diff --git a/content/CSE4303/CSE4303_L7.md b/content/CSE4303/CSE4303_L7.md
index a317587..50ac310 100644
--- a/content/CSE4303/CSE4303_L7.md
+++ b/content/CSE4303/CSE4303_L7.md
@@ -1,6 +1,6 @@
 # CSE4303 Introduction to Computer Security (Lecture 7)
 
-## Cyptography in Symmetric Systems
+## Cryptography in Symmetric Systems
 
 ### Symmetric systems
 
@@ -13,53 +13,132 @@ Symmetric (shared-key) encryption
   - Stream ciphers
   - Block ciphers
 
-#### Stream ciphers
+## Stream ciphers
 
 1. Operate on PT one bit at a time (usually), as a bit "stream"
 2. Generate arbitrarily long keystream on demand
 
-Security abstraction:
+### Keystream
+
+Keystream $G(k)$ generated from key $k$.
+
+Encryption:
+$$
+E(k,m) = m \oplus G(k)
+$$
+
+Decryption:
+$$
+D(k,c) = c \oplus G(k)
+$$
+
+### Security abstraction
 
 1. XOR transfers randomness of keystream to randomness of CT regardless of PT’s content
-2. Security depends on G being “practically” indistinguishable from random string and “practically” unpredictable
+2. Security depends on $G$ being "practically" indistinguishable from random string and "practically" unpredictable
 3. Idea: shouldn’t be able to predict next bit of generator given all bits seen so far
 
-Keystream $G(k)$
+### Keystream $G(k)$
 
 - Idea: shouldn’t be able to predict next bit of generator given all bits seen so far
 - Strategies and challenges: many!
-- Idea that doesn’t quite work: Linear Feedback Shift Register (LFSR)
-  - Choice of feedback: by algebra
-  - Pro: fast, statistically close to random
-  - Problem: susceptible to cryptanalysis (b/c linear)
-  - LFSR-based
-- Modifications to basic LFSR:
-  - Use non-linear combo of multiple LFSRs
-  - Use controlled clocking (e.g. only cycle the LFSR when another LFSR outputs a 1)
-  - Etc.
-- Others: mod arithmetic-based, other algebraic constructions
 
-#### Block ciphers
+#### Idea that doesn’t quite work: Linear Feedback Shift Register (LFSR)
 
-1. Operate on PT one block at a time
-2. Use same key for multiple blocks (with caveats)
-3. Chaining modes intertwine successive blocks of CT (or not)
+- Choice of feedback: by algebra
+- Pro: fast, statistically close to random
+- Problem: susceptible to cryptanalysis (because linear)
 
-View cipher as a Pseudo-Random Permutation (PRP)
+#### LFSR-based modifications
 
-- PRP defined over $(K, X)$:
+- Use non-linear combo of multiple LFSRs
+- Use controlled clocking (e.g. only cycle the LFSR when another LFSR outputs a 1)
+- Etc.
 
+#### Others
+
+- Modular arithmetic-based constructions
+- Other algebraic constructions
+
+### Hazards
+
+1. Weak PRG
+2. Key re-use
+3. Predictable effect of modifying CT on decrypted PT
+
+#### Weak PRG
+
+- Makes semantic security impossible
+
+#### Key re-use
+
+Suppose:
 $$
-E: K \times X \to X
+c_1 = m_1 \oplus G(k)
+$$
+and
+$$
+c_2 = m_2 \oplus G(k)
 $$
 
-such that:
+Then:
+$$
+c_1 \oplus c_2 = m_1 \oplus m_2
+$$
 
-1. There exists an “efficient” deterministic algorithm to evaluate $E(k,x)$.
-2. The function $E( k, \cdot )$ is one-to-one.
-3. There exists an “efficient” inversion algorithm $D(k,y)$.
+This may be enough to recover $m_1$ or $m_2$ using natural language properties.
 
-- i.e. a PRF that is an invertible 1-to-1 mapping from message space to
-message space
+##### IV (Initialization Vector)
 
+Used to avoid key re-use:
 
