This course will review some of the greatest discoveries in modern
cryptography: zero-knowledge proofs, factoring algorithms, elliptic- curve
cryptography, post-quantum cryptography, and more. Some of the topics we
will cover have immediate practical applications. Other topics we will study
for their potential future applications. And yet others, we will study for
the theoretical insights they provide. The course readings will be a
combination of the original "classic" papers and more modern treatments of
the same topics.
This course was inspired in part by Christos Papadimitriou's
UC Berkeley course on "Reading the Classics."
Final projects!
Read the students' final projects online here.
April 5 – Definitions and Foundations
Topics
- Definitions: negligible functions, efficient algorithms, notions of indistinguishability
- Foundations of symmetric cryptography: OWFs, OWPs, PRGs, PRFs, PRPs
- PRGs from OWPs: the Blum-Micali construction
- PRFs from PRGs: the Goldreich-Goldwasser-Micali construction
- PRPs from PRFs: the Luby-Rackoff (Feistel) construction
Readings
Optional Supplementary Readings
Lecture Notes (Unedited)
April 12 – Symmetric-Key Primitives
Topics
- Even-Mansour (construction and attacks)
- Time-space trade-offs (rainbow tables)
- If there is time: password hashing (scrypt, pebbling, ...)
Readings
Optional Supplementary Readings
Lecture Notes (Unedited)
Scribe Notes
April 19 – Number-Theoretic Cryptography
Topics
- Basics of RSA- and factoring-based cryptosystem
- Algorithms for primality testing
- Generating large primes
- Chinese Remainder Theorem
- Applications of factoring/RSA
- OWFs from factoring: Rabin
- RSA-Based accumulators
Readings
Optional Supplementary Readings
Lecture Notes (Unedited)
Scribe Notes
April 26 – Elliptic-Curve Cryptography
Topics
- Elliptic Curve Crypto
- Notational conventions
- Assumptions, constructions
- Review of DH, translation to EC setting
- If there is time: Pairing-Based Cryptography (3-Diffie-Hellman, Short Signatures)
Readings
Optional Supplementary Readings
Lecture Notes (Unedited)
Scribe Notes
May 3 – Basics of Zero Knowledge
Topics
- Definitions: What does it mean to prove something in zero knowledge?
- Simulation-based security definitions
- Flavors: perfect, statistical, computational, honest-verifer
- Graph non-isomorphism
- ZK for NP: 3-Coloring (IP contains NP)
Readings
Lecture Notes (Unedited)
May 10 – More Zero Knowledge Protocols
Topics
- Proofs of knowledge
- Sigma protocols: Schnorr signatures, DSA/ECDSA, DDH tuples, factoring
- Non-interactive zero-knowledge and the Fiat-Shamir heuristic
- Modern applications of zero knowledge
Readings
Optional Supplementary Readings
Lecture Notes (Unedited)
May 17 – Oblivious Transfer and Yao's Garbled Circuits
Topics
- Oblivious transfer
- Yao's protocol for secure two-party computation
- OT extensions
Readings
Optional Supplementary Readings
Lecture Notes (Unedited)
May 24 – Secret Sharing, Error Correction, and Multi-party Computation
Topics
- Shamir secret sharing
- Another view: error-correcting codes
- Threshold secret sharing
- Information-theoretic multi-party computation (BGW)
Readings
Lecture Notes (Unedited)
May 31 – Classical Cryptanalysis
Topics
- Discrete log (Baby-step giant step, Pollard rho)
- Shoup's generic group lower bound
- Factoring (trial division, Pollard rho, Dixon's algorithm)
Readings
Lecture Notes (Unedited)
June 7 – Lattice-Based Cryptography and Quantum Cryptanalysis
Topics
- Lattice-based cryptography and its conjectured quantum resistance
- Regev cryptosystem
- LWE-based key exchange
- Quantum cryptanalysis
- Quantum computing
- Grover’s algorithm
Readings
Optional Supplementary Readings
Lecture Notes (Unedited)
