For each lecture, we'll post slides, an outline of the content, a recording, and supplemental reading. Slides will be up before lecture (but not necessarily at 9:00am); we post slides with all animations (good for following along exactly) and with limited animations (good for studying/taking notes on). The outline and recording will be posted after lecture (but not necessarily at 3:00pm; likely the next day or so). You can do the supplemental reading before or after lecture; whatever works best for you.

• Slides: all animations, limited animations
• Outline
• Recording
• Supplemental Reading: Textbook §11.3-11.5

After this lecture, at a minimum, you should be able to do the following:

• Given a protocol that combines encryption, MACs, and signutures, decide whether it provides confidentiality and/or integrity, and whether it's secure against replay and reflection attacks. Problem 9 from the 2017 exam (below) is a good example of such a problem.
  • You do not need to understand the math behind encrypt/decrypt, MAC, or sign/verify. We will only ask you about schemes that use these functions as building blocks. You should understand the properties they provide and how they are properly used in a secure channel, but you do not need to understand, e.g., the mathematical reasons that encryption provides confidentiality but not integrity.
• Given p and g, perform Diffie-Hellman key exchange between two parties.
• Explain the attack on Diffie-Hellman key exchange.
• Explain how to use public-key cryptography to verify the identity of users, including how certificates are created and distributed.
• You do not need to understand the details of the TLS handshake, although you should recognize familiar elements within it (sequence numbers, keys, etc.)

Practice problems

• 2019, Problem 9 (Solutions)
• 2018, Problem 15 (Solutions)
• 2017, Problem 9, 10 (Solutions)
• 2016, Problem 16 (Solutions)
• 2015, Problems 16 (Solutions)