CS 152 Introduction to cryptography

Term: Fall 2021 Lectures: TT 10:30-12, 204 ANB
Instructor: Thomas Vidick
Office Hours: Tuesday 5:30-6:30pm, 207 ANB
TAs: Hanna X. Chen and Junxuan (Helen) Shen. OH: Wednesdays 8-9pm 106 ANB (Hannah) and Thursday 4-5pm 104 ANB (Helen).

Course description

Cryptography is the art, or science, of secret communication. But what is secret communication? How can it be achieved? What mathematical assumptions underlie security? This course will cover the foundations of modern cryptography, including one-way functions, pseudo-random generators, cryptographic hash functions, and their application to the construction of cryptographic primitives such as public and private-key encryption schemes, digital signature schemes, message authentication codes, and more.

Prerequisites: Ma 1b. CS 21, CS 38 or equivalent recommended.

Evaluation

This is a 12-unit course. In addition to attending 3 hours of lecture weekly, students are expected to:

  • (10% of grade) Prepare for lecture by completing a small quizz or puzzle (weekly).
  • (40% of grade) Turn in a bi-weekly homework set. There will be 4 proof-based sets.
  • (10% of grade) Turning three programming assignments, taken from cryptopals. The assignments can be completed using a language of your choice.
  • (15% of grade) Complete a bi-weekly reading assignment. There will be 3 reading assignments. The goal is to read an important historical paper in cryptography and turn in a 2-page critical assessment of the paper’s contributions.
  • (25% of grade) Complete a take-home final. The final will be similar to the proof-based homework sets, but will be on the entire material for the course and may include one or two more open-ended questions.

See the detailed syllabus.

Schedule of lectures

Note that only the readings from Katz-Lindell are mandatory. Other readings are indicative and may present a different perspective or additional material related to the material covered in lecture.

  • 09/28 Introduction.
    • Lecture:
      • Perfect secrecy and the one-time pad
      • Shannon’s theorem
      • Semantic security
    • Reading:
      • Katz-Lindell Sections 1, 2, 3.1, 3.2, 3.3;
      • Barak Section 2;
      • Boneh-Shoup Section 2.
  • 09/30 Pseudorandom generators (PRG)
    • Lecture:
      • Definition
      • Length extension theorem for PRG (Blum-Micali)
      • Ciphers from PRGs
      • Examples. Application: coin flipping and commitments (Boneh-Shoup 3.12)
    • Reading:
      • Barak Section 3;
      • Katz-Lindell sections 7.1, 8.1, 8.2.1, 8.4.1;
      • Boneh-Shoup Section 3.1 to 3.4.
  • 10/5 Pseudorandom functions (PRF)
    • Lecture:
      • Definition of PRF
      • Construction of PRF from PRG
      • Examples: DES, AES
    • Reading:
      • Barak Section 4.1, Section 5 (except 5.1)
      • Boneh-Shoup Sections 4.2, 4.4 and 4.6
  • 10/7 More on PRFs
    • Lecture:
      • Analysis of tree construction
      • Application of PRFs
      • A concrete construction: AES
    • Reading:
      • KL Section 7.4.3
      • Boneh-Shoup Section 4.2

  • 10/8 Homework #1 due

  • 10/12 Encryption
    • Lecture:
      • IND-CPA security
      • IND-CPA encryption from PRFs
      • Definition of OWF
      • Examples
    • Reading:
      • Barak Section 5.1, Section 6
      • Boneh-Shoup Sections 5.1-5.5

  • 10/13 Reading #1 due

  • 10/14 (online/recorded) One-way functions (OWF)
    • Lecture:
      • Hardcore bits
      • PRG from OWF
    • Reading:
      • KL Section 7.1, 7.2 and 7.3

  • 10/15 Cryptopals #1 due

  • 10/19 Message integrity
    • Lecture:
      • Message Authentication Codes (MAC). MAC from PRF
      • Authenticated encryption
      • IND-CCA security
      • IND-CCA from IND-CPA and MAC
    • Reading:
      • Barak Section 6
      • Boneh-Shoup Chapter 6, Chapter 9
  • 10/21 Key exchange
    • Lecture:
      • Security definition
      • Key exchange based on Merkle puzzles
      • Key exchange based on DDH
      • Key exchange based on RSA
    • Reading:
      • KL Sections 11.2, 11.3, 11.4 and 11.5

  • 10/22 Homework #2 due

  • 10/26 Public-key encryption
    • Lecture:
      • Definitions
      • The Decisional Diffie-Hellman (DDH) assumption and El Gamal cryptosystem
      • RSA
    • Reading:
      • Barak Section 9, Section 10
      • Boneh-Shoup Chapter 11
      • Katz-Lindell Chapter 11

  • 10/27 Reading #2 due

  • 10/28 Digital signatures
    • Lecture:
      • Definition
      • Hash-and-sign
      • Constructions: RSA, Schnorr
      • Signatures from hash functions: Lamport’s scheme
    • Reading:
      • Barak Section 9.3.4, 9.3.5
      • Boneh-Shoup Chapter 13
      • Katz-Lindell Chapter 12

  • 10/29 Cryptopals #2 due

  • 11/02 Lattice-based crypto
    • Lecture:
      • Hard problems on lattices
      • The Learning With Errors (LWE) problem
      • CPA encryption from LWE
    • Reading:
      • Barak Section 11
      • Boneh-Shoup Chapter 16
  • 11/04 Hash functions (1/2)
    • Lecture:
      • Universal hash functions
      • One-time MACs
      • Collision-resistant hash functions (CRHF)

  • 11/05 Homework #3 due

  • 11/09 Hash functions (2/2)
    • Lecture:
      • The Merkle-Damgard transform
      • Constructions: Discrete log, SIS, SHA
      • Application: Merkle trees
      • Application: The blockchain
    • Reading:
      • Barak Section 7.3, 7.4, and Section 8
      • Boneh-Shoup Chapter 8

  • 11/10 Reading #3 due

  • 11/11 Zero-knowledge (1/2)
    • Lecture:
      • Interactive proofs
      • Defining Zero Knowledge
      • Examples
    • Reading:
      • Boneh-Shoup Chapter 20

  • 11/12 Cryptopals #3 due

  • 11/16 Zero-knowledge (2/2)
    • Lecture:
      • Commitments
      • Zero-knowledge protocols for NP
  • 11/18 Homomorphic encryption
    • Lecture:
      • Motivation and definition
      • Partially homomorphic encryption based on LWE
      • Bootstrapping
      • Error management
    • Reading:
      • Barak Section 15, Section 16

  • 11/19 Homework #4 due

  • 11/23 Muliparty computation

  • 11/25 No lecture (Thanksgiving)

  • 11/30 Quantum cryptography (1/2)
    • Lecture:
      • The state of post-quantum cryptography
      • Factoring in quantum polynomial-time
  • 12/2 Quantum cryptography (2/2)
    • Lecture:
      • Quantum entanglement
      • Quantum key distribution

Resources

The course textbook is Introduction to modern cryptography (second edition), by Katz and Lindell.

The readings indicated above are indicative of the topics to be covered, but are not required reading (required reading will be announced in class). They refer to the following online resources:

  • The Boneh-Shoup book is slightly more applied than this course. It has a lot of examples and considers practical security requirements.
  • Boaz Barak has draft lecture notes available. These are slightly more theoretical than this course. The second half of the lectures go beyond what we will directly cover in class.
  • Pass and Shelat have a great set of freely available lecture notes.
  • For the more theoretically inclined, I highly recommend the monograph by Oded Goldreich.

Additional background on number theory:

Links to similar classes: