The slide starting on PDF page 83 seems wrong? If I know (x, E_k(x)) for some x (or even without knowing them), then I can trivially compute (x', E_{k'}(x')) for k' and x' of my choosing.
Somewhat disappointing, since this slide is the only one in the presentation containing anything cryptographically "meaty".
I can trivially compute (x', E_{k'}(x')) for k' and x' of my choosing.
True, I oversimplified a bit. I was referring to situations where you don't know k' and x', e.g., x' = x and k' = k ^ \epsilon for some value \epsilon.
Not if E is ideal. The point is that an ideal block cipher is not vulnerable to related key attacks. It should be indistinguishable from a random permutation. Selected uniformly from S_n, where n is the cardinality of the key space.
Somewhat disappointing, since this slide is the only one in the presentation containing anything cryptographically "meaty".