+- IV incremented per frame
+- But repeats after $2^{24}$ frames
+- Sometimes resets to 0
+- Enough to recover key within minutes
+
+Note:
+
+- Happens if keystream period is too short
+- Real-world example: WEP attack (802.11b)
+
+#### Predictable modification of ciphertext
+
+If attacker modifies ciphertext by XORing $p$:
+
+Ciphertext becomes:
+$$
+(m \oplus k) \oplus p
+$$
+
+Decryption yields:
+$$
+m \oplus p
+$$
+
+- Affects integrity
+- Not CCA-secure for integrity
+
+### Summary: Stream ciphers
+
+Pros
+
+- Fast
+- Memory-efficient
+- No minimum PT size
+
+Cons
+
+- Require good PRG
+- Can never re-use key
+- No integrity mechanism
+
+Note
+
+- Integrity mechanisms exist for other symmetric ciphers (block ciphers)
+- "Authenticated encryption"
+
+Examples / Uses
+
+- RC4: legacy stream cipher (e.g. WEP)
+- ChaCha / Salsa: Android cell phone encryption (Adiantum)
diff --git a/content/CSE4303/CSE4303_L8.md b/content/CSE4303/CSE4303_L8.md
new file mode 100644
index 0000000..0491bd2
--- /dev/null
+++ b/content/CSE4303/CSE4303_L8.md
@@ -0,0 +1,320 @@
+# CSE4303 Introduction to Computer Security (Lecture 8)
+
+## Block ciphers
+
+1. Operate on PT one block at a time  
+2. Use same key for multiple blocks (with caveats)  
+3. Chaining modes intertwine successive blocks of CT (or not)  
+
+## Security abstraction
+
+View cipher as a Pseudo-Random Permutation (PRP)
+
+### Background: Pseudo-Random Function (PRF)
+
+Defined over $(K,X,Y)$:
+$$
+F : K \times X \to Y
+$$
+
+Such that there exists an efficient algorithm to evaluate $F(k,x)$.
+
+Let:
+
+- $\text{Funs}[X,Y]$ = set of all functions from $X$ to $Y$  
+- $S_F = \{ F(k,\cdot) \mid k \in K \}$  
+
+Intuition:
+
+A PRF is secure if a random function in $\text{Funs}[X,Y]$ is indistinguishable from a random function in $S_F$.
+
+Adversarial game:
+
+- Challenger samples $k \leftarrow K$  
+- Or samples $f \leftarrow \text{Funs}[X,Y]$  
+- Adversary queries oracle with $x \in X$  
+- Receives either $F(k,x)$ or $f(x)$  
+- Must distinguish  
+
+Goal: adversary’s advantage negligible  
+
+## PRP Definition
+
+Defined over $(K,X)$:
+$$
+E : K \times X \to X
+$$
+
+Such that:
+
+1. Efficient deterministic algorithm to evaluate $E(k,x)$  
+2. $E(k,\cdot)$ is one-to-one  
+3. Efficient inversion algorithm $D(k,y)$ exists  
+
+i.e., a PRF that is an invertible one-to-one mapping from message space to message space  
+
+## Secure PRP
+
+Let $\text{Perms}[X]$ be all permutations on $X$.
+
+Intuition:
+
+A PRP is secure if a random permutation in $\text{Perms}[X]$ is indistinguishable from a random element of:
+$$
+S_E = \{ E(k,\cdot) \mid k \in K \}
+$$
+
+Adversarial game:
+
+- Challenger samples $k \leftarrow K$  
+- Or $\pi \leftarrow \text{Perms}[X]$  
+- Adversary queries $x \in X$  
+- Receives either $E(k,x)$ or $\pi(x)$  
+- Must distinguish  
+
+Goal: negligible advantage  
+
+## Block cipher constructions
+
+### Feistel network
+
+Given:
+$$
+f_1, \dots, f_d : \{0,1\}^n \to \{0,1\}^n
+$$
+
+Build invertible function:
+$$
+F : \{0,1\}^{2n} \to \{0,1\}^{2n}
+$$
+
+Let input be split into $(L_0, R_0)$.
+
+Round $i$:
+$$
+L_i = R_{i-1}
+$$
+$$
+R_i = L_{i-1} \oplus f_i(R_{i-1})
+$$
+
+#### Invertibility
+
+$$
+R_{i-1} = L_i
+$$
+$$
+L_{i-1} = R_i \oplus f_i(L_i)
+$$
+
+Thus Feistel is invertible regardless of whether $f_i$ is invertible.
+
+### Luby–Rackoff Theorem (1985)
+
+If $f$ is a secure PRF, then 3-round Feistel is a secure PRP.
+
+### DES (Data Encryption Standard) — 1976
+
+- 16-round Feistel network  
+- 64-bit block size  
+- 56-bit key  
+- Round functions:
+$$
+f_i(x) = F(k_i, x)
+$$
+
+Round function uses:
+
+- S-box (substitution box) — non-linear  
+- P-box (permutation box)  
+
+To invert: use keys in reverse order.
+
+Problem: 56-bit keyspace too small today (brute-force feasible).
+
+### Substitution–Permutation Network (SPN)
+
+Rounds of:
+
+- Substitution (S-box layer)  
