CS 276 &mdash Cryptography &mdash Spring 2009

[general info] [lecture notes] [midterm and project]

General Information

Instructor: Luca Trevisan, luca@eecs, 679 Soda Hall, Tel. 642 8006

Classes are Tuesday-Thursday, 4-5:30pm, 310 Soda

Office hours: Wednesdays, 2-3pm, or by appointment

About the course: an introduction to modern cryptography. We will talk about how to rigorously formalize the notion of security in various models, and how to use primitives having weak and plausible security properties (one-way permutations, trapdoor permutations) to build systems satisfying very strong, and sometimes seemingly outlandish, notions of security. The emphasis of the course will be on general principles, but, for concreteness, we shall also look at a number of examples and applications. Topics will include one-way functions, pseudorandomness, block ciphers, symmetric-key encryption, authentication, public-key cryptosystems, signatures, commitment schemes, zero-knowledge proofs, advanced notions of security, and multi-party cryptographic protocols.

Coursework and grading: a homework will be posted every week or two. Homework problems will not be graded, but solving them will be very useful practice for the take-home midterm. Each student is required to scribe one lecture; the scribed notes will count for 20% of the grade. There will be a take-home midterm after spring break, which will count for 35% of the grade. A final project will count for 45% of the grade. The project will involve studying a paper or series of papers on an advanced subject not covered in class, writing a short report, and giving a 25-minute presentation in class. Two-people collaborations are possible, in which case the presentation will be 40 minutes. A project may be planned with a research problem in mind. Several such projects could become TCC 2010 papers.

References:

The main references are lecture notes. A short draft will be posted before each class, and scribed notes will be posted when completed.
At long last, there is a very good introductory textbook on the foundations of cryptography:
- Jonathan Katz and Yehuda Lindell
  Introduction to Modern Cryptography
  Chapman & Hall/CRC Press, 2007
The ultimate reference is the two-volume treatise by Oded Goldreich:
- Oded Goldreich
  The Foundations of Cryptography - Volume I, Basic Techniques
  Cambridge University Press, 2001
- Oded Goldreich
  The Foundations of Cryptography - Volume II, Basic Applications
  Cambridge University Press, 2004

Other cryptography courses at Cornell, Harvard, Maryland, Princeton, UC San Diego, Weizmann (Goldreich), and Weizmann (Naor).

Classes and Lecture Notes

A basic knowledge of algebra and probability is a prerequisite for this class. As a refresher, here are some notes on algebra, and notes on probability.

For scribes: go here to find the template.tex and macros.tex files which are required to compile lecture notes. The file lecture00.tex gives some information on how to typeset the notes.

Past

01/20 Introduction and overview. Some ancient history. One-time pad. Notes: [PDF] [HTML]
01/22 Message indistinguishability and semantic security. Notes: [PDF] [HTML]
01/27 Pseudorandom generators and one-time encryption. Notes: [PDF] [HTML]
01/29 RC4. Security for multiple encryptions. Stream ciphers. Notes: [PDF] [HTML]
02/03 Pseudorandom functions. CPA-secure encrpytion from pseudorandom fuctions. Notes: [PDF] [HTML]
02/05 Pseudorandom permutations, modes of encryption. Notes: [PDF] [HTML]
02/10 Message authentication. Notes: [PDF] [HTML]
02/12 CBC-MAC. CCA-secure encryption using MAC. Notes: [PDF] [HTML]
02/17 Cryptographic hash functions. Notes: [PDF] [HTML]
02/19 Practical constructions of block ciphers. Draft notes: [PDF] [HTML]
02/24 One-way functions, one-way permutations, and hard-core predicates. Notes: [PDF] [HTML]
02/26 The Goldreich-Levin Theorem. Notes: [PDF] [HTML]
03/03 Pseudorandom Generators. Notes: [PDF] [HTML]
03/05 Pseudorandom Functions from Pseudorandom Generators. Notes: [PDF] [HTML]
03/10 Pseudorandom Permutations from Pseudorandom Functions. Notes: [PDF] [HTML]
03/12 Pseudorandom Permutations from Pseudorandom Functions. Notes: [PDF] [HTML]
03/17 Public-Key Encryption. Notes: [PDF] [HTML]
03/19 Public-Key Encryption. Notes: [PDF] [HTML]
03/31 Public-Key Encryption. Notes: [PDF] [HTML]
04/02 Signature Schemes. Notes: [PDF] [HTML]
04/07 Signature Schemes. Notes: [PDF] [HTML]
04/09 Signature Schemes in the Random Oracle Model. Notes: [PDF] [HTML]
04/14 No Class
04/16 Encryption in the random oracle model. Notes: [PDF] [HTML]
04/21 Zero Knowledge: definitions and graph isomorphism. Notes: [PDF] [HTML]
04/23 Zero Knowledge: quadratic residuosity. Notes: [PDF] [HTML]
04/28 Proofs of knowledge. Notes: [PDF] [HTML]
04/30 Commitment schemes and Zero Knowledge for NP. Notes: [PDF] [HTML]
05/05 Zero Knowledge for NP. Notes: [PDF] [HTML]

Planned

05/07 Zero Knowledge for NP, conclusion
4:30-4:55 Joel Weinberger — project presentation
5:00-5:25 Bharath Ramsundar — project presentation
05/12 Project Presentations in 320 Soda
2:10 - 2:35 Guoming Wang — on hard-core predicates via list decoding
2:35 - 3:00 Matthew Finifter — on timestamping schemes
3:00 - 3:25 Nick Jalbert — on program obfuscation
3:35 - 4:00 Pongphat Taptagaporn — on pseudorandom generators from one-way functions
4:00 - 4:25 Manohar Jonnalagedda — on attacks against MD5
4:25 - 4:50 Ian Haken — on program obfuscation
05/14 Project Presentations in 320 Soda
2:10 - 2:35 Mark Landry — on limitations of the Random Oracle Models
2:35 - 3:00 Anand Bhaskar — on lattice-based cryptography
3:00 - 3:25 Cynthya Sturton — on private information retrieval
3:35 - 4:00 Siu Man Chan — on key agreement from weak but agreement
4:00 - 4:25 Alexandra Constantin — on elliptic curve cryptography
4:25-4:50 Milosh Drezgich — on quantum one-way functions
05/15 Project Presentations in 320 Soda
2:10 - 2:35 Jonah Sherman — on pseudorandom generators from one-way functions
2:35 - 3:00 Himanshu Sharma — on program obfuscation
3:00 - 3:25 Anupam Prakash — on program obfuscation
3:30 - 3:55 Siu On Chan — on one-way function hardness amplification
3:55 - 4:20 James Cook
4:20 - 5:00 Anindya De and Madhur Tulsiani

Problem Sets, Midterm and Project

The following problem sets will not be graded, and are not to be turned in. It is recommended that you try to solve them, to test what you learnt in class and to prepare for the midterm.

Problem Set 1 refers to lectures 2-5
- Solutions to Problem Set 1
Problem Set 2 refers to lectures 6-9
- Solutions to Problem Set 2
Problem Set 3 refers to lectures 11-16
- Solutions to Problem Set 3

Midterm

The MIDTERM is due by email before noon on Thursday, April 9. If possible, write your solution in LaTeX. Here is the LaTeX source of the midterm, which you may find helpful. Here is a running list of corrections from the originally posted version. The files are accessible only from within the berkeley.edu domain. I can send you a copy by email if you are having trouble.

Project

The project will be due by Tuesday, May 5, at noon. The PROJECTS PAGE is under construction.