# COS 433 - Cryptography (Fall 2020)

## Course Information

 Instructor: Mark Zhandry () Office Hours: Monday 10am (EST) TA: Udaya Gai Office Hours: Tuesday 7-8pm (EST) TA: Anunay Kulshrestha Office Hours: Wednesday 1:30-2:30pm (EST) Lecture: TuTh 11:00am - 12:20pm, Zoom Grading: 40% Homeworks, 30% Projects, 30% take-home final Textbook: There is no official text for this course, however Introduction to Modern Cryptography by Katz and Lindell (KL) is a good resource. Each lecture will have pointers to the appropriate sections of KL for those following along with the book.

## Course Description

Cryptography is an ancient practice dating back almost 4000 years. However, cryptography practiced today is very different than the cryptography used as recently as a few decades ago. For one, traditional cryptography was mostly synonymous with encryption: translating data into secret codes. Today, however, cryptography extends far beyond basic codes to encompass concepts such as authentication and integrity, and can be used to solve seemingly impossible tasks such as public key encryption (exchanging secret messages without ever having met in person to share a secret key) and zero knowledge proofs (proving theorems without revealing the proof).

Another new feature in modern cryptography is its foundations. Until recently, cryptography was largely an art form based on intuition and ad hoc tweaks to block vulnerabilities. Modern crytpography is instead more of a science, characterized by rigorous mathematical definitions and theorems that guide the design of new systems.

This course is an introduction to modern cryptography, focusing on the theoretical foundations, with some attention to practical considerations. We will cover a variety of topics, including secret key and public key encryption, authentication, commitments, pseudorandom generators, and zero knowledge proofs.

Prerequisites: Basic probability theory. Basic complexity theory (as in COS340) recommended. The course projects will involve programming, but no specific programming language is required.

## Tentative Schedule (subject to change)

[9]
 Lecture Topic KL Section Notes 1 - Tu, 9/1 Course introduction, Pre-modern Crypto Part I 1.3 [1] 2 - Th, 9/3 Pre-modern Crypto Part II 1.4-2.2 [2] 3 - Tu, 9/8 Definitions in Cryptography, Randomized Encryption [3] 4 - Th, 9/10 Limitations of Information-Theoretic Security, Stream Ciphers, PRGs, and Computational Assumptions 2.3-3.3 [4] 5 - Tu, 9/15 Constructing PRGs 6.1 [5] 6 - Th, 9/17 CPA security and PRFs 3.4-3.5 [6] 7 - Tu, 9/22 PRPs, Block Ciphers, Modes of Operation 3.6, 6.2 [7] 8 - Th, 9/24 Constructing Block Ciphers 6.2 [8] 9 - Tu, 9/29 Attacks on Block Ciphers 6.2 10 - Th, 10/1 Message Integrity, MACs 4.1-4.4, 4.6 [10] 11 - Tu, 10/6 Authenticated Encryption, CCA Security 4.5 [11] 12 - Th, 10/8 Collision Resistant Hashing 5.1-5.4, 6.3 [12] Tu, 10/13 No Class - Fall Break 13 - Th, 10/15 Commitment Schemes [13] 14 - Tu, 10/20 Number-theoretic constructions of symmetric primitives 8.3-8.4 [14] 15 - Th, 10/22 Number-theoretic constructions of symmetric primitives 8.3-8.4 [15] 16 - Tu, 10/27 Relationships between Symmetric Primitives 7.2 [16] 17 - Th, 10/29 Diffie Hellman Key Exchange 10.3 [17] 18 - Tu, 11/3 Public Key Encryption 11.1-11.4 [18] 19 - Th, 11/5 RSA, Trapdoor Permutations 11.5, 13.1 [19] 20 - Tu, 11/10 Digital Signatures 12.1-12.4 [20] 21 - Th, 11/12 Digital Signatures, Identification Protocols 12.5 [21] 22 - Tu, 11/17 Identification Protocols 12.5 [22] Th, 11/19 Class Cancelled 24 - Tu, 11/24 Wrap up [23]

## Handouts

Basic Number Theory

## Homework Assignments

Homework 6. Due November 24.
Homework 5. Due November 10.
Homework 4. Due October 27.
Homework 3. Due October 20.
Homework 2. Due September 29.
Homework 1. Due September 15.

## Homework Instructions:

Homeworks will be assigned roughly every two weeks, with six homework assignments in total.

Format: Typed solutions are strongly preferred. For hand-written submissions, please make sure the writing is legible. If we can't read it, we can't grade it, and we will not be entertaining regrade requests for illegible solutions. We encourage typesetting your solutions in LaTeX. Learning LaTex will require a learning curve, but will pay off in the long run. Once you are accustomed to LaTex, you will be able to typeset technical material such as equations very quickly.

Submission: Assignments will be due at 11:59pm Anywhere on Earth on the due date of the assignment. The due date will typically be Tuesday. Submission instructions TBA.

Collaboration Policy: You are encouraged to discuss homework assignments with other students in the class. However, students must write up solutions individually, and must not share their written solutions with classmates. Please identify your collaborators on your homework submissions.

Internet Policy: If you find an answer to an exercise online, you may base your solution on what you found, but the solutions must be clearly in your own words in order to demonstrate your understanding of the answer. Additionally, please cite any source. On the other hand, you may not post homework questions hoping for other people to solve them.

Formalism: You must always show all of your work. Unless otherwise stated, any cryptosystem derived in the homework assignment must analyzed for both correctness and security. That is, you must prove both the correctness and security of the scheme. When asked to prove a statement (correctness/security or otherwise), the proof needs to be well written and rigorous. Your proofs do not need to be overly formal, but should not contain any logical gaps or errors. Any statements proved in lecture can be used in the solutions without proof, but any other statement should be proved as a part of the solution.

Extra Credit: There may be an occasional extra credit problem on the homework assignments. You are not required to attempt these problems, and will not be penalized for skipping them. Extra credit will be applied only after deciding the curve.

Flexibility: We will automatically drop your single lowest homework score. Additionally, we will accept any homework assignment up to 48 hours late. There will be no penalty for turning in homeworks late as long as they are received within the 48 hour window. However, to encourage you to turn in assignments on time, we will give 2 bonus points for each homework assignment that you submit on time. After the 48 hour grace period, we will not be able to accept any submissions. This is so that we can start grading promptly once the 48 hour window has closed, in order to give feedback in a timely fashion.

Latex source files for first homework:
HW1.tex
template.tex

## Projects

Project 2: [Instructions], Hash function example inputs: [examples.txt]. Due Dec 5. Project 1: [Instructions], [files]. Due October 6. There will be two projects. Projects will follow the same 48 hour grace period as homeworks (including bonus points). You may not drop a project.

## Take Home Final

TBA

Old exams: Spring 2017 Spring 2018 Spring 2020