Welcome to the Fall 2020 web page for CS/ECE 498 AC3/4: Cryptography!

Course Overview

This course will cover a selection of topics in applied cryptography. We will learn how cryptographic primitives work, how to use them correctly, and how to provably reason about their security. 

No prior cryptography background is assumed, however, students are expected to have mathematical maturity. Students are expected to be comfortable with writing mathematical proofs. A working knowledge of discrete mathematics and probability is assumed. Familiarity with algorithmic reductions will be useful.

Instructor: Dakshita Khurana, dakshita@illinois.edu. Office hours: Tuesday 12.30 pm - 1.30 pm, or by appointment.
TA: Ruta Jawale, jawale2@illinois.edu. Office hours: Thursday 2 pm - 3 pm.

Course Credits: 3/4
Time: Tuesdays and Thursdays, 11.00 - 12.15 pm
Location: Zoom. If you are registered for the course, you should have received an email with a link to join zoom meetings, and to join Piazza.
Piazza: Please sign up for Piazza at  to get a zoom link.

If you are not registered, please email the TA to get an access code for Piazza and a zoom link.

Note: Students are encouraged to drop by during office hours (or set up, by email, an appointment to meet) within the first 4 weeks. This will help me learn more about your interests and what you hope to learn from this class. I can also help you with a choice of topic for your project.

Students will be asked to scribe lecture notes. These notes will serve as a key resource for this course. We will closely follow the book:

Additional Resources: Books/Lecture Notes

Grading for CS 498 AC3/4, ECE 498 AC 3/4.

(Bonus) 5%: Class Participation. 
The class intends to encourage deep, careful thought. I want the lectures be as interactive as possible: you are strongly encouraged to ask questions and offer answers. I will end lectures with open questions that we will answer interactively during the next class. These questions will be easy to answer if you attend every lecture. Reading the prescribed book before the next lecture is recommended to better understand the contents of the course. Students that ask insightful questions and offer insightful answers in class, or as part of assignment solutions, or on Piazza will be rewarded with extra credit.

10%: Scribe Notes.
Scribe notes are a complete, polished write-up of a lecture, with references and technical details carefully filled in. Every student should expect to scribe once, likely in teams of 2 depending on class size. At the beginning of every lecture, I will ask for volunteers to write the scribe notes for the day. Please do not volunteer if there is a chance that you will drop the course before you submit your scribe notes. Preparing these notes will help you internalize the material at a new level, by thinking through the significance of the material and converting every proof outline discussed in class to a rigorous proof. Please typeset your scribe notes in LaTeX using the template here. You have 4 days to prepare the scribe notes. More precisely, the scribe notes for a Tuesday lecture are due at 5 pm the following Saturday, and the scribe notes for a Thursday lecture are due at 5 pm the following Monday. Please email the TA your .pdf file and the source files (.tex and .bib, as well as figure files if any). Please email your files as a single ZIP archive.

60%: Assignments.
There will be 4 assignments, each worth 15%. These will range from cryptanalytic attacks, to implementations of secure cryptographic primitives, to mathematically rigorous proofs of security.

30%: Exam (Take-home). 
There will one final take-home exam, with 5-6 questions, that you will have 24 hours to solve. To be successful in the exam, I highly recommend that you attend class, participate and ask questions, and give careful and deep thought to topics discussed in class.

FOR THE 4 CREDIT COURSES (CS498AC4/ECE498AC4) ONLY -- (25 out of a total of 125 points): Project.
The purpose of the project is to expose students to research in cryptography. You can pick a project topic of your choice (you can refer to this list for some nice ideas). The project can be a literature survey, or an attempt at original research to answer an open problem in cryptography. I am happy to consult individually with you during office hours or by appointment to provide guidance. You should feel free to work individually, or in teams of 2-3, and spend 1-2 weeks on the project.
NEW! Please find the project template here.

