#### Overview of the course:

Cryptography aims at securing communications against malicious parties. This field enjoys numerous links with theoretical computer science (complexity theory, security proofs) but has also a very rich practical counterpart: cryptographic protocols are part of everyday life (electronic commerce, payment cards, electronic voting, etc). This course is an introduction to the different facets of modern cryptography. symmetric encryption, asymmetric encryption, cryptographic hashing, authentication, pseudo-random generators, cryptanalysis, security proofs.

The course will introduce the following notions:

- Computational indistinguishability and intractability assumptions
- Pseudorandom generators
- Pseudorandom functions
- Symmetric encryption
- Message authentication codes
- Cryptographic hash functions
- Public-key encryption
- Digital signatures

#### Course objectives:

- Understand basic notions of cryptography: Definitions, security requirements, relations between them, and their limitations.
- Understand how to prove security of primitives via reduction to intractability assumptions, both in the standard and in the random oracle models

#### Prerequisites:

None, though basic knowledge of algebra, probability, complexity, and information theory are a plus.

#### Evaluation:

Homeworks (50%) and 3-hour written exam (50%).

Homework 1 is now available: [pdf] -**Due date: Feb. 28**

Homework 2 is now available : [pdf] -

**Due date: Apr. 28**

### Class Material:

#### Tutorials and Corrections:

Previous tutorials and their corrections can be found on [Joël's page].

#### Previous Classes:

**Class 1 (Jan. 9):**

A brief overview of cryptography: SSL/TLS, perfect security for symmetric encryption, Vernam/One-Time-Pad cipher, pseudorandom generators.

**Class 2 (Jan. 10):**

A formal definition of computational security, PRG, unpredictability = indistinguishability, one-time secure symmetric encryption.

**Class 3 (Jan. 23):**

Insecurity of WEP, PRG in theory and practice, intractability assumptions (DLog, DDH), algorithms, DDH-based PRG

**Class 4 (Jan. 30):**

Pseudorandom functions, equivalence with PRG, Feistel networks, AES, IND-CPA secure SE from PRFs

**Class 5 (Feb. 6):**

Message Authentication Codes, MAC from PRFs, IND-CCA secure SE from PRFs

**Class 6 (Feb. 27):**

Cryptographic hash functions, birthday paradox, Merkle-Damgard construction, HMAC, DLog-based collision-resistant hash function

**Class 7 (Mar. 6):**

Limits of symmetric cryptography, public-key cryptography, public-key encryption, KEM/DEM, IND-CPA security, ElGamal PKE, Lyubashevsky-Palacio-Segev PKE

**Class 8 (Mar. 20):**

LPS PKE (continued), the random oracle methodology, IND-CCA PKE

**Class 9 (Mar. 27):**

The Fujisaki-Okamoto transform, digital signatures, public-key infrastructure, Schnorr's signature

**Class 10 (Apr. 3):**

Schnorr's signature, Katz-Wang signature, Lyubashevsky's signature (LWE variant)

#### Some References:

- A Graduate Crypto Course in Applied Cryptography, by Dan Boneh and Victor Shoup
- Introduction to Modern Cryptography, by Jonathan Katz and Yehuda Lindell
- A Course in Cryptography, by abhi shelat and Rafael Pass
- Foundations of Cryptography, Volume 1 and 2, by Oded Goldreich