1. CMSC 456 Introduction to Cryptography
Jonathan Katz

2. Overview of exam The exam is cumulative
More emphasis on material covered in the second half of the semester
Focus on understanding and application, less on being clever
Please read instructions, and describe attacks or constructions clearly and unambiguously

3. Chapter 1 Historical private-key encryption schemes
Why did we talk about these?
Modern cryptography
Definitions
Assumptions
Proofs

4. Chapter 2 Perfect secrecy The one-time pad
Limitations of perfect secrecy
Key as long as the message
Key can only be used once
No security against chosen-plaintext attacks
Need pre-shared key!

5. Chapter 3a Computational security Private-key encryption Definitions:
Indistinguishability in the presence of an eavesdropper
Multiple-message indistinguishability
CPA-security
CCA-security

6. Chapter 3b Primitives Encryption schemes Pseudorandom generators
Pseudorandom functions (block ciphers)
AES, 3DES, (DES)
Encryption schemes
“Pseudo one-time pad”
Deterministic encryption?
Basic CPA-secure encryption scheme
Modes of encryption

7. Chapter 4a Message authentication codes, defining security
Collision-resistant hash functions
SHA-1
Birthday attacks (other applications?)
Constructions
Basic construction for short messages
HMAC
CBC-MAC

8. Chapter 4b Privacy + message authentication, CCA-security
Encrypt-then-authenticate
Why are the other alternatives problematic?

9. Chapter 5 Definition of pseudorandomness…
Concrete security requirements
Substitution-permutation networks
Attacks on reduced-round SPNs
AES
Feistel networks
Attacks on reduced-round Feistel networks
DES
Increasing key length
3DES
Meet-in-the-middle attacks

10. Chapter 7 Modular arithmetic, group theory, cyclic groups, generators
ZN, Z*N, (N)
Generating random primes
Factoring assumption, RSA assumption, discrete logarithm assumption, Diffie-Hellman assumptions
One-way functions, examples

11. Chapter 9 What are the limitations of private-key crypto?
Why did we bother studying private-key crypto at all?
Key exchange
Definition of security
Diffie-Hellman key exchange

12. Chapter 10a Public-key encryption Definitions Hybrid encryption
Indistinguishability = CPA-security
Deterministic encryption?
CCA-security
Why important
Hybrid encryption

13. Chapter 10b RSA encryption El Gamal encryption Textbook RSA Padded RSA
Why is it insecure?
Padded RSA
El Gamal encryption
What assumption is it based on?

14. Chapter 12a Digital signatures Definition of security RSA signatures
Advantages relative to MACs?
Definition of security
RSA signatures
Textbook RSA
Why is it insecure?
Hashed RSA

15. Chapter 12b Hash-and-sign 1-time signatures, Lamport’s scheme
PKI, certificates

16. The real world Pseudorandom functions (block ciphers)
AES, 3DES
Collision-resistant hash function
SHA-1, others (NIST competition)
Private-key encryption
E.g., CBC mode, others for CPA-security
Encrypt-then-authenticate for CCA-security
Message authentication codes
HMAC, CBC-MAC, others

17. The real world Key exchange Public-key encryption Signature schemes
(Authenticated) Diffie-Hellman
Public-key encryption
(Variants of) padded RSA
El Gamal encryption
CCA-secure schemes
Signature schemes
(Variants of) hashed RSA
DSS (we did not cover)