Instructor  Andrew Miller soc1024@illinois.edu  

TA  Yunqi Li  
Location  ECEB 3013, also Zoom  
Lecture Times 
Monday, Wednesday, Friday 4:00pm 4:50pm 

Lectures are also available online via Echo360.  
Office  Andrew: CSL 461  Yunqi: Zoom 
Office Hours 
Andrew: Thursdays 2:30pm3:30pm  Yunqi: Wednesday 2:30pm3:30pm 
Piazza  https://piazza.com/illinois/fall2021/c93b  
Discord:  see piazza for link 
Cryptographic protocols are fundamental techniques for building secure systems, even against powerful attackers. Traditionally, cryptography is concerned with communication channels that lets Alice and Bob send messages, (e.g., “Let’s meet by the bridge at 5pm!”) while preventing an eavesdropper Eve from observing the message or tampering with the contents. Cryptography is already widely deployed, for example the TLS protocol is used every time you visit your bank’s website and see a green “padlock” symbol in your browser. Cryptography can also be used for much more than just secure channels. An emerging trend is the use of “computation over encrypted data.” For example, how can we perform a query over encrypted database?
The goal of this course is to introduce the concepts of modern cryptography, including a combination of both theoretical foundations (how do we precisely state security guarantees and assumptions, and prove that a protocol is designed correctly?) and practical techniques. At the end of this course, you will know how to apply cryptographic techniques in the design and analysis of secure distributed systems. This course is intended for senior undergraduate students with an interest in applying cryptographic techniques to building secure systems, and for graduate students with an interest in cryptography or systems security.
Main themes of the course include: Provable security. This course will introduce the modern theory of cryptography, where we provide rigorous proofs that a protocol is secure in spite of interference from arbitrary malicious adversaries (assuming preciselystated models of network primitives and computationallyhard problems). Protocols for secure computing. Traditionally, the goal of cryptography is to build a secure communication channel between Alice and Bob. However, recently, the toolbox of practical cryptographic protocols has become much more versatile and powerful. This course will focus on the application and analysis of protocols for diverse applications, such as secure outsourcing of storage and computing over encrypted data. Failures and limitations of cryptography. Many (if not the vast majority of) deployed cryptosystems have been plagued with vulnerabilities, stemming from ad hoc protocol design, incorrect implementations, and overlysimplistic security models. This course will cover many examples of highprofile attacks.
Prerequisites:
All lecture recordings are available via the media space channel [Mediaspace Channel for ECE/CS 407]
Week 1: Introduction  

Monday, Aug 23  Course introduction, syllabus 
Lecture notes (slides) 
Wednesday, Aug 25  Cryptography for laypeople, journalists, and cypherpunks  Lecture notes (slides)