Students will have the option to waive the exam requirement if they aim to advance the field of cryptography via original research. In this case, the project will account for 55 out of 125 points. If you choose to waive your exam, you will be expected to allot several weeks and a good deal of effort to the research project. Research is an unpredictable game, so your project evaluation will take into account the thought and effort you put in and the ideas you develop along the way. Students interested in choosing this option must contact me within the first 3 weeks.

Course Schedule

This is a tentative schedule and is subject to change. Please keep checking this page for updates to topics and for scribe notes. Much of the content has been borrowed from the Boneh-Shoup textbook and Dan Boneh's course.

Date Topic Slides Lecture Video Reading (Boneh-Shoup) Scribe Notes (have not been vetted)
08/25 Introduction, Overview, Historical Perspective Lecture 1 Lecture 1 video Chapters 1, 2  
08/27 Pseudorandom Generators (PRGs), Stream Ciphers Lecture 2 Lecture 2 video Chapters 2, 3 Scribe notes lec. 2
09/01 Block Ciphers I Lecture 3 Lecture 3 video Chapters 3, 4 Scribe notes lec. 3
09/03 Block Ciphers II Lecture 4 Lecture 4 video Chapters 4, 5 Scribe notes lec. 4
09/08 Message Authentication Lecture 5 Lecture 5 video Chapter 6 Scribe notes lec. 5
09/10 Collision-Resistance

Lecture 6 Lecture 6 video Chapter 8 Scribe notes lec. 6
09/15 Authenticated Symmetric Encryption Lecture 7 Lecture 7 video Chapter 9 Scribe notes lec. 7
09/17 Advanced Symmetric Encryption, Number Theory

Lecture 8 Lecture 8 video Chapter 9 Scribe notes lec. 8
09/22 Public Key Encryption 1 Lecture 9 Lecture 9 video Chapter 10 Scribe notes lec. 9
09/24 Public Key Encryption 2 Lecture 10 Lecture 10 video supplementary video Chapter 10 Scribe notes lec. 10
09/29 CCA Secure Encryption Lecture 11 Lecture 11 video Chapter 11 Scribe notes lec. 11
10/01 Digital Signatures

Lecture 12 Lecture 12 video Chapters 13,14 Scribe notes lec. 12
10/06 Schnorr Signatures, Commitments Lecture 13 Lecture 13 video Chapter 19 Scribe notes lec. 13
10/08 Identification Schemes and Zero-Knowledge Lecture 14 Lecture 14 video Chapter 19  
10/13 Zero-Knowledge II Lecture 15 Lecture 15 video Chapter 19 Scribe notes lec. 15
10/15 Zero-Knowledge III Lecture 16 Lecture 16 video Chapter 19 Scribe notes lec. 16
10/20 Or Composition, Pairings Lecture 17 Lecture 17 video Chapter 19 Scribe notes lec. 17
10/22 Pairing-based ZK Lecture 18 Lecture 18 video These notes Scribe notes lec. 18
10/27 Pairing-based ZK: II

Lecture 19 Lecture 19 video Additional reading Scribe notes lec. 19
10/29 Oblivious Transfer Lecture 20 Lecture 20 video Additional reading Scribe notes lec. 20
11/03 Election Day, NO CLASS

11/05 Two Party Computation 1: Secret Sharing and Computations Lecture 21 Lecture 21 video Chapter 14 here Scribe notes lec. 21
11/10  Two Party Computation 2: Garbled Circuits Lecture 22 Lecture 22 video Chapter 14 here Scribe notes lec. 22
11/12 On the Security of Garbled Circuits Lecture 23 Lecture 23 video Chapter 14 here Scribe notes lec. 23
11/17 Learning with Errors 1 Lecture 24 Lecture 24 video   Scribe notes lec. 24
11/19 Learning with Errors 2

Lecture 25 Lecture 25 video   Scribe notes lec. 25
If interested: Leftover Hash Lemma
11/24 Thanksgiving, NO CLASS        
11/26 Thanksgiving, NO CLASS        
12/01 Q&A, Crypto Unicorns

Lecture 26 Lecture 26 Video    
12/03 Ethics 1        
12/08 Ethics 2