- Reference Books:
- Katz-Lindell
- MPC and Secret-Sharing
- Handbook of Applied Cryptography
- Stinson
- Joux (cryptanalysis)
- Goldreich (foundations) (Also A Primer)

- Notes: Bellare-Rogaway, Goldwasser-Bellare, Waters, Pass-Shelat.
- Wiki: CRYPTUTOR
- Basics: Probability

Spring 2016

Instructor: Manoj Prabhakaran

- 12:30 PM - 01:45 PM Tuesday/Thursday

1304 Siebel Center

CRN: 58502

Forum (Piazza)

Have you wondered how one might *define* security --
even for a cryptographic concept as simple and familiar as encryption? What
makes public-key cryptography possible? (Well, what *is* public-key
cryptography?) What is MD5 and what's wrong with it? What is homomorphic
encryption? What are zero-knowledge proofs (and are they for real)? What
magical tools can cryptography offer that no one has put to use yet? Are there
limits to the magic of cryptography?

This course is intended to provide a theoretically sound foundation in applied cryptography. We shall see fundamental cryptographic notions and how cryptographic primitives can be used to create applications with security guarantees.

__Course contents.__ The initial part of the course will cover *secure
communication* (encryption and authentication). A good reference would be
the Katz-Lindell textbook.
Towards the second half of the course we will focus on some applications, and
other important topics including *secure multi-party computation*. As time
permits, we will also see glimpses of a variety of other concepts and tools.

__Graded Work.__ There is no exam in this course. The graded work
involves a few homework assignments and a project. The projects will be
evaluated based on a presentation (or a report, for the online students), and
meeting(s) prior to that. Some sample topics for the project will be provided
later on.

Please submit your homework assignments in teams of two. You may form a different team for each assignment, or keep the same team for all/multiple assignments. You may find it helpful to use the piazza forum to discuss forming teams. You can e-mail me the assignment as a PDF (ideally, typeset using LaTeX), with "CS598 Assignment" in the subject.

__Office hours.__ Regular schedule TBA.
The first office hour will be held on Thursday, Jan 28, from 2:00 PM to 3:00 PM.

Please do come for the office hours, if you found anything mysterious (or missed anything) in the lectures or assignments. You are also welcome to drop by and chat about the content/structure of the course during the office hours. Feel free to e-mail anytime if you have any questions or comments.

- Lecture 00: (Jan 21): Introduction [ html|pdf|print ]
- Lecture 01: (Jan 21): Secret-Sharing [ html|pdf|print ]
- Assignment 1 (released Thursday Jan 21; due Tuesday Feb 2)
- Lecture 02: (Jan 26): Defining Encryption (part 1: One-Time security) [html|pdf|print]
- Lecture 03: (Jan 28): Defining Encryption (part 2: CPA security) [html|pdf|print]
- Lecture 04: (Feb 2): Indistiguishability, PRG, Stream Cipher [html|pdf|print]
- Lecture 05: (Feb 4): One-Way Functions/Permutations, PRG [html|pdf|print]
- Lecture 06: (Feb 9) PRF, Block Cipher. [html|pdf|print]
- Lecture 07: (Feb 11) CCA-secure SKE. MAC. SKE in practice. [html|pdf|print] (Symmetric-key cryptanalysis reference)
- Assignment 2 (released Monday Feb 15; due Tuesday Mar 7)
- Lecture 08: (Feb 16): Public-Key Encryption: DDH [html|pdf|print]
- Lecture 09: (Feb 18): Public-Key Encryption: CPA secure PKE from Trapdoor OWP; CCA security [html|pdf|print]
- Lecture 10: (Feb 23): Public-Key Encryption: CCA security. Hybrid Encryption. Identity-Based Encryption. [html|pdf|print]
- Lecture 11: (Feb 27): Hash functions: Flavors of collision resistance [html|pdf|print]
- Lecture 12: (Mar 01): Hash function constructions and applications to MACs [html|pdf|print]
- Lecture 13: (Mar 03): Digital Signatures. Randomness Extractors. [html|pdf|print]
- Lecture 14: (Mar 08): Secure Communication in Practice. [html|pdf|print]
- Lecture 15: (Mar 10): Secure Multiparty Computation [html|pdf|print]
- Lecture 16: (Mar 15): Secure Multiparty Computation: Yao's Garbled Circuit [html|pdf|print]
- Lecture 17: (Mar 17): Secure Multiparty Computation: GMW and BGW Protocols [html|pdf|print]

--- Spring Break! ---

- Assignment 3 (released Saturday Mar 26; due Monday Apr 25)

--- Classes canceled on Mar 29 & 31 ---

- Lecture 18: (Apr 5): Zero-Knowledge Proofs [html|pdf|print]
- Lecture 21: (Apr 7): Universal Composition [html|pdf|print]
- Lecture 20: (Apr 12): Homomorphic Encryption [html|pdf|print]
- Lecture 21: (Apr 14): Mix-Nets, Verifiable Shuffle [html|pdf|print]
- Lecture 22: (Apr 19): Voting [html|pdf|print]
- Lecture 23: (Apr 23): Pairing-Based Cryptography & Generic Groups [html|pdf|print]
- Lecture 24: (Apr 26): Functionally Rich Signatures [html|pdf|print]
- Lecture 25: (Apr 28): Obfuscation [html|pdf|print]
- Lecture 26: (May 3): Quantum Cryptography [html|pdf|print]