CS 292F: Introduction to Modern Cryptography (Winter 2018)

Instructor: Stefano Tessaro, tessaro(at)cs(dot)ucsb(dot)edu

Class time and location: MW 9-10:50am (GIRV 2108)

Office hours: T 4-5pm or by appointment (HFH 1117)

Class webpage: http://www.cs.ucsb.edu/~tessaro/cs292f/

Piazza: We will be using Piazza for class-related discussions. The Piazza webpage is available at piazza.com/ucsb/winter2018/cs292f/home. Sign up at piazza.com/ucsb/winter2018/cs292f


  • Initial webpage set up.

Course Description

Cryptography provides the basic technology to protect information and to communicate securely. This class is a self-contained graduate-level introduction to modern cryptography. We will study tools and techniques to design systems with provable security guarantees. Tools will include foundations (one-way functions, pseudorandomness), encryption and authentication, secret- and public-key cryptography, introduction to cryptographic protocols (multi-party computation, zero-knowledge), lattice-based cryptography.

A main high-level objective of the class is to learn how security of cryptographic algorithms is properly defined, and to understand security proofs and what type of guarantees they provide.

Required background: Even though the material has direct practical applications, the class will take a rigorous approach: Exposure to undergraduate-level basics of probability, algebra / elementary number theory (modular arithmetic) and complexity theory (in particular, to reductions) is expected (this can be caught up in part during the class, but get in touch with instructor to assess gaps), as well as a certain level of mathematical maturity (students should be ready to understand mathematical proofs, and to write simple ones). If in doubt, contact the instructor!

Non-CS majors: You are welcome to attend the class. There will be some room. Just show up the first class, and you will then be added to the class.

Extension students: If you are visiting UCSB and want to attend this class, you need permission from me -- get in touch with me and be ready to give copy of your transcripts to make sure you have the appropriate background.

Assessment (tentative): Final assessment will depend on a combination of homework (there will be four problem sets, accounting overall to 1/2 of the grade), a take-home final (accounting to 30% of the grade), and a small project (20%). Homework and project can be solved in pairs, but you should be able to demonstrated individual contribution. More specific information is available on the class slides.

Textbook: No textbook will be required, but the following are great resources to support the class (most of them are available for download):


The following schedule will grow as we proceed with the class, and list what we covered in class.

WeekDate Lecture contents Additional reading material Assignments
1 2017-01-17 Welcome to CS290G
  • Course organization
  • Introduction to cryptographic thinking and provable security: One-time pad and Diffie-Hellman key exchange
2 2017-01-22 Computational Hardness and one-way functions
  • Computational resources
  • Polynomial time and negligible functions
  • One-way functions
  • Notes on Piazza
  • Pass-Shelat notes, Sec 2.2
2017-01-24 (Computational) Indistinguishability and PRGs
  • Definition of distinguishing advantage
  • Definition of a PRG
  • Non-existence of uncondtional PRGs
  • PRGs and OWFs
  • Intro to hardcore predicates
  • Lecture notes on Piazza
  • HW1 (posted 1/26)
3 2017-01-29 Pseudorandomness (cont'd)
  • Hardcore predicates: Definition and examples (Goldreich-Levin, Discrete Logs and the MSB).
  • One-way permutations to PRGs via hardcore predicates
  • PRG extension and hybrid arguments
  • Notes on Piazza
2017-01-31 PRGs and PRFs
  • Recap hybrid arguments
  • Pseudorandom functions (PRFs): Definitions
  • The GGM construction
  • Lecture notes on Piazza
3 2017-02-05 Pseudorandom functions and permutations
  • Block ciphers
  • Pseudorandom permutations (PRPs)
  • The Birthday Paradox
  • Relationwhip between PRFs and PRPs: The switching lemma
  • From PRFs to PRPs via the Feistel Construction
  • Notes on Piazza
2017-02-07 Introduction to encryption
  • IND-CPA security and semantic security
  • Construction of an encryption scheme from a PRF via counter-mode encryption
  • Lecture notes on Piazza
  • HW1 (posted 1/26)