**Welcome to the Fall 2020 web page for CS498AC3/AC4, ECE498AC3/AC4: Applied Cryptography!**

This course will cover a selection of topics in applied cryptography. We will learn how cryptographic primitives work, how to use them correctly, and how to provably reason about their security.

No prior cryptography background is assumed, however, students are expected to have mathematical maturity. Students are expected to be comfortable with writing mathematical proofs. A working knowledge of discrete mathematics and probability is assumed. Familiarity with algorithmic reductions will be useful.

**Instructor: **Dakshita Khurana, dakshita@illinois.edu. Office hours: Tuesday 12.30 pm - 1.30 pm, or by appointment.

**TA: **Ruta Jawale, jawale2@illinois.edu. Office hours: Thursday 2 pm - 3 pm.

**Course Credits: **3/4

**Time: **Tuesdays and Thursdays, 11.00 - 12.15 pm

**Location: **Zoom. *If you are registered for the course, you should have received an email with a link to join zoom meetings, and to join Piazza. *

**Piazza:** Please sign up for Piazza at https://piazza.com/illinois/fall2020/ececs498ac/home to get a zoom link.

__If you are not registered, please email the TA to get an access code for Piazza and a zoom link.__

Note: Students are encouraged to drop by during office hours (or set up, by email, an appointment to meet) within the first 4 weeks. This will help me learn more about your interests and what you hope to learn from this class. I can also help you with a choice of topic for your project.

Students will be asked to scribe lecture notes. These notes will serve as a key resource for this course. We will closely follow the book:

**Additional Resources: Books/Lecture Notes **

- The Foundations of Cryptography, by Oded Goldreich
- An Introduction to Modern Cryptography
- Lecture Notes on Cryptography, by Bellare and Goldwasser
- Foundations of Cryptography, by Rafail Ostrovsky
- A Course In Cryptography, by Pass and Shelat
- Lecture Notes, by Boaz Barak
- Lecture Notes, by Daniel Wichs

**(Bonus) 5%: Class Participation. **

The class intends to encourage *deep, careful thought.* I want the lectures be as interactive as possible: you are strongly encouraged to ask questions and offer answers. I will end lectures with open questions that we will answer interactively during the next class. These questions will be easy to answer if you attend every lecture. Reading the prescribed book before the next lecture is recommended to better understand the contents of the course. Students that ask *insightful *questions and offer *insightful *answers in class, or as part of assignment solutions, or on Piazza will be rewarded with extra credit.

**10%: Scribe Notes. **

Scribe notes are a complete, polished write-up of a lecture, with references and technical details carefully filled in. Every student should expect to scribe once, likely in teams of 2 depending on class size. At the beginning of every lecture, I will ask for volunteers to write the scribe notes for the day. Please * do not volunteer if there is a chance that you will drop the course before you submit your scribe notes. Preparing these notes will help you internalize the material at a new level, by thinking through the significance of the material and converting every proof outline discussed in class to a rigorous proof. Please typeset your scribe notes in LaTeX using the template here. You have 4 days to prepare the scribe notes. More precisely, the scribe notes for a Tuesday lecture are due at 5 pm the following Saturday, and the scribe notes for a Thursday lecture are due at 5 pm the following Monday. Please email the TA your .pdf file and the source files (.tex and .bib, as well as figure files if any). Please email your files as a single ZIP archive. *

**60%: Assignments. **

There will be 4 assignments, each worth 15%. These will range from cryptanalytic attacks, to implementations of secure cryptographic primitives, to mathematically rigorous proofs of security.

**30%: Exam (Take-home). **

There will one final take-home exam, with 5-6 questions, that you will have 24 hours to solve. To be successful in the exam, I highly recommend that you attend class, participate and ask questions, and give careful and deep thought to topics discussed in class.

**FOR THE 4 CREDIT COURSES (CS498AC4/ECE498AC4) ONLY -- (25 out of a total of 125 points): Project.**

The purpose of the project is to expose students to research in cryptography. You can pick a project topic of your choice (you can refer to this list for some nice ideas). The project can be a literature survey, or an attempt at original research to answer an open problem in cryptography. I am happy to consult individually with you during office hours or by appointment to provide guidance. You should feel free to work individually, or in teams of 2-3, and spend 1-2 weeks on the project.

Students will have the option to waive the exam requirement if they aim to advance the field of cryptography via original research. In this case, the project will account for 55 out of 125 points. If you choose to waive your exam, you will be expected to allot several weeks and a good deal of effort to the research project. Research is an unpredictable game, so your project evaluation will take into account the thought and effort you put in and the ideas you develop along the way. Students interested in choosing this option must contact me within the first 3 weeks.

