Over the last four decades, Modern Cryptography has developed into a field with solid mathematical foundations. In addition to developing the idea of "provable security," investigations into the fundamental nature of secrecy and security threw open a range of new possibilities that go well beyond encryption. This course will introduce you to some of these tools, as well as basic concepts needed to formally define and prove their security.

__Course contents.__
The topics we will try to cover (as time permits) include

- Secure Multi-Party Computation,
- Private Information Retrieval, Symmetric Searchable Encryption, Oblivious RAM,
- Functional Encryption, (Fully) Homomorphic Encryption, Obfuscation,
- Leakage-Resilience, and
- specialized applications
like
*Secure Voting*and*Digital Cash*.

The course project will give you a chance to read up on topics not covered in the lectures and/or implement an advanced cryptographic tool.

__Graded Work.__ The graded work involves two exams or quizzes (60%), a
few homework assignments (18%), a team project (20%) and attendance (2%). The
projects will be evaluated based on a presentation and either a report or a
demo (depending on the nature of the project), and meeting(s) with the
instructor prior to that. Some sample topics for the project will be provided
later on. The quiz schedule will be announced later.

The students are expected to regularly attend all the lectures. Since the lectures include a lot of material that will not be covered by assignments or quizzes, one grade point is reserved for registering 80% attendance.

__Background.__ This course will have a theoretical flavour: you will
need to be comfortable with mathematical definitions and proofs ("mathematical
maturity"). Specific mathematical topics that will be encountered are
elementary probability, linear algebra and discrete mathematics.

__Teaching Assistant:__
Rajeevalochana M. R.

- Previous edition
- Crypto Courses Elsewhere:

- Reference Books:
- MPC and Secret-Sharing
- Goldreich (foundations) (Also freely downloadable, A Primer)

- Background material:
- Basic probabililty: Chapters 14-18 of Mathematics for Computer Science from MIT OpenCourseWare.
- Basic Linear Algebra

- Lecture 00: (Jan 10): Introduction [html|pdf|print]
- Lecture 01: (Jan 14): Indistinguishability [html|pdf|print]
- Lecture 02: (Jan 24): Secret-Sharing [html|pdf|print]
- Lecture 03: (Jan 28): Secret-Sharing (ctd.) [html|pdf|print]
- Assignment 1 (Due Feb 11)
- Lecture 04: (Jan 31): MPC from Secret-Sharing: Passive, Linear Functions [html|pdf|print]
- Lecture 05: (Feb 4): MPC from Secret-Sharing: Passive, Honest-Majority, All Functions [html|pdf|print]
- Lecture 06: (Feb 7): MPC: Passive GMW [html|pdf|print]
- Lecture 07: (Feb 14): MPC: Yao's Garbled Circuit [html|pdf|print]
- Lecture 08: (Feb 18): Simulation-Based Security [html|pdf|print]
- Lecture 09: (Feb 29): Zero-Knowledge Proofs [html|pdf|print]
- Lecture 10: (Mar 3): MPC: GMW Paradigm. Composition. [html|pdf|print]
- Lecture 11: (Mar 6): MPC: UC Theorem. (Im)possibility of UC security. [html|pdf|print]
- Lecture 12: (Mar 13): MPC: UC-Secure OT [html|pdf|print]
- Lecture 12 recap: (Mar 17): [recording]
- Lecture 13: (Mar 20): MPC: BGW Protocol (Active, Honest-Majority) [html|pdf|print] [recording (partial)]
- Lecture 14: (Mar 24): MPC: Output Delivery Guarantees [html|pdf|print]
- Lecture 15: (Mar 27): MPC: Beyond General MPC [html|pdf|print]