I have taught the following classes at Oregon State University: (OSU has a quarter system with three terms a year, each of which has 10 weeks + 1 finals week)
We (the students and I) wrote a short paper on the security properties of a verifiable random function called ECVRF: [ePrint]
(I am not sure why it was CS 529 in spring 2023 and CS 599 in winter 2025...)
We covered the area of Password-Authenticated Key Exchange (PAKE) in some depth. Slides are included below.
Lec 1: Review of Basic Cryptography [pptx]
Lec 2: PAKE Basics [pptx]
Lec 3: Game-Based Security Definition for PAKE [pptx]
Lec 4: Game-Based Security Definition for PAKE (cont'd) [pptx]
Lec 5: Ideal Functionality for PAKE [pptx]
Lec 6: Universal Composability [pptx]
Lec 7: UC-(In)Secure PAKE Protocols [pptx]
Lec 8-11: UC-Security of Encrypted Key Exchange [pdf] (I used a pdf handout for these four lectures because I had no idea how to show a UC proof on slides)
Lec 12: Variants of EKE [pptx]
Lec 13: Smooth Projective Hash Functions [pptx]
Lec 14: PAKE Based on SPHF [pptx]
Lec 15: PAKE Based on SPHF (cont'd) [pptx]
Lec 16: Asymmetric PAKE [pptx]
Lec 17: Asymmetric PAKE (cont'd) [pptx]
Lec 18: (s)aPAKE Protocols [pptx]
Lec 19: Review [pptx]
We covered algorithms for RSA and discrete logarithm (and related problems). Slides are included below.
Lec 1: Class Introduction and Elementary Number Theory [pptx]
Lec 2: RSA Basics [pptx]
Lec 3: Simple Attacks on RSA [pptx]
Lec 4: Lattice Basis Reduction and Finding Small Roots [pptx]
Lec 5: Lattice Method in RSA Cryptanalysis [pptx]
Lec 6: Small Private Exponent Attacks [pptx]
Lec 7: Partial Key Exposure Attacks [pptx]
Suggested Topics for Student Presentations [docx]
Lec 8: Cyclic Groups [pptx]
Lec 9: Algorithms for Discrete Logarithm (I): Baby Step/Giant Step, Pohlig-Hellman [pptx]
Lec 10: Algorithms for Discrete Logarithm (II): Pollard's Rho [pptx]
Lec 11: Algorithms for Discrete Logarithm (III): Pollard's Kangaroo [pptx]
Lec 12: Self-Correction for DL and CDH [pptx]
Lec 13: Jacobi Symbol and DDH Algorithms [pptx]
This is an undergraduate-level introductory course to cryptography. Slides for winter 2026 are included below.
The materials covered in this class are standard, but my presentation is somewhat unorthodox: I introduce hash functions first, then MAC schemes, and (symmetric) encryption schemes after that. I believe this is the "right" order that allows for a natural and gentle introduction of security definitions and security proofs. In particular, I carefully considered the following questions:
Where to do the first security proof (H(x) = h(x[2] || h(x[1])) is a collision-resistant hash function if h is: Lec 2)
Where to talk about the asymptotic setting (MAC security definition: Lec 5)
Where to introduce the concept of oracles (MAC oracle in MAC security definition: Lec 4)
Where to introduce indistinguishability (definition of PRF: Lec 6)
Where to introduce PRF (using PRF as a MAC scheme: Lec 6)
Where to introduce the XOR operation (k XOR m as an insecure MAC scheme: Lec 4)
How to introduce the concept of groups (only talk about cyclic groups, which are introduced by rewriting {1,2,3,4,5,6} as {1,3,2,6,4,5} = {1,3,9,27,81,243} mod 7: Lec 14)
Lec 1: Introduction and Preliminaries [pptx]
Lec 2: Hash Functions (I) [pptx]
Lec 3: Hash Functions (II) [pptx]
Lec 4: Message Authentication Codes (I) [pptx]
Lec 5: Message Authentication Codes (II) [pptx]
Lec 6: Message Authentication Codes (III) [pptx]
Lec 7: Message Authentication Codes (IV) [pptx]
Lec 8: Encryption Schemes (I) [pptx]
Lec 9: Encryption Schemes (II) [pptx]
Lec 10: Encryption Schemes (III) [pptx]
Lec 11: Encryption Schemes (IV) [pptx]
Lec 12: Encryption Schemes (V) [pptx]
Lec 13: Encryption Schemes (VI) [pptx]
Lec 14: Modular Arithmetic [pptx]
Lec 15: Key Exchange Protocols [pptx]
Lec 16: Public-Key Encryption Schemes (I) [pptx]
Lec 17: Public-Key Encryption Schemes (II) [pptx]
Lec 18: Public-Key Encryption Schemes (III) [pptx]
Lec 19: Public-Key Encryption Schemes (IV); Digital Signatures [pptx]
This course covers (part of) the Chomsky hierarchy, including finite state machines, regular expressions, context-free grammar, pushdown automata, and Turing machines.