CSA E0 235 : Cryptography (August - December 2019)

Instructor : Arpita Patra (Email: arpita AT iisc DOT ac DOT in )
Timings : 3:30 pm - 5:00 pm on Monday and Wednesday.
Venue: CSA 252

Study Material
  • (KL) "Introduction to Modern Cryptography" by Jonathan Katz and Yehuda Lindell, second edition 2014, CRC Press.
  • "Foundations of Cryptography" by Oded Goldreich.
  • "A Graduate Course in Applied Cryptography" by Dan Boneh and Victor Shoup. [Link]
  • Course Description (1st Half)
  • One way Functions (Permutations), Hard-core Predicates, Pseudo-random Generators, (Strong) Pseudo-random Functions (Permutations).
  • Secret Key Encryptions (SKE): Various security notions such as Perfect Security, Semantic Security, Indistinguishability based Security, CPA Security, CCA Security, Constructions, Block Cipher Mode of Operations.
  • Message Authentication Codes (MAC): Various Security notions such as CMA Security, (weak/strong) CMVA security, Domain Extension, CBC-MAC.
  • Advanced Encryption Schemes: Authenticated Encryptions.
  • Introduction to Secure Computation (Yao's 2PC protocol and Circuit Garbling).
  • Grading
  • Scribe (5 Credits) : Every student must scribe at least one lecture. The scribe submission deadline is one week after the corresponding lecture. The template tex file for a scribe can be downloaded from here [Link] . The submission must be in Latex.
  • Bi weekly test (5*3 = 15 Credits)
  • Mid-term Exam (30 Credits)
  • Announcements
  • Bi weekly Test (5 Credits): 06-09-2019, 09:30 - 10:00, CSA 252
  • Tutorial 5: 06-09-2019, 10:00 - 11:00, CSA 252

