CS409m: Introduction to Cryptography

Symmetric-key encryption, public-key encryption and zero-knowledge proofs
  • Instructor: Chethan Kamath (ckamath at cse dot iitb dot ac dot in)
  • When and where: Slot 5 (09:30-10:55, Wednesdays and Fridays) in CC101
  • Teaching assistants: Priyanshu Singh (24M2101) and Nilabha Saha (210260037)
  • Contact hours: After lectures, and by appointment (via e-mail)
  • Weekly TA session: Fridays, 19:00-20:30 in CC101
  • Announcements and online discussion: Moodle
[+]

Course Details


Description

Cryptography is the science of securely carrying out tasks (e.g., secret communication) in an adversarial setting. In this course, we intend to broadly study certain foundational tasks in cryptography, with an emphasis on precise modelling of the adversary's capabilities and goal -- the security model -- and formally proving security in this model -- the security proof. But we will also have hands-on sessions aimed at exposing you to real world cryptographic libraries. The course will be a hybrid of Sruthi's CS409m and Manoj's CS406.

Prerequisites

Discrete structures and probability theory are soft prerequisites. This course will involve some amount of theory, and thus we will expect mathematical maturity.

Who can credit?

Since the course is a minor, it is open to all non-CS, non-freshmen UGs.

Grading and Attendance

Weightage Towards
35% End-sem
25% Mid-sem
20% Two (out of three) quizzes
15% Four lab exercises
5% Class participation, pop-quizzes

Attendance is not mandatory (but encouraged). There will be six ungraded assignments to help you with quizzes and exams.

[+]

Course Material


# Date Slides + Topics Covered
L01 30/Jul [↓][↓]
  • Administrivia
  • Overview of the course
  • Classical ciphers
LE0 30/Jul [↗] Lab Exercise 0
L02 01/Aug [↓][↓]
  • Basic probability theory
  • Concentration inequalities
  • Randomised algorithms
A1 01/Aug [↗] Assignment 1
Module I: Secure Communication in the Shared-Key Setting
L03 06/Aug [↓][↓]
  • Perfect secrecy against eavesdroppers
  • One-time pad
  • Limitations: Shannon's impossibility
L04 08/Aug [↓][↓]
  • Models of computation: Turing Machine
  • Negligible functions
  • Computational secrecy against eavesdroppers
LE1 08/Aug [↗] Lab Exercise 1
A2 12/Aug [↗] Assignment 2
L05 13/Aug [↓][↓] [↓]
  • Computational secrecy against eavesdroppers
  • Pseudo-random generators (PRG)
  • Computational OTP
  • Main tool: security reduction
H 15/Aug No lecture: Independence Day
L06 20/Aug [↓][↓] [↓]
  • Candidate constructions of PRG
  • Length-extension of PRG
  • Main tool: hybrid argument
Q1 22/Aug [↗] Quiz 1: 08:25-09:25 in CC103
L07 22/Aug [↓][↓]
  • Encrypting multiple messages
  • Pseudo-random function (PRF)
  • Random oracles
H 27/Aug No lecture: Ganesh Chaturti
L08 29/Aug [↓][↓]
  • Goldreich-Goldwasser-Micali PRF
  • Chosen-plaintext attack (CPA)
  • CPA-secure SKE from PRF
L09 03/Sep [↓][↓]
  • Block ciphers
  • Modes of Operation
LE2 03/Sep [↗] Lab Exercise 2
H 05/Sep No lecture: Id-e-Milad
A3 09/Sep [↗] Assignment 3
L10 10/Sep [↓][↓]
  • Chosen-ciphertext attack (CCA)
  • Padding oracle attack
  • Message-Authentication Codes (MACs)
L11 12/Sep [↓][↓] [↓]
  • Construcing CCA-secure SKE
  • Domain extension of MACs
M 19/Sep [↗] Mid-sem: 13:30-15:30 in LC002
Module II: Secure Communication in the Public-Key Setting
L12 24/Sep [↓][↓]
  • Key exchange
  • Basic group theory
L13 26/Sep [↓][↓]
  • Diffie-Hellman key exchange
  • Public-key encryption
  • Elgamal encryption
A4 29/Sep [↗] Assignment 4
X 01/Oct Lecture cancelled
L14 03/Oct [↓][↓]
  • Basic number theory
  • Goldwasser-Micali encryption
  • RSA encryption
LE3 01/Oct [↗] Lab Exercise 3
L15 08/Oct [↓][↓]
  • Digital signature
  • One-way function (OWF)
  • Lamport's one-time signature
Q2 10/Oct [↗] Quiz 2: 08:25-09:25 in CC103
L16 10/Oct [↓][↓]
  • Signing longer messages: hash-then-sign paradigm
  • Collision-resistant hash function
  • Domain extension: Merkle-Damgård and Merkle Tree
L17 15/Oct [↓][↓]
  • Efficient (many-time) signatures
  • Trapdoor permutation and hash-then-invert paradigm
  • Identification protocols and Fiat-Shamir Transform
Module III: Applications
L18 17/Oct [↓][↓]
  • Interactive proofs
  • Zero-knowledge proofs
L19 22/Oct [↓][↓]
  • Zero-knowledge proofs II
L20 24/Oct [↓][↓]
  • eVoting
Q3 29/Oct [↗] Quiz 3: 08:25-09:25 in CC103,CC105
L21 29/Oct [↓][↓]
  • SSL/TLS
L22 31/Oct [↓][↓]
  • Secure messaging
  • Signal protocol
L23 07/Nov [↓][↓]
  • Zerocash
[+]

Resources


Below you can find the list of resources relevant to this course. The list of per-lecture resources (e.g., further reading) can be found at the end of the respective lecture slide.

Textbooks Related Courses Background Material
  • Basic probability theory can be found in §A.3 of Katz-Lindell. The first recitation in MIT6875 is another resource.
  • Basic number theory can be found in §B of Katz-Lindell. The third recitation in MIT6875 is another resource.
  • Basic computational complexity can be found in the second recitation in MIT6875.