**Instructors:** Nilanjan Datta and Subhabrata Samajder**Teaching Assistant:** Hrithik Nandi and Mriganka Dey

`Course Objective:`

`Course Objective:`

Cryptology is concerned with the conceptualization, definition, and construction of computing systems that address security concerns. The objective of this course is to provide a basic understanding of cryptographic concepts, mathematical tools used for cryptography and how to use these tools in solving cryptographic problems, building new cryptographic primitives, analyzing the security of cryptographic protocols, and understanding key management and key exchange issues at a basic level. The focus is given on the basic mathematical tools as well as some new advanced cryptographic tools and the advances in research using those tools.

`Syllabus:`

`Syllabus:`

**Introduction:**Classical Ciphers, Shannon Cipher, Perfect Security, Computational Ciphers and Semantic Security.**Encryption:**Stream Ciphers, Pseudo random generators, LFSR based stream ciphers, RC4 and its Cryptanalysis; Block ciphers: Design principle, AES and its design rationale, light-weight block cipher design; Security Notions, Modes of operation: ECB, CBC, OFB, Counter mode.**Cryptanalysis:**Goal and power of an adversary; Differential and Linear Cryptanalysis; Some advanced cryptanalysis (integral, impossible differential) and its applications.**Hash Function:**Collision resistant (CR) hash functions, birthday attacks CR hash, The Merkle- Damgard paradigm, Joux’s multi-collsion attacks; Universal hash functions (UHF), constructing UHFs.**Message Integrity:**Message authentication codes (MACs); Designing MACs from CR hash, Case Study: HMAC, Sponge based MACs; Designing MACs from UHF, The Carter-Wegman MACs, Nonce based MACs.**Authenticated Encryption (AE):**Motivation, Security, Designing AE: Generic Paradigm, Integrated AE; Features of AE, Light-weight AE design.**Public Key Cryptosystems:**Discrete Logarithm Problem, Diffie Hellman Key Exchange Protocol – security proofs and some related hardness results on CDH and DDH, RSA Encryption and Its variants, Elgamal Encryption Scheme, Digital Signatures – Attacks on Plain RSA signatures, Full Domain RSA, Identification Scheme, Fiat-Shamir Transform, Schnorr Signatures, DSA and ECDSA, PKI.

`References:`

`References:`

[1] J. Katz and Y. Lindell: Introduction to Modern Cryptography, Chapman & Hall/CRC, 2007. [Online Link]

[2] D. Boneh, V. Shoup: A Graduate Course in Applied Cryptography. [Online Link].

[3] D. R. Stinson, M. B. Paterson: Cryptography Theory and Practice, 4th ed., Chapman & Hall/CRC, 2018. [Online Link]

[4] K. Sakiyama, Y. Li and Y. Sasaki: Security of Block Ciphers: From Algorithm Design to Hardware Implementation, Published by Wiley & Sons, Incorporated, John, 2016. ISBN 10: 1118660013. [Available in Library]

[5] V. Shoup: A Computational Introduction to Number Theory and Algebra, Cambridge University Press. [Online Link]

[3] D. R. Stinson, M. B. Paterson: Cryptography Theory and Practice, 4th ed., Chapman & Hall/CRC, 2018. [Online Link]

[4] K. Sakiyama, Y. Li and Y. Sasaki: Security of Block Ciphers: From Algorithm Design to Hardware Implementation, Published by Wiley & Sons, Incorporated, John, 2016. ISBN 10: 1118660013. [Available in Library]

[5] V. Shoup: A Computational Introduction to Number Theory and Algebra, Cambridge University Press. [Online Link]

**Board-works and Slides:**

**Board-works and Slides:**

** Symmetric Key Cryptography**

- Lecture 1: Introduction to Cryptology. [Boardwork]
- Lecture 2: Classical Ciphers and their Cryptanalysis, Introduction to Modern Cryptography. [Boardwork]
- Lecture 3: An Introduction to Perfect Secrecy. [Boardwork]
- Lecture 4: Alternate Definitions of Perfect Secrecy, One Time Pad, and Limitations of Perfect Secrecy. [Boardwork]
- Lecture 5: Computational Security, Necessary Relaxations, Indistinguishability under Eavesdropper, Semantic Security. [Boardwork]
- Lecture 6: Proof by Reduction: Concept and Some Motivating Examples, Indistinguishability under Eavesdropping Adversary implies Unpredictability in Message Bit-guessing. [Boardwork]
- Lecture 7: Equivalence of Computational Indistinguishability and Semantic Security, Pseudo Random Generators, A Computational Indistinguishable Encryption Scheme from PRG. [Boardwork]
- Lecture 8: IND-CPA Security Notion, Left-or-Right and Real-or-Random Indistinguishability, Pseudo Random Function, An IND-CPA Secure Construction from PRF. [Boardwork]
- Lecture 9: An IND-CPA Secure Construction from PRF (continued), PRP and SPRP Security Notion, Block Cipher, Block Cipher Modes of Operation (ECB, CBC). [Boardwork]
- Lecture 10: Block Cipher Modes of Operation (CFB and Counter Mode), Security of Counter Mode Encryption, IND-CCA Security Notion. [Boardwork]
- Lecture 11: Message Authentication Codes, Security Notions: EUF-CMA, SUF-CMA, UUF-CMA, Message Authentication Codes from PRF – Single block and Multiple Block Messages. [Boardwork]
- Lecture 12: Message Authentication Codes from PRF, Authenticated Encryption and its Security Notion, Design of AE through Generic Composition: EaM, MtE and EtM, Security Results of AE with Generic Composition. [Boardwork]
- Lecture 13: Block Cipher, Block Cipher Designs: SPN and Feistel, An Introduction to AES Block Cipher. [Boardwork]
- Lecture 14: AES Block Cipher: Key Schedule and Design Rationale. [Boardwork]
- Lecture 15: Hash Function, Security Notions and their Implications, Hash function as Random Model Oracle, Birthday Paradox. [Boardwork]
- Lecture 16: Hash Function from Compression functions: Merkle Damgard Hash, Davies Meyer Compression function, Hash Function from Public Permutations: Sponge based design, Applications of Hash functions. [Boardwork]
- Lecture 17: Keyed Hash Function, Security Notions and their implications, Examples: PolyHash, Light-MAC Hash, MACs from keyed Hash: Hash-then-PRF paradigm, Wegman-Carter, Nonce based Wegman-Carter, HMAC. [Boardwork]
- Lecture 18: Stream Ciphers, Block cipher-based Stream Cipher Design, LFSR-based Stream Cipher Design, Some Stream Cipher Designs: CSS, Trivium, RC4, Some Cryptanalytic Results on CSS and RC4. [Boardwork]
- Lecture 19: Block Cipher Cryptanalysis: Goal, Power of the adversary, Attack Complexity, Differential Cryptanalysis, Impossible Differential Cryptanalysis. [Slides]
- Lecture 20: Block Cipher Cryptanalysis: Linear Cryptanalysis, Integral Cryptanalysis.
**Public Key Cryptography**All board works and notes on public-key cryptography will be uploaded here.

**Assignments and/or Practice Problems:**

**Assignments and/or Practice Problems:**