A nano-course in modern cryptography
A nano-course in modern cryptography
A Short Course
— Prof. Venkata Koppula, IIT Delhi
While cryptography has been around for centuries, since the middle of twentieth century, cryptography has gradually moved from ‘art’ to ‘science’. Today, most cryptographic primitives/protocols come with a formal security proof. In this lecture series, we will discuss how to define security for cryptographic primitives, followed by constructions, security proofs (and vulnerabilities in real-world cryptosystems).
Venkata Koppula is an Assistant Professor at IIT Delhi. His primary area of research is theoretical cryptography.
- Dates: 21-26 December
- Format: Hybrid (over Zoom and at 7/101)
- Time: 5-6:30pm
Anyone with interest in theoretical computer science is welcome to attend. No cryptography background will be assumed.
Join us on Zoom! Use this link with the following details.
- Meeting ID: 994 5573 9745
- Passcode: 007700
Teaching Plan
Lecture 1: How to define security?
We will start with the most basic security setting: Alice and Bob share a secret key, and want to use this secret key for exchanging information securely. The cryptographic primitive that is used for this is called private-key encryption. In this first lecture, we will build towards a popular security definition (called security against ‘chosen plaintext attacks’) for private key encryption.
Show that any correct encryption scheme with perfect one-time security must have key space at least as large as the message space.
In the first lecture, we discussed one-time perfect security. This definition aims to capture the intuition that the adversary does not learn anything about the message if the scheme is one-time perfectly secure.
Suppose an encryption scheme is one-time perfectly secure. Show that no adversary, given an encryption of a uniformly random message (using a uniformly random key), can compute the parity of the message bits (with probability 1). You can assume the message space is n-bit strings.
Lecture 2: The first construction Part I
In this lecture, we will discuss how to build a private-key encryption scheme secure against chosen-plaintext attacks. We will then discuss how to optimise the ciphertext size (without compromising on security). We will conclude this lecture with a popular cryptographic standard (PKCS v1.5) which was proposed and implemented in the 90s.
Lecture 3: The first construction Part II
In this lecture, we will discuss how to build a private-key encryption scheme secure against chosen-plaintext attacks. We will then discuss how to optimise the ciphertext size (without compromising on security). We will conclude this lecture with a popular cryptographic standard (PKCS v1.5) which was proposed and implemented in the 90s.
Lecture 4: The need for stronger security
While the PKCS v1.5 satisfies security against ‘chosen-plaintext attacks’, it turns out that this security is not enough for the real-world! We will start this lecture with an attack on the PKCS v1.5 scheme, then discuss a stronger definition (called security against ‘chosen ciphertext attacks’). This is now the ‘gold standard’ security definition for encryption schemes. In order to achieve this security, we require a new cryptographic primitive called ‘message authentication codes’. We will define and build message auth. codes. Next, we will see how to use message authentication codes to achieve security against chosen-ciphertext attacks.
Lecture 6: Digital signatures
Digital signatures are an essential component in the public key infrastructure. We will discuss their role in public key infrastructure, as well as their importance as a standalone primitive). We will conclude this lecture with a construction of a digital signature scheme.
