CS 152 Introduction to cryptography

Term: Fall 2018
Lectures: TT 10:30-12, 314 ANB
Instructor: Thomas Vidick
Office Hours: Tuesday 5-6pm, 207 ANB
TAs: Andrea Coladangelo and Tina Zhang. OH: Thursday 5-6pm, 205 ANB.

Course description

Cryptography is the art, or science, of secret communication. But what is secret communication? How can it be achieved? What mathematical assumptions underlie security? This course will cover the foundations of modern cryptography, including one-way functions, pseudo-random generators, cryptographic hash functions, and their application to the construction of cryptographic primitives such as public and private-key encryption schemes, digital signature schemes, message authentication codes, and more.

Prerequisites: Ma 1b. CS 21, CS 38 or equivalent recommended.

Evaluation

This is a 12-unit course. In addition to attending 3 hours of lecture weekly, students are expected to:

  • (10% of grade) Prepare for lecture by completing a small quizz or puzzle (weekly).
  • (30% of grade) Turn in a bi-weekly homework set. There will be 3 proof-based sets.
  • (10% of grade) Turning three programming assignments, taken from cryptopals. The assignments can be completed using a language of your choice.
  • (15% of grade) Complete a bi-weekly reading assignment. There will be 3 reading assignments. The goal is to read an important historical paper in cryptography and turn in a 2-page critical assessment of the paper’s contributions.
  • (30% of grade) Complete a project. This can be reading or research, or implementation-based. The project will lead to a report and an in-class presentation.

See the detailed syllabus.

Schedule of lectures

Note that only the readings from Katz-Lindell are mandatory. Other readings are only indicative.

  • 10/2 Lecture 1: Introduction.
    • Lecture:
      • Perfect secrecy and the one-time pad
      • Shannon’s theorem
      • Semantic security
    • Reading:
      • Barak Section 2;
      • Katz-Lindell Sections 1, 2, 3.1, 3.2, 3.3;
      • Boneh-Shoup Section 2.
  • 10/4 Lecture 2: Pseudorandom generators (PRG)
    • Lecture:
      • Definition
      • Length extension theorem for PRG (Blum-Micali)
      • Ciphers from PRGs
      • Examples. Application: coin flipping and commitments (Boneh-Shoup 3.12)
    • Reading:
      • Barak Section 3;
      • Katz-Lindell sections 7.1, 8.1, 8.2.1, 8.4.1;
      • Boneh-Shoup Section 3.1 to 3.4.
  • 10/9 No lecture (FOCS)

  • 10/11 Lecture 3: Pseudorandom functions (PRF)
    • Lecture:
      • Definition of PRF
      • Construction of PRF from PRG
      • Examples: DES, AES
    • Reading:
      • Barak Section 4.1, Section 5 (except 5.1)
      • Boneh-Shoup Sections 4.2, 4.4 and 4.6
  • 10/16 Lecture 4: Encryption
    • Lecture:
      • IND-CPA security
      • IND-CPA encryption from PRFs
    • Reading:
      • Barak Section 5.1, Section 6
      • Boneh-Shoup Sections 5.1-5.5
  • 10/18 Lecture 5: Message integrity
    • Lecture:
      • Message Authentication Codes (MAC). MAC from PRF
      • Authenticated encryption
      • IND-CCA security
      • IND-CCA from IND-CPA and MAC
    • Reading:
      • Barak Section 6
      • Boneh-Shoup Chapter 6, Chapter 9
  • 10/23 Public-key encryption
    • Lecture:
      • Definitions
      • The Decisional Diffie-Hellman (DDH) assumption and El Gamal cryptosystem
      • RSA
    • Reading:
      • Barak Section 9, Section 10
      • Boneh-Shoup Chapter 11
      • Katz-Lindell Chapter 11
  • 10/25 Digital signatures
    • Lecture:
      • Definition
      • Hash-and-sign
      • Constructions: RSA, Schnorr
      • Signatures from hash functions: Lamport’s scheme
    • Reading:
      • Barak Section 9.3.4, 9.3.5
      • Boneh-Shoup Chapter 13
      • Katz-Lindell Chapter 12
  • 10/30 Lattice-based crypto
    • Lecture:
      • Hard problems on lattices
      • The Learning With Errors (LWE) problem
      • CPA encryption from LWE
    • Reading:
      • Barak Section 11
      • Boneh-Shoup Chapter 16
  • 11/01 Homomorphic encryption
    • Lecture:
      • Motivation and definition
      • Partially homomorphic encryption based on LWE
      • Bootstrapping
      • Error management
    • Reading:
      • Barak Section 15, Section 16
  • 11/06 Hash functions (1/2)
    • Lecture:
      • Universal hash functions
      • One-time MACs
  • 11/08 Hash functions (2/2)
    • Lecture:
      • Collision-resistant hash functions (CRHF)
      • MAC from CRHF: Hash-and-MAC
      • The Merkle-Damgard transform
      • Constructions: Discrete log, SIS, SHA
      • Application: Merkle trees
    • Reading:
      • Barak Section 7.3, 7.4, and Section 8
      • Boneh-Shoup Chapter 8
  • 11/13 Project discussion

  • 11/15 The blockchain
    • Lecture:
      • The bitcoin ledger, construction using CRHF
      • The consensus problem
      • Proof of work
    • Reading:
      • Barak Section 7
  • 11/20 Zero-knowledge (1/2)
    • Lecture:
      • Interactive proofs
      • Defining Zero Knowledge
      • Examples
    • Reading:
      • Boneh-Shoup Chapter 20
  • 11/22 No lecture (Thanksgiving)

  • 11/27 Zero-knowledge (2/2)
    • Lecture:
      • Commitments
      • Zero-knowledge protocols for NP
  • 11/29 Quantum cryptography (1/2)
    • Lecture:
      • The state of post-quantum cryptography
      • Factoring in quantum polynomial-time
  • 12/4 Quantum cryptography (2/2)
    • Lecture:
      • Quantum entanglement
      • Quantum key distribution
  • 12/6 Project presentations

Resources

The course textbook is Introduction to modern cryptography (second edition), by Katz and Lindell.

The readings indicated above are indicative of the topics to be covered, but are not required reading (required reading will be announced in class). They refer to the following online resources:

  • The Boneh-Shoup book is slightly more applied than this course. It has a lot of examples and considers practical security requirements.
  • Boaz Barak has draft lecture notes available. These are slightly more theoretical than this course. The second half of the lectures go beyond what we will directly cover in class.
  • Pass and Shelat have a great set of freely available lecture notes.
  • For the more theoretically inclined, I highly recommend the monograph by Oded Goldreich.

Additional background on number theory:

Links to similar classes: