Introduction to Cryptography

Computer Science 4830
Cornell University
Fall 2010

Instructor: Rafael Pass

Time: TR 1:25-2:40
Place: 203 Thurston Hall
Course Web page:


TA: Huijia Lin

Office Hours: Wed 11.15-12.15

Place: Upson Hall (in Rachel’s office)


The modern study of cryptography investigates techniques for facilitating interactions between distrustful entities. In our connected society, such techniques have become indispensable---enabling, for instance, automated teller machines, secure wireless networks, internet banking, satellite radio/television and more. In this undergraduate course we introduce some of the fundamental concepts of this study. Emphasis will be placed on rigorous proofs of security based on precise definitions and assumptions.


Topics include: one-way functions, encryption, signatures, pseudo-random number generation, zero-knowledge and basic protocols.


Note: This will be a theory course. You will be expected to read and write formal definitions and mathematical proofs. This is not a course in security: you will not learn how to secure your system. Cryptography is only one (important) part of security. We will not study cryptographic acronyms or all cryptographic protocols in use today. Rather we focus on some of the fundamental design paradigms and on notions that will allow you to critically evaluate cryptographic protocols.


CS2800 (or equivalent), CS3810 (or mathematical maturity), or permission of instructor.

The main skills that will be assumed from these courses are: 1) the ability to understand and write formal mathematical definitions and proofs and 2) comfort with reasoning about algorithms, such as proving their correctness and analyzing their running times. It is also important that you are familiar with basic probability.

Course Administration

We are using the course management system, CMS.  Please login to and check whether you are registered. There will be a list of courses you are registered for, and Com S 4830 should be one of them.  If not, please send your full name and Cornell netid to the TA so they can register you.  You can check your grades and submit homework in CMS. 

Please fill out this sheet and hand it in during the second class.


There will be 6 homeworks, an in-class mid-term and a take-home final exam.


HW 1 is due on Sep 14.

The cipher is now posted.

Break this : cipher1.txt

Bonus point for breaking also this one: cipher2.txt

As soon as you have found a solution, email it to the TA. The first person/group to solve either of the cipher gets additional bonus points. In this email you need only provide the plain text; in the solution for the HW you also need to explain you methodology.


The following notation might be useful.


Dates for other HW (subject to change): HW2 on Sep 30, HW3 on Oct 19, HW4 on Nov 2, HW5 on Nov 16, HW6 on Dec 2.


Homeworks need to be handed in before the beginning of class. Additionally, you have a total of 4 “late-days” that you can use throughout the semester.


The midterm is in class on Oct 7.

Weights: homeworks 60%, mid-term 15% and final 25%.

Homework Policy

You are free to collaborate with other students on the homework, but you must turn in your own individually written solution and you must specify the names of your collaborators. Additionally, you may make use of published material, provided that you acknowledge all sources used. Note that it is a violation of this policy to submit a problem solution that you are unable to explain orally to a member of the course staff.
Assignments will be posted in CMS. Submit hardcopy in class or to the TA by the due date, or as a .pdf, .ps, .doc, or .txt file in CMS. Typed problem sets are strongly preferred.


Lecture notes will be made available on the web-site, but should not serve as a substitute for attending the lectures.


Current draft of the lecture notes is here (from Aug 26, 2010; updated drafts will be posted during the semester so only print the section we currently covering; also, please let me know if you find typos or if something is not clear.)


There is no required text for the course other than lecture notes. You may find the following two books to be useful references. Note, however, that we will not always be following the same notational conventions as these books.


  • Oded Goldreich. Foundations of Cryptography. This is a very comprehensive treatment of the theoretical foundations of cryptography. Volume I and II include most of the material that we cover in class, but at a far greater depth and (at a more advanced level). This book is a great reference for students interested in more advanced studies in theoretical cryptography.


  • Jonathan Katz and Yehuda Lindell. An Introduction to Modern Cryptography. This is an introductory textbook on cryptography. The level of the material and the mathematical treatment is similar to the one we will use in class. However, this book does not cover all of the material that we go through.


For a more applied treatment of cryptography, I suggest the following book which is available on-line.



For background reading on probability, algorithms, and complexity theory, I recommend:


Topics Outline (subject to change)

  • Introduction:
    1. Introduction and Overview.
    2. Information Theoretic Security.
      Shannon’s Definition of security. One-time Pads. Limitations of the Information Theoretic Approach.


  • Computational Hardness and One-wayness:
    1. One-way Functions and Computationally bounded adversaries.
      Randomized Efficient Algorithms. One-way functions (OWF). Weak and Strong OWFs.
      Collections of OWFs.
    2. Computational Number Theory.
      Euclid’s Algorithm, Modular Exponentiation, Basic group theory, Euler’s and Fermat’s Theorems.
      Primes. Candidate OWFs based on the Factoring assumption and the Discrete log assumption.
      One way permutations and Trapdoor permutations.


  • Indistinguishability and Pseudorandomness:
    1. Computational Indistinguishability and Pseudorandom Generators (PRG) and Functions (PRF).
      Definitions of Computational Indistinguishability and Pseudorandomness.
      Provable constructions of a PRGs and PRFs.
      Practical constructions of PRG and PRFs: stream and block-ciphers.
    2. Private-Key Encryption.
      Definitions and Constructions
    3. Stronger Attacks:
      Chosen challenge-text, Chosen plain-text, Chosen cipher-text 1 and 2 (CCA1, CCA2).
    4. Public-Key Encryption.
      Trap-door function model and problems with it.
      Definitions and Constructions.


  • Zero-Knowledge:
    1. Semantical Security:
      Zero knowledge-based definitions of encryption. Equivalence with indistinguishability-based definitions.
    2. Zero-Knowledge Proofs:
      Definitions and construction of ZK proofs for Graph-Isomorphism and Graph 3-coloring.


  • Authentication:
    1. Digital Signatures.
      Definitions and Constructions
    2. Hash functions.
    3. Message Authentication Codes.
    4. Zero Knowledge-based Authentication.


  • Computing on Secret Inputs:
    1. Secret Sharing.
    2. Secure Computation.
      Oblivious Transfer.
      Yao’s Garbled Circuit.

Secure Multi-party Computation


  • Composability of General Protocols:
    1. Composability of Zero-Knowledge proofs.