+- Permutation (P-layer)  
+- XOR with round key  
+
+All layers invertible.
+
+### AES (Advanced Encryption Standard) — 2000
+
+- 10 substitution-permutation rounds (128-bit key version)  
+- 128-bit block size  
+
+Each round includes:
+
+- ByteSub (1-byte S-box)  
+- ShiftRows  
+- MixColumns  
+- AddRoundKey  
+
+Key sizes:
+
+- 128-bit  
+- 192-bit  
+- 256-bit  
+
+Currently de facto standard symmetric-key cipher (e.g. TLS/SSL).
+
+## Block cipher modes
+
+### Challenge
+
+Encrypt PTs longer than one block using same key while maintaining security.
+
+### ECB (Electronic Codebook)
+
+Encrypt blocks independently:
+$$
+c_i = E(k, m_i)
+$$
+
+Problem:
+
+If $m_1 = m_2$, then:
+$$
+c_1 = c_2
+$$
+
+Not semantically secure.
+
+#### Formal non-security argument
+
+Two-block challenge:
+
+- Adversary submits:
+  - $m_0 = \text{"Hello World"}$  
+  - $m_1 = \text{"Hello Hello"}$  
+- If $c_1 = c_2$, output 0; else 1  
+
+Advantage = 1  
+
+### CPA model (Chosen Plaintext Attack)
+
+Attacker:
+
+- Sees many PT/CT pairs under same key  
+- Can submit arbitrary PTs  
+
+Definition:
+$$
+\text{Adv}_{CPA}[A,E] =
+\left|
+\Pr[\text{EXP}(0)=1] - \Pr[\text{EXP}(1)=1]
+\right|
+$$
+
+Must be negligible.
+
+ECB fails CPA security.
+
+### Moral
+
+If same secret key is used multiple times, given same PT twice, encryption must produce different CT outputs.
+
+## Secure block modes
+
+### Idea
+
+Augment key with:
+
+- Per-block nonce  
+- Or chaining data from prior blocks  
+
+### CBC (Cipher Block Chaining)
+
+$$
+c_1 = E(k, m_1 \oplus IV)
+$$
+$$
+c_i = E(k, m_i \oplus c_{i-1})
+$$
+
+IV must be random/unpredictable.
+
+### CFB (Cipher Feedback)
+
+Uses previous ciphertext as input feedback into block cipher.
+
+### OFB (Output Feedback)
+
+$$
+s_i = E(k, s_{i-1})
+$$
+$$
+c_i = m_i \oplus s_i
+$$
+
+Can pre-compute keystream.
+
+Acts like stream cipher.
+
+### CTR (Counter Mode)
+
+$$
+c_i = m_i \oplus E(k, \text{nonce} \| \text{counter}_i)
+$$
+
+Encryption and decryption parallelizable.
+
+Nonce must be unique.
+
+### GCM (Galois Counter Mode)
+
+- Most popular ("AES-GCM")  
+- Provides authenticated encryption  
+- Confidentiality + integrity  
+
+## Nonce-based semantic security
+
+Encryption:
+$$
+c = E(k, m, n)
+$$
+
+Adversarial experiment:
+
+- Challenger picks $k$  
+- Adversary submits $(m_{i,0}, m_{i,1})$ and nonce $n_i$  
+- Receives $c_i = E(k, m_{i,b}, n_i)$  
+- Nonces must be distinct  
+
+Definition:
+$$
+\text{Adv}_{nCPA}[A,E] =
+\left|
+\Pr[\text{EXP}(0)=1] - \Pr[\text{EXP}(1)=1]
+\right|
+$$
+
+In practice:
+
+- CBC: IV must be random  
+- CTR/GCM: nonce must be unique but not necessarily random  
+
+## Symmetric Encryption Summary
+
+### Stream Ciphers
+
+- Rely on secure PRG  
+- No key re-use  
+- Fast  
+- Low memory  
+- Less robust  
+- No built-in integrity  
+
+### Block Ciphers
+
+- Rely on secure PRP  
+- Allow key re-use across blocks (secure mode required)  
+- Provide authenticated encryption in some modes (e.g. GCM)  
+- Slower  
+- Higher memory  
+- More robust  
+- Used in most practical secure systems (e.g. TLS)  
diff --git a/content/CSE4303/CSE4303_L9.md b/content/CSE4303/CSE4303_L9.md
new file mode 100644
index 0000000..de9b373
--- /dev/null
+++ b/content/CSE4303/CSE4303_L9.md
@@ -0,0 +1 @@
+# CSE4303 Introduction to Computer Security (Lecture 9)
\ No newline at end of file
diff --git a/content/CSE4303/_meta.js b/content/CSE4303/_meta.js
index 4596509..f83001a 100644
--- a/content/CSE4303/_meta.js
+++ b/content/CSE4303/_meta.js
@@ -10,4 +10,6 @@ export default {
     CSE4303_L5: "Introduction to Computer Security (Lecture 5)",
     CSE4303_L6: "Introduction to Computer Security (Lecture 6)",
     CSE4303_L7: "Introduction to Computer Security (Lecture 7)",
+    CSE4303_L8: "Introduction to Computer Security (Lecture 8)",
+    CSE4303_L9: "Introduction to Computer Security (Lecture 9)",
 }