- Class timing: Tuesday (11:00 am - 12:30 pm) and Thursday (6:30 pm - 8:00 pm)
- Venue: CSA 252

- Class timing: Tuesday (11:00 am - 12:30 pm) and Thursday (6:30 pm - 8:00 pm)
- Venue: CSA 252

One way Functions (Permutations), Hard-core Predicates, Pseudo-random Generators, (Strong) Pseudo-random Functions (Permutations)

Secret Key Encryptions (SKE): Various security notions such as perfect security, semantic security, indistinguishability based Security, CPA Security, CCA Security, Constructions, Block Cipher Mode of Operations.

Message Authentication Codes (MAC): Various Secrity notions such as CMA Security, (weak/strong) CMVA security, Domain Extension, CBC-MAC.

Advanced Encryption Schemes: Authenticated Encryptions.

Introduction to Secure Computation (Yao's 2PC protocol and circuit garbling)

The course evaluation for the first half will be done as follows (most likely)

- Scribe (10): Every student must scribe at least one lecture. The scribe submission deadline is one week after the corresponding lecture. The template tex file for a scribe can be downloaded from here. As you have guessed, the submission must be in Latex. Get first-hand ideas about scribing from various course webpages. Such as this.
- Final Exam (40): Date and Time: 1st March'17, 5:30pm - 8:30pm

Reference Books:

- Jonathan Katz and Yehuda Lindell, Introduction to Modern Cryptography, second edition 2014, CRC Press.
**You should definitely have a copy of this book. We will mostly follow this book.** - Cryptography: Theory and Practice by Douglas Stinson, Third edition, CRC Press.
- Handbook of Applied Cryptography by Alfred Menezes, Paul Oorschot and Scott Vanstone. Available Online .
- Foundations of Cryptography by Oded Goldreich. Available Online .
- Cryptography, An Introduction by Nigel Smart. Available Online .

- Crypto Courses by Yehuda Lindell
- Crypto Courses by Jonathan Katz
- Crypto Courses by Yevgeniy Dodis
- Crypto Course by Ivan Damgaard & Claudio Orlandi
- Crypto Courses by Mihir Bellare.
- Crypto Courses by Rafael Pass.

- Office Hours: TBA

## Lecture # and Date | ## Lecture contents | ## Slides / Reading material (KL: Katz-Lindell 2nd Edition) | ## Scribes | ## Problem Set (KL: Katz-Lindell 2nd Edition) |
---|---|---|---|---|

Lecture 1 (05-01-2017) | Introduction, Classical Crypto vs. Modern Crypto, Three Pillars of Modern crypto (definition + assumption + proof), Classical ciphers and pitfalls. Inroad towards Modern Crypto. | [pptx] / Chapter 1 of KL | Chapter 1 Questions | |

Lecture 2 (10-01-2017) | Perfect Security: Definition, Construction (Vernam Cipher), Proof; Drawbacks of OTP | [pptx] / Chapter 2 of KL | Swati [ ], Ananth [ ] | |

Lecture 3 (12-01-2017) | Proof for the inherent drawback on key length, Equivalent Alternative Definitions for Perfect Security, Shannon's Theorem, Relaxing perfect security. Introduction to Computational Security. | [pptx] / Chapter 2 of KL | Prasanth [], Ashok [] | Chapter 2 Questions from KL |

Lecture 4 (17-01-2017) | Computational Security: Necessity of the relaxations in threat and break models. Definitions of PPT and negligible functions, Security Parameter. Sematic Security, Indistinguishability-based Security and its variant. | [pptx / KL pp. 43-59 | Gourav [ ], Shravan [ ] | |

Lecture 5 (19-01-2017) | Pseudo-random Generators (PRGs): Definition, No PRG against unbounded distinguisher; coa-secure Scheme from PRG, Proof by Reduction, Proof of coa-secure scheme; coa-mult security and proof that no deterministic enc can be coa-mult secure. | [pptx] /KL pp. 60-72 | Akshay [ ], Akash[ ], Philips [ ] | KL 3.1-3.8 |

Lecture 6 (24-01-2017) | CPA, cpa security for single and multiple messages, why cpa security stronger than coa-mult. Need of randomized encryption scheme, PRF, definition, PRP, Strong PRP. | [pptx] /KL pp. 73-81 | Basheer [], Akanksha [], Arun. | KL 3.9-3.17 |

Lecture 7 (31-01-2017) | cpa-secure scheme from PRF, proof of security, Block-cipher mode of operations: ECB, CBC, OFB, CTR | [pptx]/ KL 82-95 | Urvashi [ ],Nidhin [], Megha | KL 3.19-3.23, 3.25-3.27, 3.29 |

Lecture 8 (02-02-2017) | Chosen Ciphertext Attacks (CCA), Padding Oracle Attack on CBC-mode encryption, cca-security, Break of cpa-secure (PRF-based) schemes. Malleability. Introduction to MACs. Issues of Message Authetication and Message Integrity. (strong and weak) cma-security for MACs. | [pptx] / KL 96-100,107-116. | Amit [], Nitish [] | KL 3.18, 3.28 |

Lecture 9 (09-02-2017) | MAC, Various Security Notions (cma, strong cma, cmva, strong cmva), cma-secure MAC from PRF, Domain Extension, Authenticated Encryption: Definition (cpa-security + Cipher Integrity), Construction from cpa-secure SKE and scma-secure MAC. Three approaches: authenticate-and-encrypt, authenticate-then-encrypt, encrypt-then-authenticate. | [pptx] / KL 389-399,405-404, 387-89 | Shivam [], Ravi, Razi Ur Rehman | KL Chapter 4 questions |

Lecture 10 (10-02-2016) | Authenticated Encryption: Definition (cpa-security + Cipher Integrity), Construction from cpa-secure SKE and scma-secure MAC. Three approaches: authenticate-and-encrypt, authenticate-then-encrypt, encrypt-then-authenticate, AE implies CCA security. | [pptx] | Anil [], Adhithya [], Soumalya [] | KL Chapter 4 questions |

Lecture 11 (14-02-2017) | PRG implies PRF (GGM Tree Construction). Hybrid Arguments. Proof. | [pptx] | [], [] , [ ], [] | KL 7.14,7.15 |

Lecture 12 (26-02-2017) | One-way Functions (OWF), One-way Permutations (OWP), Hard-core Predicates, OWF (OWP) implies Hard-core Predicates (Goldreich-Levin Theorem). One-way Functions (OWP) and Hard-core Predicates implies PRG. | [pptx] | [ ], [ ], [ ], [ ], [ ] | KL Chapter 7 Questions |

Lecture 13 (21-02-2016) | Yao's 2PC Protocol, Circuit Garbling | [pptx] | [ ],[] | KL Chapter 7 Questions |

Tutorial 1 (07-01-2017): Vigenere Cipher Cryptanalysis, Question Set 1 [pdf]

Tutorial 2 (13-01-2017): Cryptanalysis of OTP when key is reused, Question Set 2 [pdf]

Tutorial 3 (20-01-2017): Question Set 3 [pdf]

Tutorial 4 (27-01-2017): Question Set 4 [pdf]

Tutorial 5 (03-02-2017): Question Set 5 [pdf]

Tutorial 6 (10-02-2017): AE implies CCA-security. Question Set 6 [pdf]