Cryptology 2016


Instructor:   Debrup Chakraborty
                     CSRU, Room 402, Deshmukh Bhavan
                     debrup(at)isical (dot)ac (dot)in
                     ( Better fix an appointment over email before visiting)

Gradings: 20% On assignments
                  30% On Midterm
                  50% On Final

Text:    [Stinson] Cryptography Theory and Practice by Douglas R. Stinson
            [KL]  Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindel
            [MOV] Handbook of Applied Cryptography by Menezes, Oorschot, Vanstone (available free, online)
            [Boneh-Shoup] A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup (draft available free, online)

Assignment 1 : Due January 5, 2017.

Lecture 1 (Aug 2): Introduction: Basic setting of symmetric encryption, confidentiality, integrity. Adversarial goals and resources.

Lecture 2 (Aug 5): Classical ciphers: Shift cipher, affine cipher, substitution cipher, permutation cipher, Vigenere cipher, Hill cipher. (Read Chapter 1 of Stinson)

Lecture 3 (Aug 9): Classical ciphers: Cryptanalysis of classical ciphers. (Read chapter 1 of Stinson. Additional reading: The Code Book by Simon Singh.)

Lecture 4: (Aug 12): Perfect Secrecy: Perfect secrecy, One time pad, Shanon's Theorem. (read Chapter 2 of KL, Chapter 2 of Boneh-Shoup)

Lecture 5: (Aug 16): Computational Security: Computational security, security definition, adversarial advantage, definition of semantic security, security
                                   against message recovery, relation among security notions (Read Chapter 2 of Boneh-Shoup) 

Lecture 6: (Aug 19): Computational Security: Various examples involving semantic security, proofs by reduction. ( read Chapter 2 of Boneh-Shoup)

Lecture 7: (Aug 23): Stream Ciphers: Pseudorandom Generators, Semantically secure cipher with PRGs. Composition of PRGs: Parallel composition and
                                    sequential composition (Blum Micali construction).  (Read Chapter 3 of Boneh-Shoup) 

Lecture 8: (Aug 26): Stream Ciphers: LFSRs, CCS stream cipher, RC4  (Read Chapter 3 of Boneh-Shoup)

Lecture 9: (Aug 30): Stream Ciphers: Finite Fields, Fibonnaci and Galois LFSRs, Maximum period of a LFSR. The eStream candidates. Description of Cha-Cha 20 and Trivium.

Lecture 10: (September 2): Block Ciphers: Syntax of Block ciphers, block cipher security, Pseudorandom functions and permutations

Lecture 11: (September 6): PRP-PRF switching lemma, IND-CPA and IND$ security definitions for symmetric encryption. Traditional modes of operations: ECB, CBC, CFB, OFB, CTR

Lecture 12: (September 9): CTR mode and its security proof. [Handout]

Lecture 13: (September 14): Nonce bases encryption. Description of DES and AES

Lecture 14:(September 16): Key recovery attacks on block ciphers, 2DES, 3DES, DESX. Meet in the middle attacks.
 
Lecture 15:    Message authentication codes: The problem of authentication. Syntax and security of MAC schemes. PRFs as MACs

Lecture 16:    Message authentication codes: Almost Universal and XOR almost universal hash functions. Carter Wegman paradigm of MAC construction. and The problem of authentication. Syntax and security of MAC schemes

Lecture 17:     Message authentication codes: Hash then PRF constructions of MACs. Block cipher based MACs: CBC MAC, CMAC, PMAC

Lecture 18 : Hash Functions: Introduction and motivation, preimage resistance, second preimage resistance and collision resistance. Algorithms for these problems in the random oracle model. (Read Stinson)
 
Lecture 19 : Hash Functions: Merkle Damgard paradigm for iterated hash functions. Design of compression functions: Davis Meyer construction, overview of the SHA family. HMAC scheme. (Read Stinson and Boneh-Shoup)

Lecture 20 : Authenticated encryption: Basic definitions an security notions,  generic composition. (Read Boneh-Shoup and Class notes)

Lecture 21 : Authenticated Encryption: OCB2 and GCM. Variants of AE: AEAD, DAE. (Read Class notes)

Lecture 22 : Tweakable Enciphering Schemes: The problem of disk encryption, tweakable block ciphers, tweakable enciphering schemes, EME and XTS. (read class notes)

Lecture 23: Number theory: Algorithms to add, subtract, multiply and divide. Computing in Z_N. (Read class notes) 

Lecture 24: Number theory: Modular exponentiation, finding GCDs, Euclid's and extended Euclid's algorithms. Multiplicative inverse, Fermat's and Euler's theorems
       
Lecture 25 :  Number theory:  Chinese remainder theorem, quadratic residues, primality testing: Fermat's test and Miller Rabin's test.  (Read class notes, Stinson )

Lecture 26 : Public key Encryption: CPA and CCA security of PKE. RSA crypto system. CCA secure scheme from trapdoor permutations. (Read Stinson, KL)

Lecture 27: Public key Encryption: Discrete log problem. The Diffie Hellman key exchange; CDH and DDH asumptions. El Gamal Encryption scheme with variants. (read KL, the El Gamal variant discussed in class
                                                                is summarized in section 1.1 of Cash Kiltz Shoup)