General description

Cryptography delivers tools for protecting confidentiality and integrity of data. These tools are already used at scale to protect billions of daily online transactions, e.g., within the TLS protocol, in end-to-end encrypted messaging applications (like Signal), and in a myriad of other applications. At the same time, modern cryptography has developed a number of tools whose end goal extends beyond that of solely protecting confidentiality and integrity, such as zero-knowledge proofs, secure multi-party computation, and fully-homomorphic encryption. In addition to its benefits to computer security, a unique aspect of modern cryptography is how it interfaces with theoretical computer science -- both by adopting tools and techniques, but also by inspiring problems and directions.

This course gives a comprehensive introduction to cryptography. The focus is on (1) understanding how existing tools work; (2) how to formalize the security goals they achieve, and (3) how to prove that they achieve these goals. The class will aim to be both of interest to theory students, as well as to a broader audience interested in using cryptography in a sound way. In partcular, a main objective is exposure to the paradigm of provable security which allows us to reason rigorously about cryptographic security.

Topics will include (tentative): Cryptographic pseudorandomness, encryption (secret- and public-key), key-agreement, authentication, hash functions, digital signatures, basics of post-quantum cryptography, introduction to cryptographic protocols (multi-party computation and zero-knowledge proofs)

Required background: Students are expected to be ready to understand and write mathematical definitions and proofs. Exposure to basic probability, discrete mathematics, and theory of computing is also expected. (If in doubt, please reach out to the instructor.)


There is no mandatory textbook. Notes and reading material will be posted here. The following is a list of great resources to reference to (most of these are available for free):


(This is subject to minor changes, as we adapt to the challenges of online teaching.) There will be four homework assignments, and one take-home final exam. Each student is responsible for scribing the note for one class, which will be posted online. Each homework accounts for 15% of points, the final accounts for 30% of points. Participation is 10%. Your final grade will be based on the weighted total points.


This is a tentative schedule meant to give an overview of the topics we are going to cover. It will be expanded as proceed in the quarter.

WkDate Lecture contents Assignments / Reading
1 03/30 Introduction
  • Welcome / organizational details
  • What is cryptography?
  • Example applications
  • The provable security paradigm
04/01 Symmetric encryption: Perfect-secrecy, information-theoretic vs computational security
2 04/06 Pseudorandom Generators I
04/08 Pseudorandom Generators II
3 04/13 Pseudorandom Functions I
04/15 Pseudorandom Functions II
4 04/20 Symmetric Encryption
04/22 Message Authentication
5 04/27 Authenticated Encryption
04/29 Public-key cryptography and key-agreement
6 05/04 Public-key encryption I
05/06 Public-key Encryption II
7 05/11 Digital Signatures
05/13 Pairings & Identity-based Encryption
8 05/18 Lattice-based cryptography I
05/20 Lattice-based cryptography II
9 05/25 No Class: Memorial Day!
05/27 Zero-knowledge Proofs
10 06/01 Multi-Party Computation I
06/03 Multi-Party Computation II