Lecture: 3 hours

Discussion: 1 hour

Prerequisite: Course ECS 220 or ECS 222A

Grading: Letter; homework (40%), project (20%), final (40%)

Catalog Description:
Modern cryptography, as a discipline emphasizing formal definitions and proofs of security. One-way functions, pseudo-randomness, encryption, digital signatures, zero-knowledge, secure protocols.

A new era in cryptography emerged in the early 1980’s when researchers realized that security goals could be formally defined and provably achieved (sometimes under complexity-theoretic assumptions). The goal of this course is to teach the Definition – Protocol – Proof paradigm, illustrating it for some of cryptography’s central problems. By the end of the course the students should understand the provable-security paradigm, be able to distinguish proofs from intuition, and should be ready to begin research in the field.

Expanded Course Description:

  1. Overview. Sample cryptographic goals. The idea of provable security. Resources of cryptographic interest.
  2. Block ciphers, pseudorandom function families, and pseudorandom permutation families.
  3. Pseudorandom generators and one-way functions. Hard-core bits.
  4. Symmetric encryption: realizations and notions of security.
  5. Asymmetric encryption. Number-theoretic background. The random-oracle paradigm.
  6. Message authentication. Connections to universal hashing.
  7. Digital signatures.
  8. Uniform and non-uniform security. Asymptotic approaches.
  9. Interactive proofs. IP=PSPACE. Zero-knowledge. NP in zero-knowledge. Non-interactive zero-knowledge.
  10. Entity authentication and session-key distribution.
  11. Secret-sharing schemes. Verifiable secret sharing. Key escrow.
  12. Secure function evaluation.

None; distributed lecture notes and selected papers from the literature.

Computer Usage:

ABET Category Content:
Engineering Science: 4 units
Engineering Design: 0 unit

Instructor: P. Rogaway

Prepared By: P. Rogaway (September 2002)

Overlap Statement:

This course does not have a significant overlap with any other course. Some classical cryptography (eg., RSA encryption) is covered in ECS 235, but that course has a very different emphasis, with no definitions or proofs.