Computer Science
Courant Institute

Introduction to Cryptography

CSCI-GA 3210-001

Fall 2018

Announcements

Make sure you are subscribed to our Piazza class site.
A warmup Homework 0 is posted and is due Sep 9, 11pm.

Homework assignments

No programming is required in this course. Weekly written problem sets will be assigned. The final exam will consist of a subset of these problems (possibly with very minor variations).

Collaboration: Problem sets should be completed individually. You may consult the Internet; if you do, you must list the resources you used in your submitted assignment.
Deadlines: All course assignments are due on Sunday at 11pm, unless otherwise specified. Late submission will result in a 10% penalty per 12 hours (or fraction thereof) that the work is turned in late.
Extensions: All students are granted four automatic, integral 12-hour extensions which can be used on any problem set to submit late with no penalty (and without asking in advance), and with a limit of one extension per problem set (i.e., submission deadline of Monday 11am). Beyond that, the penalty applies. Extra extensions will only be granted in extreme circumstances.
Grading: The problem sets are worth 50% in total. I will only take the top 8 problem sets of each student into account. The final exam is worth 45%. The remaining 5% are based on participation in class and mainly in Piazza. Work is graded based on correctness, clarity, and conciseness.
Submission: All solutions must be typeset in Latex, following the templates provided, and submitted electronically (send both TeX and PDF) to both me and the grader (des480@...). We recommend starting any longer solution with an informal yet accurate proof summary that describes the core idea.

Homework 0, solution template
Homework 1, solution template
Homework 2, solution template
Homework 3, solution template
Homework 4, solution template
Homework 5, solution template
Homework 6, solution template (due in two weeks)
Homework 7, solution template
Homework 8, solution template
Homework 9, solution template
Homework 10, solution template
Homework 11 (optional), solution template (due in two weeks)

Some Information

Lectures	Mondays 11:00am-12:50pm WWH 512
Instructor	Oded Regev
Office hours	Mondays 9:45am-10:45am, WWH 303
Reading	Introduction to Cryptography, by Jonathan Katz and Yehuda Lindell. A good introductory book. Foundations of Cryptography, Vol. 1 and 2 by Oded Goldreich. A comprehensive book for those who want to understand the material in greater depth. Lecture notes by Yevgeniy Dodis, which we'll follow closely Lecture notes by Chris Peikert Lecture notes by Rafael Pass and Abhi Shelat. Last year's course My colleagues Thomas Vidick and Stephanie Wehner created an online EdX course on quantum cryptography.
Requirements	Active participation in class, homework assignments, final exam
Prerequisites	Students are expected to be comfortable reading and writing mathematical proofs, be at ease with algorithmic concepts, and have elementary knowledge of discrete math, number theory, and basic probability. No programming will be required for the course.

Schedule

Date	Class Topic
Sep 10	Introduction, Perfect Secrecy. Lectures 1+2 of Peikert, Lecture 1 of Dodis, Section 1.3 of Pass-Shelat.
Sep 17	Solving HW0 and HW1 (including proof of Shannon's Theorem). Number theory.
Sep 24	One-way functions (and collections thereof). Examples of one-way functions (multiplication and subset sum). Weak one-way functions. Weak OWFs to strong OWFs (statement and informal discussion). Informal discussion of indistinguishability and pseudorandom generators.
Oct 1	HW3 Q1 & Q5. Weak OWFs to strong OWFs (the proof). More examples of OWFs: Subset sum (as collection and as function following HW3 Q2); Rabin's function and Rabin's permutation. Application of OWFs to password storage.
Oct 9	Indistinguishability. Pseudorandom generators. Expanding PRGs.
Oct 15	Blum-Micali PRG. Hard-core bits. Overview of Goldreich-Levin.
Oct 22	Goldreich-Levin. Pseudorandom functions: motivation and definition.
Oct 29	Constructing Pseudorandom functions.
Nov 5	Pseudorandom permutations and Luby-Rackoff; symmetric key encryption, definitions of security and constructions.
Nov 12	Public key encryption; Trapdoor one-way permutations.
Nov 19	Diffie-Hellman protocol and ElGamal cryptosystem. Authentication security definition.
Nov 26	Information theoretic construction of MAC. Computational construction of MAC using PRF. Expanding input of MACs using CRHF or almost universal hash functions.
Dec 3	Authenticated encryption. Digital Signatures.
Dec 10	Lattice-based cryptography
Dec 17	Final exam

Computer Science Courant Institute

Introduction to Cryptography

CSCI-GA 3210-001

Fall 2018

Announcements

Homework assignments

Some Information

Schedule

Computer Science
Courant Institute