CS 290G: Introduction to Modern Cryptography (Winter 2014)

Instructor: Stefano Tessaro, tessaro(at)cs(dot)ucsb(dot)edu

Class time and location: TR 1-2:50pm (Phelps 3526)

Office hours: TR 3-4pm or by appointment (HFH 1117)

Class webpage: http://www.cs.ucsb.edu/~tessaro/teaching/cs290w14/

Piazza: We will be using Piazza for class-related discussions. The Piazza page for this class is available at https://piazza.com/ucsb/winter2014/cs290g/home.


  • [Nov 7, 2013]: Home page set up. Please check regularly for updates (there will be some!) A class mailing list will be set up.
  • [Nov 20, 2013]: Added tentative schedule, assessment information updated.
  • [Jan 5, 2014] Warning: Classroom has changed!
  • [Jan 7, 2014] Slight change in homework policy
  • [Jan 24, 2014] There is a typo in HW1, 3a). The exponent was meant to be something different. Sorry for this (I will just not count the task towards the total if you could not solve it.)
  • [Feb 26, 2014] Today's class is canceled due to illness. Sorry!
  • [Mar 11, 2014] The final has been posted here (use the same username and password as for slides!)

Course Description

Cryptography provides the basic technology to protect information and to communicate securely. This class is a self-contained graduate-level introduction to modern cryptography. We will study tools and techniques to design systems with provable security guarantees.

We will discuss basic cryptographic building blocks like RSA, AES, and SHA and their abstractions. More importantly, we will see how to combine these components to achieve richer functionalities, like key agreement, secret- and public-key encryption, secure identification, message authentication, and digital signatures.

A main high-level objective of the class is to learn how security of cryptographic algorithms is properly defined, and to understand security proofs and what type of guarantees they provide.

Required background: Even though the material has direct practical applications, the class will take a rigorous approach: Exposure to undergraduate-level basics of probability, algebra / elementary number theory (modular arithmetic) and complexity theory (in particular, to reductions) is expected, as well as a certain level of mathematical maturity (students should be ready to understand mathematical proofs, and to write simple ones). If in doubt, contact the instructor!

Assessment: Final assessment will depend on a combination of homework (there will be four problem sets, accounting overall to 2/3 of the grade) and take-home final (accounting to 1/3 of the grade, i.e., the equivalent of two problem sets).

Textbook: No textbook will be required, but the following two are great resources to support the class:

Additional reading material will be communicated during class.


The following is a tentative schedule, and is intended to give a rough idea about what I hope to cover in the class and in which order. There will be (slight) changes depending on the pace of the class.

WeekDate Lecture contents Reading material / Slides Assignments
1 2014-01-07 Welcome to CS290G
  • Course organization
  • Introduction to cryptographic thinking and provable security: One-time pad and RSA encryption
2014-01-09 Foundations I
  • One-way functions
  • Some reduction examples
2 2014-01-14 Foundations II
  • Computational indistinguishability and pseudorandom generators (PRGs)
  • Basic Properties of PRGs
2014-01-16 Foundations III
  • Extending the output length of PRGs
  • Hybrid arguments
3 2014-01-21 Foundations IV
  • Pseudorandom functions and permutations
  • Switching lemma
  • Candidates (Block ciphers)
  • Constructions
2014-01-23 Symmetric Cryptography I
  • Security notions for symmetric encryption (IND-CPA, Semantic security)
  • Basic modes of operation
4 2014-01-28 Symmetric Cryptography II
  • Security proofs for modes of operation
2014-01-30 Symmetric Cryptography III
  • Message-authentication codes (MACs)
  • Security notions for MACs (weak and strong unforgeability)
  • MACs from PRFs
  • Application: Secure Identification
5 2014-02-04 Symmetric Cryptography IV
  • MAC constructions and their security
2014-02-06 Symmetric Cryptography V
  • Authenticated Encryption: INT-PTXT, INT-CTXT
  • Symmetric encryption against chosen-ciphertext attacks
  • Encrypt-then-MAC, MAC-then-Encrypt, Encrypt-and-MAC
6 2014-02-11 Symmetric Cryptography VI
  • Recap on PRFs / MACs
  • Extra topics: Wide-block encryption and order-preserving encryption<
2014-02-13 Public-key Encryption I
  • Security notions for public-key encryption: IND-CPA / IND-CCA
  • Recap on finite group
  • Diffie-Hellman type assumption
7 2014-02-18 Public-key Encryption II
  • ElGamal Encryption
  • Generic Constructions from Tradpoor-Functions
  • Goldwasser-Micali Encryption
2014-02-20 Public-Key Encryption III
  • The Random-Oracle Model (ROM)
  • Public-key encryption secure against chosen-ciphertext attacks in the ROM
8 2014-02-25 Class is canceled!
2014-02-27 Class is canceled!
9 2014-03-04 Digital Signatures I
  • Security definitions and basic properties
  • Construction from one-way functions
2014-03-06 Digital Signatures II
  • Full Domain Hash signatures
  • See notes for Lecture 15 above
10 2014-03-11 Special Topics I
  • Identity-based encryption
2014-03-13 Special Topics II
  • Functional Encryption
  • Fully-homomorphic Encryption (FHE)