CS 292F: Introduction to Modern Cryptography

CS 292F: Introduction to Modern Cryptography (Winter 2018)

Instructor: Stefano Tessaro, tessaro(at)cs(dot)ucsb(dot)edu

Class time and location: MW 9-10:50am (GIRV 2108)

Office hours: T 4-5pm or by appointment (HFH 1117)

Class webpage: http://www.cs.ucsb.edu/~tessaro/cs292f/

Piazza: We will be using Piazza for class-related discussions. The Piazza webpage is available at piazza.com/ucsb/winter2018/cs292f/home. Sign up at piazza.com/ucsb/winter2018/cs292f

Announcements

Initial webpage set up.

Course Description

Cryptography provides the basic technology to protect information and to communicate securely. This class is a self-contained graduate-level introduction to modern cryptography. We will study tools and techniques to design systems with provable security guarantees. Tools will include foundations (one-way functions, pseudorandomness), encryption and authentication, secret- and public-key cryptography, introduction to cryptographic protocols (multi-party computation, zero-knowledge), lattice-based cryptography.

A main high-level objective of the class is to learn how security of cryptographic algorithms is properly defined, and to understand security proofs and what type of guarantees they provide.

Required background: Even though the material has direct practical applications, the class will take a rigorous approach: Exposure to undergraduate-level basics of probability, algebra / elementary number theory (modular arithmetic) and complexity theory (in particular, to reductions) is expected (this can be caught up in part during the class, but get in touch with instructor to assess gaps), as well as a certain level of mathematical maturity (students should be ready to understand mathematical proofs, and to write simple ones). If in doubt, contact the instructor!

Non-CS majors: You are welcome to attend the class. There will be some room. Just show up the first class, and you will then be added to the class.

Extension students: If you are visiting UCSB and want to attend this class, you need permission from me -- get in touch with me and be ready to give copy of your transcripts to make sure you have the appropriate background.

Assessment (tentative): Final assessment will depend on a combination of homework (there will be four problem sets, accounting overall to 1/2 of the grade), a take-home final (accounting to 30% of the grade), and a small project (20%). Homework and project can be solved in pairs, but you should be able to demonstrated individual contribution. More specific information is available on the class slides.

Textbook: No textbook will be required, but the following are great resources to support the class (most of them are available for download):

J. Katz and Y. Lindell. Introduction to Modern Cryptography
D. Boneh and V. Shoup. A Graduate Course in Applied Cryptography
M. Bellare and P. Rogaway. Introduction to Modern Cryptography (Lecture Notes)
R. Pass and a. shelat. A Course in Cryptography
O. Goldreich. Foundations of Cryptography

Schedule

The following schedule will grow as we proceed with the class, and list what we covered in class.

Week	Date	Lecture contents	Additional reading material	Assignments
1	2017-01-17	Welcome to CS290G Course organization Introduction to cryptographic thinking and provable security: One-time pad and Diffie-Hellman key exchange	Victor Shoup's introduction to number theory
2	2017-01-22	Computational Hardness and one-way functions Computational resources Polynomial time and negligible functions One-way functions	Notes on Piazza Pass-Shelat notes, Sec 2.2
	2017-01-24	(Computational) Indistinguishability and PRGs Definition of distinguishing advantage Definition of a PRG Non-existence of uncondtional PRGs PRGs and OWFs Intro to hardcore predicates	Lecture notes on Piazza	HW1 (posted 1/26)
3	2017-01-29	Pseudorandomness (cont'd) Hardcore predicates: Definition and examples (Goldreich-Levin, Discrete Logs and the MSB). One-way permutations to PRGs via hardcore predicates PRG extension and hybrid arguments	Notes on Piazza
	2017-01-31	PRGs and PRFs Recap hybrid arguments Pseudorandom functions (PRFs): Definitions The GGM construction	Lecture notes on Piazza
3	2017-02-05	Pseudorandom functions and permutations Block ciphers Pseudorandom permutations (PRPs) The Birthday Paradox Relationwhip between PRFs and PRPs: The switching lemma From PRFs to PRPs via the Feistel Construction	Notes on Piazza
	2017-02-07	Introduction to encryption IND-CPA security and semantic security Construction of an encryption scheme from a PRF via counter-mode encryption	Lecture notes on Piazza	HW1 (posted 1/26)