- Arpita Patra (Email: arpita AT iisc )
One way Functions (Permutations), Hard-core Predicates, Pseudo-random Generators, (Strong) Pseudo-random Functions (Permutations)
Secret Key Encryptions (SKE): Various security notions such as perfect security, semantic security, indistinguishability based Security, CPA Security, CCA Security, Constructions, Block Cipher Mode of Operations.
Message Authentication Codes (MAC): Various Secrity notions such as CMA Security, (weak/strong) CMVA security, Domain Extension, CBC-MAC.
Advanced Encryption Schemes: Authenticated Encryptions.
Introduction to Secure Computation (Yao's 2PC protocol and circuit garbling)
The course evaluation for the first half will be done as follows (most likely)
Lecture # and Date
Slides / Reading material (KL: Katz-Lindell 2nd Edition)
Problem Set (KL: Katz-Lindell 2nd Edition)
|Lecture 1 (04-01-2018)||Introduction, Classical Crypto vs. Modern Crypto, Three Pillars of Modern crypto (definition + assumption + proof), Classical ciphers and pitfalls. Inroad towards Modern Crypto.||[pptx] / Chapter 1 of KL||Chapter 1 Questions|
|Lecture 2 (9-01-2018)||Perfect Security: Definition, Construction (Vernam Cipher), Proof; Drawbacks of OTP||[pptx] / Chapter 2 of KL|
|Lecture 3 (11-01-2018)||Proof for the inherent drawback on key length, Equivalent Alternative Definitions for Perfect Security, Shannon's Theorem, Relaxing perfect security. Introduction to Computational Security.||[pptx] / Chapter 2 of KL||Chapter 2 Questions from KL|
|Lecture 4 (16-01-2018)||Computational Security: Necessity of the relaxations in threat and break models. Definitions of PPT and negligible functions, Security Parameter. Sematic Security, Indistinguishability-based Security and its variant. Introduction to pseudo-randomness.||[pptx / KL pp. 43-59|
|Lecture 5 (18-01-2018)||Pseudo-random Generators (PRGs): Definition, No PRG against unbounded distinguisher; coa-secure Scheme from PRG, Proof by Reduction, Proof of coa-secure scheme; coa-mult security and proof that no deterministic enc can be coa-mult secure.||[pptx] /KL pp. 60-72||KL 3.1-3.8|
|Lecture 6 (23-01-2018)||CPA, cpa security for single and multiple messages, why cpa security stronger than coa-mult. Need of randomized encryption scheme, PRF, definition, PRP, Strong PRP.||[pptx] /KL pp. 73-81||KL 3.9-3.17|
|Lecture 7 (25-01-2018)||cpa-secure scheme from PRF, proof of security, Block-cipher mode of operations: ECB, CBC, OFB, CTR||[pptx]/ KL 82-95||KL 3.19-3.23, 3.25-3.27, 3.29|
|Lecture 8 (30-01-2018)||Yao Garbled Circuit- application of CPS-secure SKE||[pptx] / Yao].|
|Lecture 9 (01-02-2018)||PRG implies PRF (GGM Tree Construction). Hybrid Arguments. Proof.||[pptx]||KL 7.14,7.15|
|Lecture 10 (06-02-2018)||Chosen Ciphertext Attacks (CCA), Padding Oracle Attack on CBC-mode encryption, cca-security, Break of cpa-secure (PRF-based) schemes. Malleability. Introduction to MACs. Issues of Message Authetication and Message Integrity. (strong and weak) cma-security for MACs.||[pptx] / KL 96-100,107-116.||KL 3.18, 3.28|
|Lecture 11 (08-02-2018)||MAC, Various Security Notions (cma, strong cma, cmva, strong cmva), cma-secure MAC from PRF, Domain Extension, Authenticated Encryption: Definition (cpa-security + Cipher Integrity), Construction from cpa-secure SKE and scma-secure MAC. Three approaches: authenticate-and-encrypt, authenticate-then-encrypt, encrypt-then-authenticate.||[pptx] / KL 389-399,405-404, 387-89||KL Chapter 4 questions|
|Lecture 12 (12-02-2018)||Authenticated Encryption: Construction from cpa-secure SKE and scma-secure MAC. AE implies CCA security.||[pptx]||KL Chapter 4 questions|
|Lecture 13 (15-02-2018)||One-way Functions (OWF), One-way Permutations (OWP), Hard-core Predicates, OWF (OWP) implies Hard-core Predicates (Goldreich-Levin Theorem). One-way Functions (OWP) and Hard-core Predicates implies PRG. PRG with expansion one implies poly expansion.||[pptx]||KL Chapter 7 Questions|