38 | Hash. Authenticated encryption. | Hash functions (BS 8.1, 8.3, 8.11.1). MAC from hash functions (BS 8.2). Merkel-Damgård. (BS 8.4). Davies-Meyer compression functions* (BS 8.5). Sponge Constructions* (SHA-3, BS 8.8). Authenticated encryption (BS 9.1, 9.4) | Mon., Wed. | Contents with * are not required for the final exam. |
| 39 | Authenticated encryption (cont.). | AE's security (BS 9.1). CCA security (BS 9.2). How to construct AE (BS 9.4, very briefly). | Mon., | We have no Wednesday lecture this week. |
| 40 | Computational number theory. Key exchange. | Basic number theory (BS A). Primality testing (Fermat's test). | Mon., Wed. | Wiki for Fermat primality test. |
| 41 | Discrete Logarithms. Public-key Encryption (I) | Diffie-Hellman and the related assumptions (BS 10.4, 10.5). Public-key encryption: Motivation (BS 11.1), and Definitions (BS 11.2, 11.3) | Mon., Wed. | DLog records. |
| 42 | Public-key encryption (II). | ElGamal (BS11.5). Tight CPA security of ElGamal | Mon., Wed. | |
| 43 | PKE (III). | Hashed ElGamal and CCA security (BS 12.4, 12.1, 12.2). Factoring and RSA (BS 10.3, 10.6.2) | Mon., Wed. | |
| 44 | PKE (IV). Digital signature (I) | RSA-based PKE. Digital signature. (BS 13.1). RSA full domain hash (BS 13.3-13.4) | Mon., Wed. | |
| 45 | Digital signature (II). Summary. | Schnorr's signature (Not in our textbook, but with my notes it should be fine.) | Mon., Wed. | We will have the summary lecture earlier, because the PQC is not included in the exam. We view the PQC as the lecture about current research topic. |
| 46 | Post-quantum Crypto* | McEliece's and Regev's PKE schemes. | Mon. and Wed. | For those interested in lattice-based crypto, feel free to talk to me and there are a nice survey and many talks from Chris Peikert. Some of slides are borrowed from Tanja Lange, Thijs Laarhoven, and Chris Peikert. |
Contents with * are not required for the final exam.