Welcome to the Spring 2021 web page for CS598DK: Special Topics in Cryptography!

Course Overview

Cryptography, that started as the study of secret communication, has undergone a major revolution in the last few years. It now helps us realize a variety of seemingly impossible tasks: from allowing computations on secret data without revealing the data itself, to offloading computation to untrusted clients while maintaining verifiable results, and even making programs unintelligible while preserving functionality.

This course will cover a selection of such cutting-edge topics in modern cryptography. We will understand how an adversary that breaks advanced protocols can be transformed into an adversary that contradicts basic mathematical assumptions. Our focus will be on understanding key ideas in cryptography research published over the last few years, and identifying new directions and problems for the future.

A major focus of the course will be on post-quantum cryptography, based in particular on the learning with errors (LWE) assumption. No prior cryptography background is assumed, however, students are expected to have mathematical maturity. In particular, working knowledge of discrete mathematics and probability is assumed. Familiarity with algorithmic reductions will be useful.

Course Credits: 4
Time: Wednesdays and Fridays, 3.30 - 4.45 pm
Location: Zoom. Meeting link: here.
Instructor: Dakshita Khurana, dakshita@illinois.edu
Office Hours (updated): Monday 9 am - 10 am, Wednesdays and Fridays (after class) by appointment. Zoom link: here.

Important: Please sign up for Piazza for access to course announcements, homeworks, and discussions. Sign up link: here.

Note: Students are encouraged to drop by during office hours (or set up, by email, an appointment to meet) within the first 3 weeks. This will help me learn more about your interests and what you hope to learn from this class, and I can help you with a choice of topic for your project.

We will have lecture notes uploaded on the course webpage, which will serve as the main resource for this course. Here is a list of additional resources.

Similar Course Offerings

Survey on Lattices: By Chris Peikert

Additional Resources: Books and Lecture Notes on Cryptography in General


20%: Class Participation.
The class is intended to be as interactive as possible: you are strongly encouraged to ask questions and offer answers. I will end my lectures with open questions that we will answer interactively during the next class. These questions will be easy to answer if you attend every lecture. Reading prescribed material before the next lecture is recommended to better understand the contents of the course.

40%: Assignments.
You will have 4 written assignments over the course of the semester.

40%: Project.
The purpose of the project is to expose students to research in cryptography. You can pick a project topic of your choice. The project can be a literature survey, or an attempt at original research to answer some open problem in cryptography. I am happy to consult individually with you during office hours or by appointment to provide guidance. You should feel free to work individually, or in teams of 2-3, and grades will be calibrated accordingly.

How to be Successful in this Course.
Attendance and class participation are important for success in this course. Please do your best to attend every lecture. Active participation in class will take you a long way. If you don't understand something, ask. If you didn't understand, there is a good chance that many others didn't, and you are likely doing everyone a favor. Read in advance of the next class, and be prepared to answer my questions during class.

Lecture Recordings. Class lectures are being recorded and are available for viewing on media space here. Unfortunately these are only available to registered students due to privacy regulations. If you are registered for the course but cannot view these recordings, please send me an email.

Course Schedule

The following is a tentative schedule and is subject to change. A good fraction of the content is based on Vinod Vaikuntanathan's course (linked above).

Date Topic Notes from Class Additional Resources
      Boaz Barak's math background notesA Note on Negligible Functions

Overview, Hardness, SIS and One-way Functions

Lecture Notes - 1 Scribe notes from a previous offering: Lecture 1Lecture 2

More on SIS, Collision Resistance

Lecture Notes - 2 These notes. For a proof of the Leftover Hash Lemma, see these notes - I and - II.

LWE, Pseudorandomness

Lecture Notes - 3

Scribe notes from a previous offering: Lecture 3, Lecture 4, Lecture 5, Lecture 9, Lecture 10.

Introduction to LWE and PKE from LWE - I, - II and - III. See also this talk.


Pseudorandomness, Private-Key Encryption

Lecture Notes - 4 These Lecture Notes

Private-Key Encryption

Lecture Notes - 5 These Lecture Notes

Public-Key Encryption

Lecture Notes - 6 These Lecture Notes

Fully Homomorphic Encryption

Lecture Notes - 7

Scribe notes from a previous offering: Lecture 11

GSW Homomorphic Encryption from Learning with Errors , Lecture Notes with some Simplifications



Lecture Notes - 8

Scribe notes from a previous offering: Lecture 12

GSW Homomorphic Encryption from Learning with Errors


Lattice Trapdoors

Lecture Notes - 9 See these notes 

Ajtai Trapdoor Sampling , GPV signatures , Micciancio-Peikert Trapdoor Sampling

Digital Signatures

Lecture Notes - 10 See these notes, and these for a more detailed proof

Micciancio-Peikert Trapdoor SamplingGPV signatures

Try this homework to improve your understanding of signature schemes and trapdoors

Identity-Based Encryption - I

Lecture Notes - 11 These notes

Identity-Based Encryption - II

Lecture Notes - 12 These notes

Attribute-Based Encryption 

Lecture Notes - 13 These notes

Zero-Knowledge - I

Lecture Notes - 14 Lecture notes from a previous offering: Lecture 8

Zero-Knowledge - II

Lecture Notes - 15 Lecture notes from a previous offering: Lecture 8 
Additional reading: 
Lecture 7 of these notes
For proofs of knowledge: this paper

Lattice-based ZK

Lecture Notes - 16 Daniele Micciancio's list of resources   

More ZK

Lecture Notes - 17 Non-black-box simulation via FHE: This paper and this one

Computing on Encrypted Data - I

Lecture Notes - 18  

Computing on Encrypted Data - II

Lecture Notes - 19   

Multi-Key FHE

Lecture Notes - 20 This paper

Lockable Obfuscation - I

(Guest lecture by Rishab Goyal)

  This paper, and this concurrent paper

Lockable Obfuscation - II

​(Guest lecture by Rishab Goyal)

  Same as the links above

(No class)


Recap: Encryption

Recap Notes - 1  

Recap: ZK

Recap Notes - 2  

Recap: Lattice Trapdoors + Applications

Recap Notes - 3  

Web Analytics