    • Lecture 1 :  Introduction, Classical Crypto vs. Modern Crypto, Three Pillars of Modern crypto (definition + assumption + proof), Classical ciphers and pitfalls. Inroad towards Modern Crypto.
    • References : [PDF], Chapter 1 of KL
    • Problem Set : KL Chapter 1 Questions
    • Date : 05-08-2019
    • Lecture 2 :  Perfect Security: Definition, Construction (Vernam Cipher), Proof; Drawbacks of OTP
    • References : [PDF], Chapter 2 of KL and BS, [Scribe]
    • Problem Set : -
    • Date : 07-08-2019
    • Lecture 3 :  More definitions of Perfect Security and their equivalence with Shannon's perfect security definition. Shannon's Theorem. Perfect Indistinguishability-- game-based definition. Proof of limitations on key space/length and key reusability. Relaxing perfect security. Introduction to Computational Security.
    • References : [PDF], Chapter 2 of KL and BS, [Scribe]
    • Problem Set : Chapter 2 Questions from KL
    • Date : 14-08-2019
    • Lecture 4 :   Introduction to Computational Security. Definitions of PPT and negligible functions, Security Parameter. Asymptotic Approach. Ind(istinguishability) Security and its relation to weaker security notions of Parity Prediction (pr) and Message Recovery (mr). Introduction to Reduction-based proofs and the proof of 'ind-security implies parity-prediction security'. Necessity of the relaxations in threat and break models to overcome the hurdles of perfect secrecy.
    • References : [PDF], Chapter 2 of KL and BS, [Scribe]
    • Problem Set : Chapter 2 Questions from KL
    • Date : 19-08-2019
    • Lecture 5 :   Pseudorandomness and Pseudo-random Generators (PRG), Indistinguishability Security, Next-bit Prediction Security, Statistical Tests, Impossibility of PRG against unbounded adversary, ind-secure SKE from PRG, Proof of security, Applications of ind-secure SKE-- Roulette and Anonymous Message Transfer/Onion Routing
    • References : [PDF], Chapter 3 of KL and BS, [Scribe]
    • Problem Set : Chapter 3 Questions from KL
    • Date : 21-08-2019
    • Lecture 6 :   Hybrid Arguments, PRG with one-bit expansion implies PRG with many-bit expansion, Applications of PRG-- Coin-tossing and Commitment Schemes
    • References : [PDF], Chapter 3 of KL and BS, [Scribe]
    • Problem Set : Chapter 3 Questions from KL
    • Date : 26-08-2019
    • Lecture 7 :   Chosen Plaintext Attack (CPA), CPA-security, Pseudo-random Functions (PRF), PRP
    • References : [PDF], Chapter 3 of KL and 4 of BS, [Scribe]
    • Problem Set : Questions from Chapter 3 of KL and 4 of BS
    • Date : 28-08-2019
    • Lecture 8 :   SKE based on PRF, Proof for CPA-security, PRG implies PRF-- GGM/tree construction
    • References : [PDF], Chapter 7 of KL and 4 of BS, [Scribe]
    • Problem Set : Chapter 7 Questions from KL and 4 from BS
    • Date : 04-09-2019
    • Lecture 9 :   Yao's 2PC, Circuit Garbling as an application of CPA-secure SKE-
    • References : [PDF], 'A Proof of Yao's Protocol for Secure Two-Party Computation' by Yehuda Lindell and Benny Pinkas, available online
    • Problem Set :
    • Date : 09-09-2019
    • Lecture 10 :   CCA-security, Practical break of CBC-mode CPA-secure SKE, Break of CPA-secure SKE based on PRF, Authenticated Encryption (AE), AE implies CCA-security.
    • References : [PDF], Chapter 2 and 4 of KL and 9 of BS
    • Problem Set : Questions from Chapter 2 and 4 of KL and 9 of BS
    • Date : 11-09-2019
    • Lecture 1 :  Introduction, Classical Crypto vs. Modern Crypto, Three Pillars of Modern crypto (definition + assumption + proof), Classical ciphers and pitfalls. Inroad towards Modern Crypto.
    • References : [PDF], Chapter 1 of KL
    • Problem Set : KL Chapter 1 Questions
    • Date : 05-08-2019
    • Lecture 2 :  Perfect Security: Definition, Construction (Vernam Cipher), Proof; Drawbacks of OTP
    • References : [PDF], Chapter 2 of KL and BS, [Scribe]
    • Problem Set : -
    • Date : 07-08-2019
    • Lecture 3 :  More definitions of Perfect Security and their equivalence with Shannon's perfect security definition. Shannon's Theorem. Perfect Indistinguishability-- game-based definition. Proof of limitations on key space/length and key reusability. Relaxing perfect security. Introduction to Computational Security.
    • References : [PDF], Chapter 2 of KL and BS, [Scribe]
    • Problem Set : Chapter 2 Questions from KL
    • Date : 14-08-2019
    • Lecture 4 :  Introduction to Computational Security. Definitions of PPT and negligible functions, Security Parameter. Asymptotic Approach. Ind(istinguishability) Security and its relation to weaker security notions of Parity Prediction (pr) and Message Recovery (mr). Introduction to Reduction-based proofs and the proof of 'ind-security implies parity-prediction security'. Necessity of the relaxations in threat and break models to overcome the hurdles of perfect secrecy.
    • References : [PDF], Chapter 2 of KL, [Scribe]
    • Problem Set : Chapter 2 Questions from KL
    • Date : 19-08-2019
    • Lecture 5 :  Pseudorandomness and Pseudo-random Generators (PRG), Indistinguishability Security, Next-bit Prediction Security, Statistical Tests, Impossibility of PRG against unbounded adversary, ind-secure SKE from PRG, Proof of security, Applications of ind-secure SKE-- Roulette and Anonymous Message Transfer/Onion Routing
    • References : [PDF], Chapter 3 of KL and BS, [Scribe]
    • Problem Set : Chapter 3 Questions from KL
    • Date : 21-08-2019
    • Lecture 6 :  Hybrid Arguments, PRG with one-bit expansion implies PRG with many-bit expansion, Applications of PRG-- Coin-tossing and Commitment Schemes
    • References : [PDF], Chapter 3 of KL and BS, [Scribe]
    • Problem Set : Chapter 3 Questions from KL
    • Date : 26-08-2019
    • Lecture 7 :  Chosen Plaintext Attack (CPA), CPA-security, Pseudo-random Functions (PRF), PRP
    • References : [PDF], Chapter 3 of KL and 4 of BS, [Scribe]
    • Problem Set : Questions from Chapter 3 of KL and 4 of BS
    • Date : 28-08-2019
    • Lecture 8 :  SKE based on PRF, Proof for CPA-security, PRG implies PRF-- GGM/tree construction
    • References : [PDF], Chapter 7 of KL and 4 of BS, [Scribe]
    • Problem Set : Chapter 7 Questions from KL and 4 from BS
    • Date : 04-09-2019
    • Lecture 9 :  Yao's 2PC, Circuit Garbling as an application of CPA-secure SKE
    • References : [PDF], 'A Proof of Yao's Protocol for Secure Two-Party Computation' by Yehuda Lindell and Benny Pinkas, available online
    • Problem Set :
    • Date : 09-09-2019
    • Lecture 10 :  CCA-security, Practical break of CBC-mode CPA-secure SKE, Break of CPA-secure SKE based on PRF, Authenticated Encryption (AE), AE implies CCA-security
    • References : [PDF], Chapter 2 and 4 of KL and 9 of BS
    • Problem Set : Questions from Chapter 2 and 4 of KL and 9 of BS
    • Date : 11-09-2019
    Tutorial Details
  • Tutorial 1: 09-08-2019, 18:00 - 19:00, CSA 252 [PDF]
  • Tutorial 2: 16-08-2019, 18:00 - 19:00, CSA 252 [PDF]
  • Tutorial 3: 27-08-2019, 19:00 - 20:00, CSA 254 [PDF]
  • Tutorial 4: 30-08-2019, 09:30 - 10:30, CSA 252 [PDF]
  • Tutorial 5: 06-09-2019, 09:30 - 10:30, CSA 252 [PDF]
  • Tutorial 6: 13-09-2019, 09:00 - 10:00, CSA 252 [PDF]
  •