Fall Quarter, 2007
Instructor: Stanislaw Jarecki
·
Class time: MW,
· Room: ICS 243
· Prerequisites: ICS 6A and ICS 161/261, also see below
· Textbook: Jonathan Katz, Yehuda Lindell,"Introduction to Modern Cryptography".
· Office hours: Tuesday and Thursday 10:3012. I'm also usually around most of the time, except lunch hour and 23 MWF when I teach ICS.6D, and you are welcome to stop by anytime. I always keep an open door and if I'm talking to someone I can interrupt and answer a quick question or at least arrange some other time you can stop by. You can also email me first at stasio@ics.uci.edu, or check if I'm in my office before you come, at extension x48878. I very much encourage you to use the office hours and ask me to explain things you don't understand.
Week 
Dates 
Homework 
Subjects 

Week 1 
Oct 1 

· Intro to Modern Cryptography · Classical Cryptosystems 
Chapter 1 (except section 1.3, which is optional) Chapter 2 (except section 2.4, which is optional) 
Week 2 
Oct 8 
· PrivateKey Encryption: Definition and its Implications 
Chapter 3, Sections 3.1 and 3.2. In Wednesday lecture we gave as one implication the hardness of predicting any particular bit of a random plaintext. This proof is in the textbook as a proof of Claim 3.10. 

Week 3 
Oct 15 

· Pseudorandom Number Generator · Encryption of FixedLength Messages · Stream Cipher 
Sections 3.3 and 3.4 
Week 4 
Oct 22 

· Chosen Plaintext / Ciphertext Security · Pseudorandom Functions · (Strong) Pseudorandom Permutations · Modes of Operation of a Block Cipher 
Sections 3.5  3.7, example of hybrid argument in the proof of proposition 3.22 
Week 5,6 
Oct 29 – Nov 5 

· Message Authentication Codes [MACs] · Collision Resistant Hash functions ·
Correct order of 
Chapter 4 
Week 7 
Nov 11 

· OneWay Functions ·
HardCore Bit of OWFs, OWF => 
Sections 6.1, 6.2, 6.4. Optionally Section 6.3. 
Week 8 
Nov 19 



Week 9 
Nov 26 



Week 10 
Dec 3 



This course is an introduction to modern cryptography and security for graduates and advanced undergraduates. The class will try to balance between the breadth of the coverage and an attempt to develop a general approach to the study of security issues. The first aim of the class is to introduce students to various cryptographic tools like symmetric and publickey encryption schemes, signature schemes, message authentication schemes, identification protocols, and others. The second and equally important aim of this class is to develop a "provablesecurity" paradigm of approaching any communication security problem. This paradigm consists of (1) understanding the security *goal* of any protocol, i.e. understanding what properties a protocol needs to achieve to be considered secure, and (2) designing a protocol together with a *proof* that the protocol achieves these properties under some wellunderstood computational hardness assumptions, for example under the assumption that it is computationally hard to factor large composite numbers.
The aim of the course is to introduce some fundamental cryptographic tools in such a way so that (1) you will be able to specify the security needs of the system you are designing and use existing cryptographic mechanisms in such a way so that your security needs are met, and (2) you will be able to develop new cryptographic mechanisms and protocols yourself.
To help further these goals, we'll end the class with conferencestyle presentations by the *graduate* students on some security/cryptography topic chosen by the student.
This class will not teach you all there is to know to make computers and networks secure. Cryptography is only one layer in the stack of engineering issues that need to be solved to make computers and networks secure. Computer security deals with lots of issues we will not touch on in the class, like buggy code, viruses, denial of service attacks, network monitoring techniques, preventing bad passwords, integrating various network services securely, and many more. This class will stay firmly on the layer of algorithms for the socalled "cryptographic primitives", i.e. the design of cryptographic tools like encryption, signatures, authentication. While some of these tools will be probably very useful in solving any of the realworld security issues above, we will not be analyzing any such systems in this class. On the other hand, we will often mention the realworld security issues like those listed above in motivating the security properties required of the cryptographic tools we will be designing.
Another note of warning is that in this class we will not concentrate on techniques used to design and analyze block ciphers (like DES or AES) and hash functions (like MD5 and SHA), although the class will offer you some insight into security of such constructions. We will focus instead on public key crypto, but we will spend a few lectures on private key algorithms too.
Problem sets are due at the beginning of the class. You are allowed to work on the homework problems together with other students, but you have to write down all solutions independently and acknowledge whom you worked with. You are allowed to consult other sources, such as textbooks, lecture notes for this or similar classes, research papers, etc, but you must clearly acknowledge any material you reference.
The formal prerequisites are ICS 6.A and ICS.161. However, what you really need in general is this:
More specifically, you need the following: