**[general info] **
**[lecture notes]
[midterm and project]**

**Instructor**: Luca
Trevisan, luca@eecs, 679 Soda Hall, Tel. 642 8006

**Classes** are Tuesday-Thursday, 4-5:30pm, 310 Soda

**Office hours**: Wednesdays, 2-3pm, or by appointment

**About the course**: an introduction to modern cryptography. We will talk
about how to rigorously formalize the notion of security in various models, and
how to use primitives having weak and plausible security properties (one-way
permutations, trapdoor permutations) to build systems satisfying very strong,
and sometimes seemingly outlandish, notions of security. The emphasis of the
course will be on general principles, but, for concreteness, we shall also look
at a number of examples and applications. Topics will include one-way functions,
pseudorandomness, block ciphers, symmetric-key encryption, authentication,
public-key cryptosystems, signatures, commitment schemes, zero-knowledge
proofs, advanced notions of security, and multi-party cryptographic protocols.

**Coursework and grading**: a homework will be posted every week or two.
Homework problems will not be graded, but solving them will be very useful
practice for the take-home midterm. Each student is required to scribe one
lecture; the scribed notes will count for 20% of the grade. There will be a
take-home midterm after spring break, which will count for 35% of the grade. A
final project will count for 45% of the grade. The project will involve studying
a paper or series of papers on an advanced subject not covered in class, writing
a short report, and giving a 25-minute presentation in class. Two-people
collaborations are possible, in which case the presentation will be 40 minutes.
A project may be planned with a research problem in mind. Several
such projects could become TCC
2010 papers.

**References: **

- The main references are lecture notes. A short draft will be posted before each class, and scribed notes will be posted when completed.
- At long last, there is a very good introductory textbook on the foundations of cryptography:
- Jonathan Katz and Yehuda Lindell

*Introduction to Modern Cryptography*

Chapman & Hall/CRC Press, 2007

- Jonathan Katz and Yehuda Lindell
- The ultimate reference is the two-volume treatise by Oded Goldreich:
- Oded Goldreich

*The Foundations of Cryptography - Volume I, Basic Techniques*

Cambridge University Press, 2001 - Oded Goldreich

*The Foundations of Cryptography - Volume II, Basic Applications*

Cambridge University Press, 2004

- Oded Goldreich

A basic knowledge of algebra and probability is a prerequisite for this
class. As a refresher, here are some **notes on
algebra**, and **notes on probability**.

**For scribes**: go **here** to find the
template.tex and macros.tex files which are required to compile lecture notes.
The file lecture00.tex gives some information on how to typeset the notes.

*Past*

- 01/20 Introduction and overview. Some ancient history. One-time pad. Notes:
**[PDF] [HTML]** - 01/22 Message indistinguishability and semantic security. Notes:
**[PDF] [HTML]** - 01/27 Pseudorandom generators and one-time encryption.
Notes:
**[PDF] [HTML]** - 01/29 RC4. Security for multiple encryptions.
Stream ciphers. Notes:
**[PDF] [HTML]** - 02/03 Pseudorandom functions. CPA-secure encrpytion from
pseudorandom fuctions. Notes:
**[PDF] [HTML]** - 02/05 Pseudorandom permutations, modes of encryption.
Notes:
**[PDF] [HTML]** - 02/10 Message authentication. Notes:
**[PDF]****[HTML]** - 02/12 CBC-MAC. CCA-secure encryption using MAC. Notes:
**[PDF]****[HTML]** - 02/17 Cryptographic hash functions. Notes:
**[PDF]****[HTML]** - 02/19 Practical constructions of block ciphers. Draft notes:
**[PDF]****[HTML]** - 02/24 One-way functions, one-way permutations, and hard-core predicates.
Notes:
**[PDF]****[HTML]** - 02/26 The Goldreich-Levin Theorem. Notes:
**[PDF]****[HTML]** - 03/03 Pseudorandom Generators. Notes:
**[PDF]****[HTML]** - 03/05 Pseudorandom Functions from Pseudorandom Generators.
Notes:
**[PDF]****[HTML]** - 03/10 Pseudorandom Permutations from Pseudorandom Functions.
Notes:
**[PDF]****[HTML]** - 03/12 Pseudorandom Permutations from Pseudorandom Functions.
Notes:
**[PDF]****[HTML]** - 03/17 Public-Key Encryption. Notes:
**[PDF]****[HTML]** - 03/19 Public-Key Encryption. Notes:
**[PDF]****[HTML]** - 03/31 Public-Key Encryption. Notes:
**[PDF]****[HTML]** - 04/02 Signature Schemes. Notes:
**[PDF]****[HTML]** - 04/07 Signature Schemes. Notes:
**[PDF]****[HTML]** - 04/09 Signature Schemes in the Random Oracle Model. Notes:
**[PDF]****[HTML]**

04/14**No Class** - 04/16 Encryption in the random oracle model. Notes:
**[PDF]****[HTML]** - 04/21 Zero Knowledge: definitions and graph isomorphism. Notes:
**[PDF]****[HTML]** - 04/23 Zero Knowledge: quadratic residuosity. Notes:
**[PDF]****[HTML]** - 04/28 Proofs of knowledge. Notes:
**[PDF]****[HTML]** - 04/30 Commitment schemes and Zero Knowledge for NP.
Notes:
**[PDF]****[HTML]** - 05/05 Zero Knowledge for NP. Notes:
**[PDF]****[HTML]**

*Planned*

- 05/07 Zero Knowledge for NP, conclusion

4:30-4:55 Joel Weinberger — project presentation

5:00-5:25 Bharath Ramsundar — project presentation - 05/12 Project Presentations in
**320 Soda**

2:10 - 2:35 Guoming Wang — on hard-core predicates via list decoding

2:35 - 3:00 Matthew Finifter — on timestamping schemes

3:00 - 3:25 Nick Jalbert — on program obfuscation

3:35 - 4:00 Pongphat Taptagaporn — on pseudorandom generators from one-way functions

4:00 - 4:25 Manohar Jonnalagedda — on attacks against MD5

4:25 - 4:50 Ian Haken — on program obfuscation - 05/14 Project Presentations in
**320 Soda**

2:10 - 2:35 Mark Landry — on limitations of the Random Oracle Models

2:35 - 3:00 Anand Bhaskar — on lattice-based cryptography

3:00 - 3:25 Cynthya Sturton — on private information retrieval

3:35 - 4:00 Siu Man Chan — on key agreement from weak but agreement

4:00 - 4:25 Alexandra Constantin — on elliptic curve cryptography

4:25-4:50 Milosh Drezgich — on quantum one-way functions

- 05/15 Project Presentations in
**320 Soda**

2:10 - 2:35 Jonah Sherman — on pseudorandom generators from one-way functions

2:35 - 3:00 Himanshu Sharma — on program obfuscation

3:00 - 3:25 Anupam Prakash — on program obfuscation

3:30 - 3:55 Siu On Chan — on one-way function hardness amplification

3:55 - 4:20 James Cook

4:20 - 5:00 Anindya De and Madhur Tulsiani

- Problem Set 1 refers to lectures 2-5
- Problem Set 2 refers to lectures 6-9
- Problem Set 3 refers to lectures 11-16