This is a three-credit graduate level course. It can be
credited to all degree programs, subject to advisor approval. It is also
a theory elective for the PhD program in computer science, a suitable elective
for the MS foundations or security tracks, and a foundations track
elective for undergrad CS majors.
We meet Tuesdays and Thursdays 10:10-11:25 in 142 Uris Hall.
The class is recorded for CVN students, and recordings will also be made available to on-campus students for 10 days after each lecture.
Communication: We will be using gradescope and edstem, both accessible from courseworks, and regular office hours (see below). Announcements will be sent by email through courseworks, as well as posted on this webpage. Regrade requests should be submitted in writing through Gradescope, within one week after the assignment is returned.
If you have any administrative questions, you can post a private question on Edstem. Questions with sensitive personal information can be emailed to just the professor. Questions related to the material should be posted on Edstem or asked in office hours, with the exception of quiz related questions, which should not be asked while the quiz is still ongoing. Other questions are highly encouraged (after you've spent some time thinking and going over the material).
This course is an introduction
to the foundations of modern cryptography. In general, cryptography aims to construct
efficient schemes achieving some desired functionality, even in an adversarial
environment. For example, the most basic question in cryptography is that
of secure communication across an insecure channel: Can Alice send a message to
Bob so that Bob understands the message, but no eavesdropper does? How
can Bob be sure that the message received was sent by
While cryptography is an ancient field, the emergence of modern cryptography in the last few decades is characterized by several important features distinguishing it from classical cryptography. For one thing, the availability of computers and the wide spread of networked information systems and the Web, has dramatically increased both the need for good cryptography, and the possibilities that it can offer. In addition to the classical military and national security applications, a wide scope of financial, legal, and social cryptographic applications has emerged, from using a credit card on-line or sending an encrypted email, to more ambitious goals of electronic commerce, electronic voting, contract-signing, database privacy, and so on. The most important characteristic of modern cryptography is its rigorous, scientific approach, based on firm complexity-theoretical foundations. In contrast to the classical approach based on ad-hoc solutions (design a scheme that seems very hard to break, and hope for the best), modern cryptography aims for specific, rigorously quantifiable security guarantees, based on precise mathematical definitions and provably secure protocols.
The principles and techniques
underlying the above will be illustrated through specific examples drawing from
the basic cryptographic primitives. Through these examples, which are
very important on their own, you will also learn to critically evaluate and
interpret cryptographic definitions and security proofs (i.e., what is
and what is not guaranteed?).
While the class will focus on the theoretical foundations, we will discuss the relation to how things are actually done in practice.
The material covered in the class should prepare you to make sense of some current research papers in cryptography, and to study further on your own (or take an advanced class). Opportunities for research under my supervision may be available for interested students who do well in the class.
The following is an ambitious list of topics to be covered. Depending on time, some of the topics will be omitted.
The following topics are outside of the scope of this class.
We will use the book “Introduction to Modern Cryptography” by Jonathan Katz and Yehuda Lindell, Chapman and Hall/CRC Press, 3rd edition. This book will be on reserve in the science and engineering library. Recommendations for some other textbooks (not required) appear here.
The following skills will be assumed:
It will also help to have background in at least some of the following areas:
These topics will be briefly covered in class as needed, but if you do not have any background in any of them, you are likely to find it hard to keep up.
The appendix of the textbook reviews some background, and additional references for background reading can be found here.
The grading will be based
on homework (50%),
quizzes (15%), and a cumulative exam
(35%) (tentatively on Fri Dec 15, but this is subject to registrar approval -- the backup option is an evaluation on the last day of classes).
Students are expected to carefully go over each lecture before the next one. There will also be some required readings assigned, that the students will be responsible for.
All students are presumed to be aware of the departmental policy regarding academic honesty.