https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/

Online Cryptography Course

Logo

Instructor:   Dan Boneh, Stanford University

Online cryptography course preview: This page contains all the
lectures in the free cryptography course. To officially take the
course, including homeworks, projects, and final exam, please visit
the course page at Coursera.

Go to course

Textbook: The following is a free textbook for the course. The book
goes into more depth, including security proofs, and many exercises.

  * A Graduate Course in Applied Cryptography by D. Boneh and V.
    Shoup   (free)

Course syllabus, videos, and slides

Week 1: Course overview and stream ciphers (chapters 2-3 in the
textbook)
Slides for week 1:
Introduction:   pdf   pptx
Stream ciphers:   pdf   pptx
What is cryptography?

  *   Course overview (10 min.)
  *   What is cryptography (15 min.)
  *   History of cryptography (18 min.)

Crash course in discrete probability

  *   Discrete probability (crash course) (18 min.)
  *   Discrete probability (crash course, continued) (13 min.)

Stream Ciphers 1: the one-time pad and stream ciphers

  *   Information theoretic security and the one-time pad (18 min.)
  *   Stream ciphers and pseudorandom generators (19 min.)

Stream Ciphers 2: attacks and common mistakes

  *   Attacks on stream ciphers and the one-time pad (23 min.)

Stream Ciphers 3: real-world examples

  *   Real-world stream ciphers (19 min.)

Stream Ciphers 4: what is a secure cipher?

  *   PRG security definition (24 min.)
  *   Semantic security (15 min.)
  *   Stream ciphers are semantically secure (10 min.)

Week 2: Block ciphers (chapters 4-5 in the textbook)
Slides for week 2:
Block ciphers:   pdf   pptx
Using block ciphers:   pdf   pptx
Block Ciphers 1: overview

  *   What are block ciphers (16 min.)

Block Ciphers 2: The Data Encryption Standard

  *   The Data Encryption Standard (DES) (21 min.)
  *   Exhaustive search attacks (19 min.)
  *   More attacks on block ciphers (16 min.)

Block Ciphers 3: AES and other constructions

  *   The AES block cipher (13 min.)
  *   Block ciphers from PRGs (11 min.)

How to Use Block Ciphers 1: one-time key

  *   Review: PRPs and PRFs (11 min.)
  *   Modes of operation: one-time key (7 min.)

How to Use Block Ciphers 2: many-time key

  *   Security for many-time key (CPA security) (22 min.)
  *   Modes of operation: many-time key (CBC) (16 min.)
  *   Modes of operation: many-time key (CTR) (9 min.)

Week 3: Message integrity (chapters 6-8 in the textbook)
Slides for week 3:
Message integrity:   pdf   pptx
Collision resistant hashing:   pdf   pptx
Message Integrity 1: definitions

  *   Message authentication codes (15 min.)
  *   MACs based on PRFs (9 min.)

Message Integrity 2: constructions

  *   CBC-MAC and NMAC (19 min.)
  *   MAC padding (8 min.)
  *   PMAC and Carter-Wegman MAC (15 min.)

Collision Resistance 1: what is a collision resistant function?

  *   Introduction (10 min.)
  *   Generic birthday attack (14 min.)

Collision Resistance 2: constructions

  *   The Merkle-Damgard paradigm (11 min.)
  *   Constructing compression functions (8 min.)

HMAC: a MAC from a hash function

  *   HMAC (7 min.)
  *   Timing attacks on MAC verification (8 min.)

Week 4: Authenticated encryption (chapter 9 in the textbook)
Slides for week 4:
Authenticated encryption:   pdf   pptx
Odds and ends:   pdf   pptx
Authenticated Encryption 1: why is it so important?

  *   Active attacks on CPA-secure encryption (12 min.)
  *   Definitions (5 min.)
  *   Chosen ciphertext attacks (12 min.)

Authenticated Encryption 2: standard constructions

  *   Constructions from ciphers and MACs (20 min.)

Authenticated Encryption 3: pitfalls

  *   Case study: TLS 1.2 (17 min.)
  *   CBC padding attacks (14 min.)
  *   Attacking non-atomic decryption (9 min.)

Odds and Ends 1: how to derive keys

  *   Key derivation (13 min.)

Odds and Ends 2: searching on encrypted data

  *   Deterministic encryption (14 min.)
  *   Deterministic encryption: SIV and wide PRP (20 min.)

Odds and Ends 3: disk encryption and creditcard encryption

  *   Tweakable encryption (14 min.)
  *   Format preserving encryption (12 min.)

Week 5: Basic key exchange (chapter 10 in the textbook)
Slides for week 5:
Basic key exchange:   pdf   pptx
Crash course in number theory:   pdf   pptx
Basic Key Exchange 1: problem statement

  *   Trusted 3rd parties (11 min.)
  *   Merkle puzzles (11 min.)

Basic Key Exchange 2: two solutions

  *   The Diffie-Hellman protocol (19 min.)
  *   Public-key encryption (10 min.)

Number Theory 1: modular arithmetic

  *   Notation (14 min.)
  *   Fermat and Euler (18 min.)
  *   Modular e'th roots (17 min.)

Number Theory 2: easy and hard problems

  *   Arithmetic algorithms (12 min.)
  *   Intractable problems (18 min.)

Week 6: Public-key encryption (chapters 11-12 in the textbook)
Slides for week 6:
Trapdoor permutation:   pdf   pptx
Diffie-Hellman:   pdf   pptx
Public Key Encryption from Trapdoor Permutations

  *   Definitions and security (15 min.)
  *   Constructions (10 min.)

Public Key Encryption from Trapdoor Permutations: RSA

  *   The RSA trapdoor permutation (17 min.)
  *   PKCS1 (21 min.)

Public Key Encryption from Trapdoor Permutations: attacks

  *   Is RSA a one-way function? (16 min.)
  *   RSA in practice (13 min.)

Public Key Encryption From Diffie-Hellman: ElGamal

  *   The ElGamal public-key system (19 min.)
  *   ElGamal security (13 min.)
  *   ElGamal variants with better security (10 min.)

Public Key Encryption: summary

  *   A unifying theme (11 min.)
  *   Farwell for now (5 min.)

Week 7: Digital signatures (chapters 13-14 in the textbook)
Slides for week 7:
Digital signatures:   pdf   pptx
Hash-based signatures:   pdf   pptx
(c) Dan Boneh, Stanford University