Over the last four decades, Modern Cryptography has developed into a field with solid mathematical foundations. In addition to developing the idea of "provable security," investigations into the fundamental nature of secrecy and security threw open a range of new possibilities that go well beyond encryption. This course will introduce you to some of these tools, as well as basic concepts needed to formally define and prove their security.

__Course contents.__
The topics we will try to cover (as time permits) include

- Secure Multi-Party Computation,
- Zero-Knowledge Proofs,
- Private Information Retrieval, Symmetric Searchable Encryption, Oblivious RAM,
- Functional Encryption, (Fully) Homomorphic Encryption, Obfuscation,
- Leakage-Resilience, and
- specialized applications
like
*Secure Voting*and*Digital Cash*.

The course project will give you a chance to read up on topics not covered in the lectures and/or implement an advanced cryptographic tool.

__Graded Work.__ The graded work involves two exams or quizzes (60%), a
few homework assignments (20%), a team project (20%). The final grade will be determined also based
on lecture attendance (see below). The projects will be evaluated based on a
presentation and either a report or a demo (depending on the nature of the
project), and meeting(s) with the instructor prior to that. Some sample topics
for the project will be provided later on. The quiz schedule will be announced
later.

__Attendance Policy.__ The students are expected to regularly attend all the live
lectures. The lectures include a lot of material that will not be covered
by assignments or quizzes, and interaction during the lectures would be
key to learning such material. Attendance falling below 80% will result in losing one grade
point. (However, if there are excruciating circumstances for students not on campus,
you may obtain the instructor's permission to catch the lecture recordings instead of attending live.)

__Background.__ This course will have a theoretical flavour: you will
need to be comfortable with mathematical definitions and proofs ("mathematical
maturity"). Specific mathematical topics that will be encountered are
elementary probability, linear algebra and discrete mathematics.

__Teaching Assistant:__
Kaartik Bhushan

- Previous edition
- Crypto Courses Elsewhere:

- Reference Books:
- MPC and Secret-Sharing
- Goldreich (foundations) (Also freely downloadable, A Primer)

- Background material:
- Basic probabililty: Chapters 14-18 of Mathematics for Computer Science from MIT OpenCourseWare.
- Basic Linear Algebra

- Lecture 00: (Jan 5): Introduction [html|pdf|print]
- Lecture 01: (Jan 7): Indistinguishability [html|pdf|print]
- Lecture 02: (Jan 11): Secret-Sharing [html|pdf|print]
- Lecture 03: (Jan 14): Secret-Sharing (ctd.) [html|pdf|print]
- Assignment 1 (Due Feb 1)
- Lecture 04: (Jan 18): MPC from Secret-Sharing: Passive, Linear Functions [html|pdf|print]
- Lecture 05: (Jan 21): MPC from Secret-Sharing: Passive, Honest-Majority, All Functions [html|pdf|print]
- Lecture 06: (Jan 25): MPC: Passive GMW [html|pdf|print]
- Lecture 07: (Jan 28): MPC: Yao's Garbled Circuit [html|pdf|print]
- Lecture 08: (Feb 1): Simulation-Based Security [html|pdf|print]
- Lecture 09: (Feb 4): Zero-Knowledge Proofs [html|pdf|print]
- Lecture 10: (Feb 8): MPC: GMW Paradigm. Composition. [html|pdf|print]
- Lecture 11: (Feb 11): MPC: UC Theorem. (Im)possibility of UC security. [html|pdf|print]
- Lecture 12: (Feb 15): MPC: UC-Secure OT [html|pdf|print]
- Lecture 13: (Feb 18): MPC: BGW Protocol (Active, Honest-Majority) [html|pdf|print]
- Lecture 14: (Mar 4): MPC: Output Delivery Guarantees [html|pdf|print]
- Assignment 2 (Due Mar 27)
- Lecture 15: (Mar 8): MPC: Beyond General MPC [html|pdf|print]
- Lecture 16: (Mar 11): Homomorphic Encryption [html|pdf|print]
- Lecture 17: (Mar 15): Homomorphic Encryption (ctd.). Application to PIR. [html|pdf|print]
- Lecture 18: (Mar 22): Encryption Beyond Group Homomorphism: Bilinear Groups [html|pdf|print]
- Lecture 19: (Mar 25): Lattice Cryptography [html|pdf|print]
- Lecture 20: (Mar 29): Fully Homomorphic Encryption - I [html|pdf|print]
- Lecture 21: (Apr 1): Fully Homomorphic Encryption - II [html|pdf|print]
- Lecture 22: (Apr 5): Functional Encryption - I [html|pdf|print]
- Lecture 23: (Apr 8): Functional Encryption - II [html|pdf|print]
- Lecture 24: (Apr 12): Obfuscation [html|pdf|print]
- Assignment 3 (Due April 30)