This course will provide an introduction to the foundations of cryptography, with an emphasis on provable security. Cryptography enables mutually distrustful parties to interact securely in a variety of settings. These interactions include the ability to communicate securely over untrusted channels, compute over encrypted data, and certify information about secrets without divulging the secrets themselves. Goals for the course include learning how to reason about adversaries, define security in different settings, and gain familiarity with various cryptographic tools.

Resources each lecture will be posted after each class. The recommended textbook for this class is Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell, and students are highly encouraged to refer to this textbook for reading that will compliment the lectures. The relevant chapters will be posted alongside the lecture notes. Parts of the course will also follow The Joy of Cryptography by Mike Rosulek. These books are linked below, along with some excellent references which may be useful throughout the course.

- Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell. Recommended book for this course.
- The Joy of Cryptography by Mike Rosulek. A free online undergraduate-level textbook. Parts of the course will also follow this book.
- A Course in Cryptography by Rafael Pass and Abhi Shelat. Lecture notes in modern cryptography.
- Foundations of Cryptography by Oded Goldreich (Vol 1 and 2). A thorough and formal treatment of theoretical cryptography.
- An Intensive Introduction to Cryptography by Boaz Barak.

(KL is the Katz-Lindell book, JC is Joy of Cryptography)

Jan 8: Introduction and Course Overview

- Lecture notes posted on Blackboard
- Reading: Chapter 1 of KL

Jan 10: One-Time Pad and Perfect Secrecy

**HW 1 released, due 1/22**- Lecture notes posted on Blackboard
- Reading: Chapter 2 of KL, Chapter 1 of JC
- For a review of mathematical background for this course, read Chapter 0 of JC.
- For a more in-depth review, read Chapter 0 of An Intensive Introduction to Cryptography here.

Jan 15: **MLK Day, no class**

Jan 17: Computational Hardness

- Lecture notes posted on Blackboard
- Reading: Sections 3.1 and 3.2 of KL, Sections 4.1 and 4.2 of JC

Jan 22: Pseudorandom Generators

- Lecture notes posted on Blackboard
- Reading: Section 3.3 of KL, Chapter 5 of JC

Jan 24: PRGs to Encryption, Reductions, and Hybrid Arguments

- Lecture notes posted on Blackboard
- Reading: Section 3.3 of KL

Jan 29: PRG Expansion, Hybrid Arguments, and CPA Security

**HW 2 released, due 2/7**- Lecture notes posted on Blackboard
- Reading: Sections 3.4, 3.5, and 8.4.2 of KL

Jan 31: Pseudorandom Functions

- Lecture notes posted on Blackboard
- Reading: Section 3.5 of KL

Feb 5: CPA-Secure Encryption from PRFs and PRFs from PRGs

- Lecture notes posted on Blackboard
- Reading: Section 3.5 and 8.5 of KL

Feb 7: Authentication

- Lecture notes posted on Blackboard
- Reading: Chapter 4 of KL

Feb 12: Midterm Review

Feb 14: Midterm

Feb 19: CCA-Secure Encryption

**HW 3 released, due 2/26**- Lecture notes posted on Blackboard
- Reading: Sections 5.1 and 5.3 of KL

Feb 21: Constructing CCA-Secure Encryption and starting Public-Key Encryption

- Lecture notes posted on Blackboard
- Reading: Sections 5.3 and 12.1 of KL

Feb 26: Number Theory Preliminaries

- Lecture notes posted on Blackboard
- Reading: Section 9.1 and 12.2 of KL

Feb 28: Number theory, prime numbers, and factoring

**Homework 4 Released, due 3/12**- Lecture notes posted on Blackboard
- Reading: Section 9.1 and 9.2 of KL

Mar 4: Diffie-Hellman Key Agreement

- Lecture notes posted on Blackboard
- Reading: Chapter 14 of JC, sections 9.3 and 11.3 of KL

Mar 6: Public-Key Encryption and RSA

- Lecture notes posted on Blackboard
- Reading: Chapter 13 of JC, sections 9.2 and 12.5 of KL

Mar 10: Digital Signatures

- Lecture notes posted on Blackboard
- Reading: Chapter 13 of JC, Chapter 13 and Appendix B.1.2 of KL

Mar 13: Final Review

There will be about 4 homework assignments. For exams, there will be a midterm and a final.

The midterm will be on **Wednesday, February 14**.

The final will be on **Friday, March 22** from 1:00pm - 3:00pm in room 1054-1055.

**Grading:** 45% Homework, 20% Midterm, 25% Final, 10% Class Participation

All assignments will be posted on Blackboard.

**Deadline.** Assignments are due at 11:59pm on the posted date. They must be submitted via Blackboard.

**Format.** Homeworks must be submitted as a PDF. You are strongly recommended to typeset your assignments using Latex.

**Collaboration.** You are allowed (and encouraged!) to collaborate with up to two other students on each homework assignment. However, you must write up your solutions individually, without relying on any shared notes or solutions from any other students, and you should be able to explain each of your solutions. If you discuss the homework with other students, please write the names of those students on your submitted homework. You are allowed to consult the textbooks listed on this page, and other published textbooks, as a reference when solving the assignments. If you use a textbook not listed in the resources section, please specify it on your assignment. All other sources are not allowed.

**Late Days.** You are allowed **five** late days in total during the course. Each late day can be used to extend a homework assignment deadline by one day. Late days cannot be split into "partial" days. You can use all of your late days on a single assignment, or use them on different assignments (or not use them at all).

Introduction

- Overview of the course
- Review of mathematical background
- Information-theoretic security

Computational Hardness and Pseudorandomness

- Computationally bounded adversaries and indistinguishability
- Randomness, pseudorandomness, and pseudorandom generators
- Sources of cryptographic hardness

Symmetric-Key Cryptography

- Defining and constructing secret-key encryption
- CPA and CCA Security
- Message authentication

Public-Key Cryptography

- Defining and constructing public-key encryption
- Cryptographic assumptions and algorithmic number theory
- Examples including Diffie-Hellman key agreement and RSA encryption