Cryptography and Information Security Lab

Department of Computer Science and Automation

CSA E0 235 : Cryptography
(August - December 2025)

Instructor: Arpita Patra (Email: arpita AT iisc DOT ac DOT in)

Timings: 11:30 am - 1:00 pm on Tuesday and Thursday.

Venue: CSA 112

Study Materials

  • (KL) “Introduction to Modern Cryptography” by Jonathan Katz and Yehuda Lindell, second edition 2014, CRC Press.
  • (Gol) “Foundations of Cryptography” by Oded Goldreich.
  • (BS) “A Graduate Course in Applied Cryptography” by Dan Boneh and Victor Shoup. [Link]
  • (Sti) “Cryptography: Theory and Practice” by Douglas R. Stinson, third edition 2003, CRC.

Course Description

  • One way Functions (Permutations), Hard-core Predicates, Pseudo-random Generators, (Strong) Pseudo-random Functions (Permutations).
  • Secret Key Encryptions (SKE): Various security notions such as Perfect Security, Semantic Security, Indistinguishability based Security, CPA Security, CCA Security, Constructions, Block Cipher Mode of Operations.
  • Message Authentication Codes (MAC): Various Security notions such as CMA Security, (weak/strong) CMVA security, Domain Extension, CBC-MAC.
  • Advanced Encryption Schemes: Authenticated Encryptions.
  • Introduction to Secure Computation (Yao’s 2PC protocol and Circuit Garbling).
  • Number Theory: Preliminaries, Modular arithmetic, elementary group theory, CRT, hardness assumptions.
  • Trapdoor permutations: definitions, construction based on factoring, CR Hash functions based on number-theoretic assumptions.
  • Public-key encryption: Implications of Semantic Security, Textbook RSA, Padded RSA, ElGamal, CCA secure public key encryption.
  • Digital signatures: definitions, hash-and-sign paradigm, Lamport’s scheme, RSA signatures.
  • Protocols: Identification protocols, proving properties in zero knowledge, non-interactive proof systems and applications.

Grading

  • Two midterm exam (40 points)
  • One reading project (20 points)
  • Endterm exam (40 points)
  • Cryptic Bonus Problem (10 points)
  • Note: A student can score a maximum of 100 points.

Announcements

  • The second midterm will be held on Friday, 17th October 2025, 09:30 am - 12:00 pm in CSA 112.
  • The first midterm will be held on Friday, 12th September 2025, 11:00 am - 01:00 pm in CSA 112.
  • Tutorial sessions will be held on every Friday, 11:30 am - 01:00 pm in CSA 112.
Academic Integrity
  • Improper academic behaviour: Copying during exams, copying of homework assignments, term papers or manuscripts, verbatim or paraphrased. Allowing or facilitating copying, or writing a report or exam for someone else. Using unauthorized material and collaborating when not authorized. [Details]
  • Action: In the case of a violation of the academic integrity, the student’s ID will be reported to the Office of Career Counselling and Placement (OCCaP).