This is a tentative schedule and is subject to change. Please keep checking this page for updates to topics and for scribe notes. Much of the content has been borrowed from the Boneh-Shoup textbook and Dan Boneh's course.

Date | Topic | Slides | Lecture Video | Reading (Boneh-Shoup) | Scribe Notes (have not been vetted) |
---|---|---|---|---|---|

08/25 | Introduction, Overview, Historical Perspective | Lecture 1 | Lecture 1 video | Chapters 1, 2 | |

08/27 | Pseudorandom Generators (PRGs), Stream Ciphers | Lecture 2 | Lecture 2 video | Chapters 2, 3 | Scribe notes lec. 2 |

09/01 | Block Ciphers I | Lecture 3 | Lecture 3 video | Chapters 3, 4 | Scribe notes lec. 3 |

09/03 | Block Ciphers II | Lecture 4 | Lecture 4 video | Chapters 4, 5 | Scribe notes lec. 4 |

09/08 | Message Authentication | Lecture 5 | Lecture 5 video | Chapter 6 | Scribe notes lec. 5 |

09/10 | Collision-ResistanceASSIGNMENT 1 RELEASED |
Lecture 6 | Lecture 6 video | Chapter 8 | Scribe notes lec. 6 |

09/15 | Authenticated Symmetric Encryption | Lecture 7 | Lecture 7 video | Chapter 9 | Scribe notes lec. 7 |

09/17 | Advanced Symmetric Encryption, Number Theory ASSIGNMENT 1 DUE |
Lecture 8 | Lecture 8 video | Chapter 9 | Scribe notes lec. 8 |

09/22 | Public Key Encryption 1 | Lecture 9 | Lecture 9 video | Chapter 10 | Scribe notes lec. 9 |

09/24 | Public Key Encryption 2 | Lecture 10 | Lecture 10 video supplementary video | Chapter 10 | Scribe notes lec. 10 |

09/29 | CCA Secure Encryption | Lecture 11 | Lecture 11 video | Chapter 11 | |

10/01 | Digital Signatures ASSIGNMENT 2 RELEASED (FRIDAY) |
Lecture 12 | Lecture 12 video | Chapters 13,14 | Scribe notes lec. 12 |

10/06 | Schnorr Signatures, Commitments | Lecture 13 | Lecture 13 video | Chapter 19 | Scribe notes lec. 13 |

10/08 | Identification Schemes and Zero-Knowledge | Lecture 14 | Lecture 14 video | Chapter 19 | |

10/13 | Zero-Knowledge II | Lecture 15 | Lecture 15 video | Chapter 19 | Scribe notes lec. 15 |

10/15 | Zero-Knowledge III | Lecture 16 | Lecture 16 video | Chapter 19 | Scribe notes lec. 16 |

10/20 | Or Composition, Pairings | Lecture 17 | Lecture 17 video | Chapter 19 | Scribe notes lec. 17 |

10/22 | Pairing-based ZK | Lecture 18 | Lecture 18 video | These notes | Scribe notes lec. 18 |

10/27 | Pairing-based ZK: II ASSIGNMENT 3 RELEASED |
Lecture 19 | Lecture 19 video | Additional reading | |

10/29 | Oblivious Transfer | Lecture 20 | Lecture 20 video | Additional reading | Scribe notes lec. 20 |

11/03 | Election Day, NO CLASS ASSIGNMENT 3 DUE |
||||

11/05 | Two Party Computation 1: Secret Sharing and Computations | Lecture 21 | Lecture 21 video | Chapter 14 here | |

11/10 | Two Party Computation 2: Garbled Circuits | Lecture 22 | Lecture 22 video | Chapter 14 here | |

11/12 | On the Security of Garbled Circuits | Lecture 23 | Lecture 23 video | Chapter 14 here | |

11/17 | Learning with Errors 1 | Lecture 24 | Lecture 24 video | ||

11/19 | Learning with Errors 2ASSIGNMENT 4 RELEASED |
Lecture 25 | Lecture 25 video | If interested: Leftover Hash Lemma | |

11/24 | Thanksgiving, NO CLASS |
||||

11/26 | Thanksgiving, NO CLASS |
||||

12/01 | Postquantum Cryptography: IsogeniesASSIGNMENT 4 DUE |
||||

12/03 | Ethics 1 | ||||

12/08 | Ethics 2 |

* *