| Instructor | Andrew Miller soc1024@illinois.edu | |
|---|---|---|
| TA | Yunqi Li | |
| Location | ECEB 3013, also Zoom | |
| Lecture Times |
Monday, Wednesday, Friday 4:00pm- 4:50pm |
|
| Lectures are also available online via Echo360. | ||
| Office | Andrew: CSL 461 | Yunqi: Zoom |
| Office Hours |
Andrew: Thursdays 2:30pm-3:30pm | Yunqi: Wednesday 2:30pm-3:30pm |
| Piazza | https://piazza.com/illinois/fall2021/c93b | |
| Discord: | see piazza for link | |
Cryptographic protocols are fundamental techniques for building secure systems, even against powerful attackers. Traditionally, cryptography is concerned with communication channels that lets Alice and Bob send messages, (e.g., “Let’s meet by the bridge at 5pm!”) while preventing an eavesdropper Eve from observing the message or tampering with the contents. Cryptography is already widely deployed, for example the TLS protocol is used every time you visit your bank’s website and see a green “padlock” symbol in your browser. Cryptography can also be used for much more than just secure channels. An emerging trend is the use of “computation over encrypted data.” For example, how can we perform a query over encrypted database?
The goal of this course is to introduce the concepts of modern cryptography, including a combination of both theoretical foundations (how do we precisely state security guarantees and assumptions, and prove that a protocol is designed correctly?) and practical techniques. At the end of this course, you will know how to apply cryptographic techniques in the design and analysis of secure distributed systems. This course is intended for senior undergraduate students with an interest in applying cryptographic techniques to building secure systems, and for graduate students with an interest in cryptography or systems security.
Main themes of the course include: Provable security. This course will introduce the modern theory of cryptography, where we provide rigorous proofs that a protocol is secure in spite of interference from arbitrary malicious adversaries (assuming precisely-stated models of network primitives and computationally-hard problems). Protocols for secure computing. Traditionally, the goal of cryptography is to build a secure communication channel between Alice and Bob. However, recently, the toolbox of practical cryptographic protocols has become much more versatile and powerful. This course will focus on the application and analysis of protocols for diverse applications, such as secure outsourcing of storage and computing over encrypted data. Failures and limitations of cryptography. Many (if not the vast majority of) deployed cryptosystems have been plagued with vulnerabilities, stemming from ad hoc protocol design, incorrect implementations, and overly-simplistic security models. This course will cover many examples of high-profile attacks.
Prerequisites:
All lecture recordings are available via the media space channel [Mediaspace Channel for ECE/CS 407]
| Week 1: Introduction | ||
|---|---|---|
| Monday, Aug 23 | Course introduction, syllabus |
Lecture notes (slides) |
| Wednesday, Aug 25 | Cryptography for laypeople, journalists, and cypherpunks | Lecture notes (slides)
|
| Friday, Aug 27 | Warmup: One Time Pad |
Lecture notes [pdf] Reading: Joy Chapter 1: (pdf) Additional notes: Chapter 1, Pass and Shelat |
| Week 2: | ||
| Monday, Aug 30 | Basics of provable security, confidentiality definitions |
Scribbles (pdf) Reading: Joy Chapter 2: (pdf) Additional notes: Section 1.3 from Pass and Shelat |
| Wednesday, Sep 1 | One way functions, pseudorandomness |
Scribbles (pdf) Reading: Joy Chapter 4: (pdf) Additional notes: Sections 3.5, 3.6, 3.7, 3.9 from Pass and Shelat |
| Friday, Sep 3 | Psuedorandom generators and PRF |
Lecture Notes: (pdf) Reading: Joy Chapter 5: (pdf) Additional notes: Pass & Shelat, 2.2 One-Way Functions, 3.4 Hard-Core Bits from Any OWF The strange story of "Extended Random"(blog) |
