Missing presenter/opponent names means that the corresponding position is still open. (In such cases, the concrete topic might be relocated to a different date.) Missing topic names means that the course has not yet been planned to this far in such a level of details. In preparing your own survey, please use Petteri's .tex file as a formatting example. (See here for the outcomes of T79-511 the last semester.)

During this semester, we will cover the next topics:

• PRP, PRF: definitions
• PRP to PRF and PRF to PRP conversions: different methods
• Security of block cipher modes
• Authenticated encryption modes

A few links that aim to relevant papers are: http://www.adastral.ucl.ac.uk/~helger/crypto/link/block/theory.html (first few lectures), http://www.adastral.ucl.ac.uk/~helger/crypto/link/block/modes.html (AONT, authenticated encryption, middle and last lectures), http://www.adastral.ucl.ac.uk/~helger/crypto/link/block/estonian_ws.html (last lectures), http://www.adastral.ucl.ac.uk/~helger/crypto/link/hash/ (see: block cipher to hash function conversions, UOHWFs), http://www.adastral.ucl.ac.uk/~helger/crypto/link/hash/mac.html and some others. A good but slightly outdated survey is ``Practice-oriented provable-security'' by Mihir Bellare. The homepages of Mihir Bellare and Phillip Rogaway (see OCB, UMAC, PMAC) contain more relevant information.

For a related course see 6.875/18.425: Cryptography and Cryptanalysis Lecture notes (MIT).

Preliminary schedule follows. Exact publications etc will be changed.

Date	Subject	Materials	Presenter	Opponent	Suggested reading
22.01.2002	Course introduction. Giving the assignments
	Introduction to PRP & PRF		Helger Lipmaa		(Bellare-Goldwasser lecture notes)
05.02.2002	OWP to PRG and PRG to PRF constructions	.ps.gz	Jan-Erik Ekberg	Johan Wallén	(..., [GGM])
	Special assignment: Oleg Mürk, ``Optimal Distinguisher of Random Functions and Random Permutations'', .ps
12.02.2002	PRF to PRP construction		Johan Wallén	Petteri Kaski	The original Luby-Rackoff paper, On the Construction of Pseudo-Random Permutations: Luby-Rackoff Revisited (Naor, Reingold), block ciphers Bear and Lion, Two papers by Ramzan et al.
19.02.2002	PRF to PRP construction, II		Petteri Kaski	Jan-Erik Ekberg
26.02.2002	PRP to PRF constructions, I	.ps.gz	Oleg Mürk	Alexey Vyskubov	(Bellare-Krovetz-Rogaway)
05.03.2002	No lecture
12.03.2002	No lecture
19.03.2002	PRP to PRF constructions, II	.ps.gz	Lauri Tarkkala	Oleg Mürk (.ps.gz)	(Bellare-Impagliazzo, Lucks)
09.04.2002	Security of block cipher modes: security notions		Alexey Vyskubov	Lauri Tarkkala	(Bellare-Desai-Jokipii-Rogaway)
	Security of block cipher modes: concrete modes		Johan Wallén	?
09.04.2002	All-or-Nothing Transforms				PhD thesis of Dodis
16.04.2002	Block cipher to hash function conversions				(Knudsen-Lai-Preneel, Knudsen-Preneel)
23.04.2002	UOHWF. Square Hash				See http://www.adastral.ucl.ac.uk/~helger/crypto/link/hash/
??.??.2002	Authenticated Encryption				The OCB paper by Rogaway

The choice of the topics is to be specified. If you have a topic yourself, please let me know.

Useful literature:

• Shafi Goldwasser, Mihir Bellare, Lecture Notes on Cryptography (online lecture notes, taught at the MIT. See notions like PRP/PRF etc).
• Oded Goldreich, ``Foundation of Cryptology Basic Tools v.1'', Cambridge University Press, 2001. ISBN: 0521791723 [online information, see Ch. 4] /* Excellent background book though it does not cover the 'practice-oriented' approach */

Latest update: January 14, 2001 by helgertcs.hut.fi