Important: COVID19 measures
This class will take place
in person during an ongoing pandemic. Needless to say, this will require a high degree of flexibility (and compliance) on everyone's part to succeed and to ensure everyone's safety. The following are some important remarks  read them carefully:
 If you have symptoms, stay home! Follow all appropriate guidelines for testing and isolating.
 Masking during class is mandatory. Please refer to UW's COVID19 face cover policy for details.
 Classes will be automatically recorded and made available on Panopto, as soon as technically feasible after class.
 We plan to hold some of the office hours in person, but we may adjust the policy as the quarter progresses depending on preferences and demand. Stay tuned for more information. We will in particular introduce a policy to prevent overcrowding of physical spaces.
 We are not planning for inperson exams. Both the midterm and final exams will be in take home format, to be solved individually.
 There will be no sections or office hours during the first week of instruction ("Week 0")  this will give us the necessary time to roll out safe protocols.
 Attend your assigned section to avoid overcrowding of rooms.
 If you want DRS accommodations (e.g., because you have a condition that would make it unsafe or undesirable to be indoor in a classroom), you should email DRS as soon as possible. DRS will contact us directly to get these accomodations set up for you.
You should expect that many policies will be subject to change. Part of this will be about refining existing processes, but we may also be subject to new regulations, and the conditions of the pandemic may force us to be back online. Be flexible and proactive. We may need to cancel classes on short notice, or take other extrardinary measures in the case the staff or some of you are going to become ill. Make sure to subscribe to edstem notifications so that you can be alerted quickly about possible changes.
General description
Cryptography provides important tools for ensuring the confidentiality and integrity of sensitive digital data. This course covers the design and application of important cryptographic objects, including basic cryptographic tools, such as encryption, message authentication, and digital signatures, as well as advanced cryptographic objects and protocols, such as zeroknowledge proofs, secure multiparty computation, and fully homomorphic encryption. For each cryptographic object, we formalize its security goal, show schemes that achieve the desired security, and study security attacks or security proofs that establish the insecurity or security of the scheme at hand.
Through this course, we aim to give an overview of the discipline of cryptography, the proper usage and application of important cryptographic tools, and methodologies that modern cryptography offers for developing cryptographic solutions to natural security problems.
Prereq: CSE 312 and CSE 332. The class will be selfcontained. But students are expected to be ready to understand mathematical definitions and proofs, and write simple ones. Exposure to basic probability / algebra / number theory, and theory of computing is also expected. (Contact the instructor if in doubt.)
Policies
Accommodations: We will follow UW
policies for
disability accommodations and
religious accommodations.
Academic conduct: Please also refer to UW policies on
student conduct
and
academic integerity
Resources
There is no mandatory
textbook. Slides and reading materials will be posted throughout the class. However, the following are good references about basic cryptography. (Be aware that different textbooks make very different notational choices to explain the same concepts.)
A good
overview on secure multiparty computation (from an
applier perspective) is available in
this
textbook
(available for free!)
Grading
The following grading distribution may be slightly changed to accommmodate for changes of the COVID19 situation during the course of the quarter
 Homework (60%)
 Midterm (15%, takehome)
 Final (25%, takehome)
Schedule
This is a tentative schedule meant to give
an overview of the topics we are going to cover. It will be expanded as we proceed through the quarter.
Wk  Date  Lecture contents 
Reading & Homework 
0  09/29 
Introduction
 Welcome / organizational details
 What is this class about? Why study cryptography?
 The Provable Security Angle


 10/1 
Introduction to Encryption
 Symmetric Encryption
 Attack types
 Breaking monoalphaetic substitution


1  10/4 
Onetime Pads, Perfect Secrecy, and its Limitations
 The onetime pad
 Shannon and perfect secrecy
 Limitations of perfect secrecy
 Intro to computational hardness


 10/6 
Block Ciphers and Pseudorandom Permutations I
 Definition of Block Ciphers
 Definition of random permutations


 10/8 
Block ciphers and Pseudorandom Permutations II
 Distinguishing Advantage
 Definition of Pseudorandom Permutations
 Design of AES


2  10/11 
Symmetric Encryption: Definition
 The design of AES
 Insecurity of ECB
 Introduction to semantic security


 10/13 
Symmmetric Encryption from PRFs I
 Definition of INDCPA security
 Definition of PRFs
 The PRF/PRP Switching Lemma and collision probabilities


 10/15 
Symmmetric Encryption from PRFs II
 Security proof for the simple encryption scheme
 Proofs via hybrid oracles
 Basic reductions


3  10/18 
Modes of Operation + PaddingOracles Intro
CTR encryption
CBC encryption
Padding Schemes


 10/20 
PaddingOracle Attacks
 Fixing INDCPA security for variablelength messages
 Padding oracle attacks
 Intro to ciphertext integrity


 10/22 
Hash Functions
 Definition of collisionresistance
 Applications of Hash Functions
 The MerkleDamgaard transform


4  10/25 
Hash Functions & MACs
 Security of MerkleDamgaard
 Seeded hash functions
 Introduction to MACs


 10/27 
MACs


 10/29 
Authenticated Encryption


5  11/1 
Takehome midterm: Review & Discussion
 Mostly: review on security reductions

 [Slides] (no annotations, but see panopto recording for work at the board!)
 Takehome midterm posted (see edstem)

 11/3 
Computational Number Theory
 Motivation of publickey cryptography
 Groups
 Modular arithmetic


 11/5 
Computational Number Theory II
 Exponentiation
 Cyclic groups
 The discrete logarithm problem

 [Slides]
 Takehome midterm due, 11:59pm

6  11/8 
Key Exchange
 The DiffieHellman Protocol
 The hardness of the DL problem


 11/10 
Elliptic Curves


 11/12 
Publickey Encryption and RSA
 How to build publickey encryption from tworound Key Exchange
 The ElGamal cryptosystem
 Plain RSA


7  11/15 
RSA & Factoring
 RSA & Padding
 INDCCA security & OAEP
 Hardness of factoring


 11/17 
Digital Signatures I
 Handling large RSA decryption exponents
 Fault & sidechannel attacks
 Introduciton to digital signatures


 11/19 
Digital Signatures II


8  11/22 
Authenticatd KeyExchange & TLS


 11/24 
Secure Messaging
 Secure messaging desiderata
 Symmetric Ratchet
 Continuous KeyAgreement


 11/26 
Thanksgiving (no class)


9  11/29 
Introduction to Cryptographic Protocols
 Twoparty computation and ideal functionalities


 12/1 
Twoparty Computation I
 Garbling an AND gate
 Oblivious Transfer


 12/3 
Twoparty Computation II
 Yao's protocol & Garbled Circuits
 DDHbased PSI protocol


10  12/6 
SecretSharing and MultiParty Computation
 Problem statement
 Secret sharing
 Protocol for addition
 A general solution


 12/8 
Ethics, Policy & Cryptography


 12/10 
Takehome final: Review & Discussion