Friday, Aug 27  Warmup: One Time Pad 
Lecture notes [pdf] Reading: Joy Chapter 1: (pdf) Additional notes: Chapter 1, Pass and Shelat 
Week 2:  
Monday, Aug 30  Basics of provable security, confidentiality definitions 
Scribbles (pdf) Reading: Joy Chapter 2: (pdf) Additional notes: Section 1.3 from Pass and Shelat 
Wednesday, Sep 1  One way functions, pseudorandomness 
Scribbles (pdf) Reading: Joy Chapter 4: (pdf) Additional notes: Sections 3.5, 3.6, 3.7, 3.9 from Pass and Shelat 
Friday, Sep 3  Psuedorandom generators and PRF 
Lecture Notes: (pdf) Reading: Joy Chapter 5: (pdf) Additional notes: Pass & Shelat, 2.2 OneWay Functions, 3.4 HardCore Bits from Any OWF The strange story of "Extended Random"(blog) 
Week 3: More symmetric key encryption  
Monday, Sep 6  LABOR DAY NO CLASS  
Wednesday, Sep 8  Pseudorandom functions and block ciphers 
Scribbles (pdf) Reading: Joy Chapter 6 (pdf) 
Friday, Sep 10  Garbled Circuits 
MP1 Release Lecture notes (slides) Reading: Pass & Shelat, 6.2 Yao Circuit Evaluation 
Week 4: More encryption, Message Authentication  
Monday, Sep 13  Chosen Plaintext Attacks  Lecture Notes: (pdf) Reading: Joy Chapter 7 (pdf) 
Wednesday, Sep 15  Block Cipher Modes  Lecture notes: (pdf) Reading: Joy Chapter 8 (pdf) 
Friday, Sep 17  Chosen Ciphertext attacks  Lecture notes: (pdf) Reading: Joy Chapter 9 (pdf) 
Week 5: Interactive Proofs  
Monday, Sep 20  Message Authentication Codes 
Lecture notes: (pdf) Joy Chapter 10 (pdf) More notes: Pass and shelat, 5.1, 5.2. 
Wednesday, Sep 22  Cyclic Groups 
Lecture notes: (pdf) Joy Chapter 14 (pdf) 
Friday, Sep 24  More Groups  Lecture notes: (pdf) Zoom recording: (zoom) 
Week 6:  
Monday, Sep 27  Interactive Zero Knowledge proofs 
Lecture Notes (pdf) MP1 due, MP2 (partial) Release Pass and shelat, 4.34.6 (zeroknowledge, interactive protocols, proofs, and zeroknowledge proofs) 
Wednesday, Sep 29  More Zero knowledge  MP2 (full) Release Lecture Notes (pdf) Illustrated Primer on ZK (blog) 
Friday, Oct 1  Zero knowledge composition  Lecture Notes (pdf) On Σprotocols (pdf) 
Week 7: More ZKP  
Monday, Oct 4  More ZKP, Commitments 
Lecture Notes (pdf) Susan Hohenberger's notes (1) 
Wednesday, Oct 6  Noninteractive ZK and signatures 
Susan Hohenberger's notes
(2) 
Friday, Oct 8  Still more ZKP, Diffie Hellman Key Exchange  Lecture notes (pdf) 
Week 8:  
Monday, Oct 11  Project Day  
Wednesday, Oct 13  Review for Midterm  MP2 Due 
Friday, Oct 15  MIDTERM synchronous portion  
Week 9:  
Monday, Oct 18  Polynomials, Secret sharing, MPC 
Lecture notes (pdf)
Midterm take home portion release Reading: Joy, Chapter 3 
Wednesday, Oct 20  More MPC  
Friday, Oct 22  Yet more MPC  Project proposals due 
Week 10:  
Monday, Oct 25  Collision resistance 
Midterm takehome portion due. Reading: Joy Chapter 11 More notes on MPC (pdf) MP3 release. 
Wednesday, Oct 27  Still more MPC  More MPC (pdf) 
Friday, Oct 29  Collision resistance, Public Key Encryption  Reading: Joy Chapter 15 Lecture notes (pdf) 
Week 11:  
Monday, Nov 1  EVoting  Lecture notes (pdf) 
Wednesday, Nov 3  RSA crypto system  Reading: Joy Chapter 13 Lecture notes (pdf) 
Friday, Nov 5  Fault attacks on RSA  Reading: Boneh Demilo Lipton (pdf)
Stanford Number Theory notes: (web) Lecture notes (pdf) 
Week 12:  
Monday, Nov 8  Side channels  MP3 due. Lecture slides: (slides) 
Wednesday, Nov 10  Authenticated Data Structures  Lecture Notes (slides) 
Friday, Nov 12  Authenticated Encryption, Forward Security  Project Checkpoints Due Lectures notes (pdf) 
Week 13: More protocols  
Monday, Nov 15  Private Information Retrieval  MP4 release
Lecture notes: (pdf) 
Wednesday, Nov 17  Oblivious RAM  Slides from Mark Ryan (pdf) 
Friday, Nov 19  CLASS CANCELED  happy thanksgiving 
Fall Break: November 2028  
Week 14: Lattices, Garbled Circuits Security  
Monday, Nov 29  Lattices and Ajtai hash  More notes: Lecture notes: (pdf) 
Wednesday, Dec 1  Pairings and Polynomial commitments  
Friday, Dec 3  Cut and Choose & Garbled Circuits Security  
Week 15:  
Monday, Dec 6  Some Ethics and Cryptography  MP4 due. Moral Character of Cryptographic Work (pdf) 
Wednesday, Dec 8  Project Presentations  Final Exam takehome portion released (1 hour) Due prior to Final Exam period. 
Final Exams  
Tuesday Dec. 14  Final exam 7:00pm10:00pm. in ECEB 3013 
A proposal for each final project must be submitted to and accepted by the instructor by the proposal deadline.