| Week 3: More symmetric key encryption | ||
| Monday, Sep 6 | LABOR DAY NO CLASS | |
| Wednesday, Sep 8 | Pseudorandom functions and block ciphers |
Scribbles (pdf) Reading: Joy Chapter 6 (pdf) |
| Friday, Sep 10 | Garbled Circuits |
MP1 Release Lecture notes (slides) Reading: Pass & Shelat, 6.2 Yao Circuit Evaluation |
| Week 4: More encryption, Message Authentication | ||
| Monday, Sep 13 | Chosen Plaintext Attacks | Lecture Notes: (pdf) Reading: Joy Chapter 7 (pdf) |
| Wednesday, Sep 15 | Block Cipher Modes | Lecture notes: (pdf) Reading: Joy Chapter 8 (pdf) |
| Friday, Sep 17 | Chosen Ciphertext attacks | Lecture notes: (pdf) Reading: Joy Chapter 9 (pdf) |
| Week 5: Interactive Proofs | ||
| Monday, Sep 20 | Message Authentication Codes |
Lecture notes: (pdf) Joy Chapter 10 (pdf) More notes: Pass and shelat, 5.1, 5.2. |
| Wednesday, Sep 22 | Cyclic Groups |
Lecture notes: (pdf) Joy Chapter 14 (pdf) |
| Friday, Sep 24 | More Groups | Lecture notes: (pdf) Zoom recording: (zoom) |
| Week 6: | ||
| Monday, Sep 27 | Interactive Zero Knowledge proofs |
Lecture Notes (pdf) MP1 due, MP2 (partial) Release Pass and shelat, 4.3-4.6 (zero-knowledge, interactive protocols, proofs, and zero-knowledge proofs) |
| Wednesday, Sep 29 | More Zero knowledge | MP2 (full) Release Lecture Notes (pdf) Illustrated Primer on ZK (blog) |
| Friday, Oct 1 | Zero knowledge composition | Lecture Notes (pdf) On Σ-protocols (pdf) |
| Week 7: More ZKP | ||
| Monday, Oct 4 | More ZKP, Commitments |
Lecture Notes (pdf) Susan Hohenberger's notes (1) |
| Wednesday, Oct 6 | Non-interactive ZK and signatures |
Susan Hohenberger's notes
(2) |
| Friday, Oct 8 | Still more ZKP, Diffie Hellman Key Exchange | Lecture notes (pdf) |
| Week 8: | ||
| Monday, Oct 11 | Project Day | |
| Wednesday, Oct 13 | Review for Midterm | MP2 Due |
| Friday, Oct 15 | MIDTERM synchronous portion | |
| Week 9: | ||
| Monday, Oct 18 | Polynomials, Secret sharing, MPC |
Lecture notes (pdf)
Midterm take home portion release Reading: Joy, Chapter 3 |
| Wednesday, Oct 20 | More MPC | |
| Friday, Oct 22 | Yet more MPC | Project proposals due |
| Week 10: | ||
| Monday, Oct 25 | Collision resistance |
Midterm takehome portion due. Reading: Joy Chapter 11 More notes on MPC (pdf) MP3 release. |
| Wednesday, Oct 27 | Still more MPC | More MPC (pdf) |
| Friday, Oct 29 | Collision resistance, Public Key Encryption | Reading: Joy Chapter 15 Lecture notes (pdf) |
| Week 11: | ||
| Monday, Nov 1 | E-Voting | Lecture notes (pdf) |
| Wednesday, Nov 3 | RSA crypto system | Reading: Joy Chapter 13 Lecture notes (pdf) |
| Friday, Nov 5 | Fault attacks on RSA | Reading: Boneh Demilo Lipton (pdf)
Stanford Number Theory notes: (web) Lecture notes (pdf) |
| Week 12: | ||
| Monday, Nov 8 | Side channels | MP3 due. Lecture slides: (slides) |
| Wednesday, Nov 10 | Authenticated Data Structures | Lecture Notes (slides) |
| Friday, Nov 12 | Authenticated Encryption, Forward Security | Project Checkpoints Due Lectures notes (pdf) |
| Week 13: More protocols | ||
| Monday, Nov 15 | Private Information Retrieval | MP4 release
Lecture notes: (pdf) |
| Wednesday, Nov 17 | Oblivious RAM | Slides from Mark Ryan (pdf) |
| Friday, Nov 19 | CLASS CANCELED | happy thanksgiving |
| Fall Break: November 20-28 | ||
| Week 14: Lattices, Garbled Circuits Security | ||
| Monday, Nov 29 | Lattices and Ajtai hash | More notes: Lecture notes: (pdf) |
| Wednesday, Dec 1 | Pairings and Polynomial commitments | |
| Friday, Dec 3 | Cut and Choose & Garbled Circuits Security | |
| Week 15: | ||
| Monday, Dec 6 | Some Ethics and Cryptography | MP4 due. Moral Character of Cryptographic Work (pdf) |
| Wednesday, Dec 8 | Project Presentations | Final Exam takehome portion released (1 hour) Due prior to Final Exam period. |
| Final Exams | ||
| Tuesday Dec. 14 | Final exam 7:00pm-10:00pm. in ECEB 3013 | |
A proposal for each final project must be submitted to and accepted by the instructor by the proposal deadline.