﻿ Introduction to Cryptography

# Cryptography

## Computer Science 5830Cornell University Fall 2013

Instructor: Rafael Pass

Time: T 10:10-12.55
Place: Big Red, Cornell Tech
Course Web page: http://www.cs.cornell.edu/courses/cs5830/2013fa/

Office Hours: W 13:00 - 15:00

Homework 1 pdf

Gwriter files rar zip

## Overview

The modern study of cryptography investigates techniques for facilitating interactions between distrustful entities. In our connected society, such techniques have become indispensable---enabling, for instance, automated teller machines, secure wireless networks, internet banking, satellite radio/television and more. In this course we introduce some of the fundamental concepts of this study. Emphasis will be placed on precise definitions of security, precise assumptions and proofs of security.

Topics include: one-way functions, encryption, signatures, pseudo-random number generation, zero-knowledge and basic protocols.

Note: Although students will be expected to provide implementations of basic cryptographic primitives, this is largely a theory course. You will be expected to read and write formal definitions and mathematical proofs. This is not a course in security: you will not learn how to secure your system. Cryptography is only one (important) part of security. We will not study cryptographic acronyms or all cryptographic protocols in use today. Rather we focus on some of the fundamental design paradigms and on notions that will allow you to critically evaluate cryptographic protocols.

## Prerequisites

Equivalent of CS2800 (Discrete Mathematics) and comfort with reasoning about algorithms, such as proving their correctness and analyzing their running times, or permission of instructor.

The main skill that will be assumed is the ability to understand and write formal mathematical definitions and proofs. It is also important that you are familiar with basic probability (although we will recall some basic concepts); please refresh yourself by reading Chapter 5 in the following lecture notes: [Pass-Tseng]

We are using the course management system, CMS.  Please login to http://cms.csuglab.cornell.edu/ and check whether you are registered. There will be a list of courses you are registered for, and Com S 4830 should be one of them.  If not, please send your full name and Cornell netid to the TA so they can register you.  You can check your grades and submit homework in CMS.

There will be 4 homeworks.

Dates for HW (subject to change): HW1 is due on Sep 17, HW2 on Oct 8, HW3 on Nov 5, HW4 on Nov 26.

Homeworks need to be handed in before the beginning of class. Additionally, you have a total of 4 “late-days” that you can use throughout the semester.

The following notation might be useful.

## Homework Policy

You are free to collaborate with other students on the homework (in fact, I highly encourage you to work in pairs), but you must turn in your own individually written solution and you must specify the names of your collaborators. Additionally, you may make use of published material, provided that you acknowledge all sources used. Note that it is a violation of this policy to submit a problem solution that you are unable to explain orally to a member of the course staff. Assignments will be posted in CMS. Submit hardcopy in class or to the TA by the due date, or as a .pdf, .ps, .doc, or .txt file in CMS. Typed problem sets are strongly preferred.

We will largely follow the following lecture notes: [Pass-Shelat] (although some of the advanced proofs in these lecture notes will not be required for this course).

For additional background on probability theory, number theory and logic, please consult the following lecture notes on discrete mathematics: [Pass-Tseng]

There is no other required text for the course other than lecture notes. You may find the following two books to be useful references. Note, however, that we will not always be following the same notational conventions as these books.

• Oded Goldreich. Foundations of Cryptography. This is a very comprehensive treatment of the theoretical foundations of cryptography. Volume I and II include most of the material that we cover in class, but at a far greater depth and (at a more advanced level). This book is a great reference for students interested in more advanced studies in theoretical cryptography.

• Jonathan Katz and Yehuda Lindell. An Introduction to Modern Cryptography. This is an introductory textbook on cryptography. The level of the material and the mathematical treatment is similar to the one we will use in class. However, this book does not cover all of the material that we go through.

For a more applied treatment of cryptography, I suggest the following book which is available on-line.

For background reading on probability, algorithms, and complexity theory, I recommend:

## Topics Outline (subject to change)

• Introduction:
1. Introduction and Overview.
How to break WWII Ciphers.
2. Information Theoretic Security.
Shannon’s Definition of security. One-time Pads. Limitations of the Information Theoretic Approach.

• Computational Hardness and One-wayness:
1. One-way Functions and Computationally bounded adversaries.
Randomized Efficient Algorithms. One-way functions (OWF). Weak and Strong OWFs.
Collections of OWFs.
2. Computational Number Theory.
Euclid’s Algorithm, Modular Exponentiation, Basic group theory, Euler’s and Fermat’s Theorems.
Primes. Candidate OWFs based on the Factoring assumption and the Discrete log assumption.
One way permutations and Trapdoor permutations.

• Indistinguishability and Pseudorandomness:
1. Computational Indistinguishability and Pseudorandom Generators (PRG) and Functions (PRF).
Definitions of Computational Indistinguishability and Pseudorandomness.
Provable constructions of a PRGs and PRFs.
Practical constructions of PRG and PRFs: stream and block-ciphers.
2. Private-Key Encryption.
Definitions and Constructions
3. Stronger Attacks:
Chosen challenge-text, Chosen plain-text, Chosen cipher-text 1 and 2 (CCA1, CCA2).
Malleability.
4. Public-Key Encryption.
Trap-door function model and problems with it.
Definitions and Constructions.

• Zero-Knowledge:
1. Semantical Security:
Zero knowledge-based definitions of encryption. Equivalence with indistinguishability-based definitions.
2. Zero-Knowledge Proofs:
Definitions and construction of ZK proofs for Graph-Isomorphism and Graph 3-coloring.

• Authentication:
1. Digital Signatures.
Definitions and Constructions
2. Hash functions.
3. Message Authentication Codes.
4. Zero Knowledge-based Authentication.

• Computing on Secret Inputs:
1. Secret Sharing.
2. Secure Computation.
Oblivious Transfer.
Yao’s Garbled Circuit.

Secure Multi-party Computation