Lectures
  • Lecture 1 :  Introduction, Classical Crypto vs. Modern Crypto, Three Pillars of Modern crypto (definition + assumption + proof), Classical ciphers and pitfalls. Inroad towards Modern Crypto.
  • References : [Slides], Chapter 1 of KL and BS
  • Date : 12-08-2025
  • Lecture 2 :  Perfect Security for SKE: Definition, Construction (Vernam Cipher), Proof; Drawbacks of OTP.
  • References : [Slides], Chapter 2 of KL and BS
  • Date : 14-08-2025
  • Lecture 3 :  More definitions of Perfect Security and their equivalence with Shannon's perfect security definition. Shannon's Theorem. Perfect Indistinguishability-- game-based definition. Proof of limitations on key space/length and key reusability.
  • References : [Slides], Chapter 2 of KL and BS
  • Date : 19-08-2025
  • Lecture 4 :  Perfect Security for Secret Sharing: Definition. Threshold Secret Sharing: Constructions (Additive Secret Sharing, Ito-Saito-Nishizeki Secret Sharing), Analysis.
  • References : [Slides], Chapter 13 of KL and Chapter 22 of BS
  • Date : 21-08-2025
  • Lecture 5 :  Basics concept of Abstract Algebra. Polynomials over Field. Lagrange Interpolation. Shamir Secret Sharing. Perfectly-Secure Message Transmission (PSMT). BGW MPC Protocol for Linear Functions.
  • References : [Slides], Chapter 13 of KL and Chapter 22 of BS
  • Date : 26-08-2025
  • Lecture 6 :  Introduction to Computational Security. Definitions of PPT and negligible functions, Security Parameter. Asymptotic Approach. Ind(istinguishability) Security and its relation to weaker security notions of Parity Prediction (pr) and Message Recovery (mr). Introduction to Reduction-based proofs and the proof of 'ind-security implies parity-prediction security'. Necessity of the relaxations in threat and break models to overcome the hurdles of perfect secrecy.
  • References : [Slides], Chapter 3 of KL and Chapter 2 of BS
  • Date : 28-08-2025
  • Lecture 7 :  Pseudorandomness and Pseudo-random Generators (PRG), Indistinguishability Security, Statistical Tests, Next-bit Prediction Security, Impossibility of PRG against unbounded adversary, ind-secure SKE from PRG, Proof of security.
  • References : [Slides],Chapter 3 of KL and BS
  • Date : 02-09-2025
  • Lecture 8 :  Multiple Message Security vs. Single Message Security, Applications of ind-secure SKE -- Anonymous Message Transfer/Onion Routing, PRG with one-bit expansion implies PRG with many-bit expansion, Hybrid Arguments.
  • References : [Slides], Chapter 3 of KL and BS
  • Date : 04-09-2025
  • Supplementary Lecture 1 :   Practical Instantiation of PRGs and PRFs: LFSR, Trivium, DES.
  • References : [Slides [PRG]], [Slides [PRF]], Chapter 6 of KL
  • Date : 09-09-2025
  • Lecture 9 :  Applications of PRG -- Coin-tossing and Commitment Schemes, Chosen Plaintext Attack (CPA), CPA-security, Pseudo-random Functions (PRF).
  • References : [Slides], Chapter 3 of KL and Chapter 4 of BS
  • Date : 16-09-2025
  • Lecture 10 :  SKE based on PRF, Proof for CPA-security, PRG implies PRF -- GGM/tree construction.
  • References : [Slides], Chapter 3 of KL and Chapter 4,5 of BS
  • Date : 18-09-2025
  • Lecture 11 :  Yao's 2PC, Circuit Garbling as an application of CPA-secure SKE.
  • References : [Slides], A Proof of Yao's Protocol for Secure Two-Party Computation' by Yehuda Lindell and Benny Pinkas (available online)
  • Date : 23-09-2025
  • Lecture 12 :  One-way Functions (OWF), One-way Permutations (OWP), Hard-core Predicates, Partial proof of Goldreich-Levin, OWP + Hardcore predicates imply PRG with one bit expansion.
  • References : [Slides], Chapter 7 of KL
  • Date : 25-09-2025
  • Lecture 13 :  CCA Security, Padding Oracle attack on CBC Mode, Authenticated Encryption, MAC Syntax and Security definition, Construction of MAC from PRF.
  • References : [Slides], Chapter 3,4 of KL
  • Date : 03-10-2025
  • Lecture 14 :  Autheticated Encryption from cpa-secure SKE and strong cma-secure MAC; Encrypt and Autheticate, Autheticate then Encrypt, Encrypt then Autheticate Paradigms, Proof of security for Encrypt then Autheticate Paradigm; Looking back and Ahead; One-way Functions.
  • References : [Slides], Chapter 4 of KL
  • Date : 07-10-2025
  • Lecture 15 :  Hash Functions, Collision Resistance, Merkle–Damgård Construction.
  • References : [Slides], Chapter 5 of KL
  • Date : 09-10-2025
  • Lecture 16 :  Birthday Attack, Merkle Tree, Applications, Random Oracle Model, Commitment Scheme.
  • References : [Slides], Chapter 5 of KL
  • Date : 14-10-2025
  • Lecture 17 : Key Exchange Protocol, Cyclic Groups, Assumption on Cyclic Groups, Candidate Cyclic Groups, Diffie-Hellman Key Exchange Protocol.
  • References : [Slides], Chapter 8,10 of KL
  • Date : 16-10-2025
Tutorials
  • Tutorial 1 :  Classical Cryptography and Perfect Security for SKE.
  • Question Set : [Tutorial 1]
  • Date : 22-08-2025
  • Tutorial 2 :  Perfect Security for SKE and Secret Sharing.
  • Question Set : [Tutorial 2]
  • Date : 29-08-2025
  • Tutorial 3 :  Secret Sharing and Computational Security.
  • Question Set : [Tutorial 3]
  • Date : 11-09-2025
  • Tutorial 4 :  Pseudorandom Generators (PRG).
  • Question Set : [Tutorial 4]
  • Date : 11-09-2025
  • Mid-Semester Problems :   Midterm Solution Discussion.
  • Date : 19-09-2025
  • Tutorial 5 :  Pseudorandom Functions (PRF) and CPA.
  • Question Set : [Tutorial 5]
  • Date : 26-09-2025
  • Tutorial 6 :  One way Functions (OWF) and Garbled Circuits.
  • Question Set : [Tutorial 6]
  • Date : 30-09-2025
  • Tutorial 7 :  CCA-Security, MACs, CRHFs.
  • Question Set : [Tutorial 7]
  • Date : 10-10-2025
Reading Projects
    1. Communication Complexity of Secure Computation   Reference: [Paper].
    1. Advanced Encryption Standard (AES)   Reference: KL book.
    1. CTR Mode + Proof   Reference: KL book.
    1. PRF to SPRF (Luby Rackoff)   Reference: KL book.
    1. Secret Sharing Made Short   Reference: [Paper].
    1. GMW Protocol   Reference: [Paper].
    1. Information-Theoritic MACs   Referenec: KL book.
    1. Constructing CRHF from DL Problem   Reference: KL book.
    1. Constructing from DDH Problem   Reference: [Paper].
    1. Pederson Commitment Scheme   Reference: [Paper].
Cryptic Bonus Problems
    1. Indian connection to Cryptography: Find some developments in cryptography done in India from the prehistoric times to classical period but excluding modern cryptography.
    1. Decipherment of Indus Script: Critcize [this paper] based on the methods that have been used for the deciphermnent and argue why you think it may not work or provide arguments in support of the methods used and describe how a successful decipherment was achieved.



(c) 2024 Arpita Patra