**Lectures:**Tuesday, Thursday 12:30-1:45 PM, IRB 0318**Instructor:**Daniel Gottesman (e-mail: dgottesm@umd.edu, office hours Tuesday 10:30-11:30 AM, Atlantic 3251)**Teaching Assistants:**- Amadeo David De La Vega Parra (e-mail: adelaveg@umd.edu, office hours Thursday 9:15-10:45 AM, AVW 4122)
- Samira Goudarzi (e-mail: samirag@umd.edu, office hours Wednesday 2:00-3:30 PM, AVW 4122)
- Mahathi Vempati (e-mail: mahathi@umd.edu, office hours Monday 1:30-2:30 PM, AVW 4122)

**Textbook:**Katz and Lindell, Introduction to Modern Cryptography, 3rd ed.

It may be possible to join some of these office hours by Zoom. Please e-mail the person conducting the office hours in advance to arrange a Zoom office hour if needed.

**Mid-term:**Thursday, October 20 (in class)**Thanksgiving:**Thursday, November 24 (no class)**Last lecture:**Thursday, December 8**Final exam:**Monday, Dec. 19, 1:30 - 3:30 PM (location TBA)

Problem Sets: (To be turned in on Gradescope)

- Problem Set 1 (PDF, LaTeX): Due Tues., Sep. 13, noon
- Problem Set 2 (PDF, LaTeX): Due Tues., Sep. 20, noon
- Problem Set 3 (PDF): This is a Python programming assignment. You will want this file giving the Python functions referenced in the assignment: framework.py. Due Thurs., Sep. 29, noon
- Problem Set 4 (PDF, LaTeX): Due Thurs., Oct. 6, noon
- Problem Set 5 (PDF, LaTeX): Due Thurs., Oct. 13, noon
- Mid-term practice problems (PDF): Optional and ungraded, do not turn in
- Problem Set 6 (PDF): This is a Python programming assignment. You will want this file giving the Python functions referenced in the assignment: forge.py. Due Thurs., Nov. 10, 11:59 PM
- Problem Set 7 (PDF, LaTeX): Due Thurs., Nov. 17, 11:59 PM
- Problem Set 8 (PDF, LaTeX): Due Thurs., Dec. 1, 11:59 PM
- Problem Set 9 (PDF, LaTeX): Due Thurs., Dec. 8, 11:59 PM
- Final practice problems (PDF): Optional and ungraded, do not turn in

Solution sets are available on ELMS roughly 1 week after the due date for the assignment.

Slides:

If you are reading these slides before you see the lecture and you see a "Vote" on the slide, stop and think about your answer before proceeding. The point of those votes is to get you to think about the material during the lecture.

- Lecture 1 (Aug. 30): introduction, overview, substitution cipher, and basic concepts. Textbook: Sec. 1.1, 1.2, and part of 1.3
- Lecture 2 (Sep. 1): Vigenere cipher and the one-time pad. Textbook: Sec. 1.3, 1.4
- Lecture 3 (Sep. 6): Perfect secrecy, computational bounds on the adversary. Textbook: Chapter 2, Sec. 3.1
- Lecture 4 (Sep. 8): Pseudorandomness, EAV security. Textbook: Sec. 3.2, part of 3.3
- Lecture 5 (Sep. 13): Pseudo one-time pad, stream ciphers, RC4. Textbook: Sec. 3.3, 3.6.1, 7.1.4
- Lecture 6 (Sep. 15): CPA security, block ciphers. Textbook: Sec. 3.4, 3.5, 3.6
- Lecture 7 (Sep. 20): DES. Textbook: Sec. 7.2.2, 7.2.3
- Lecture 8 (Sep. 22): Substitution-permutation networks, AES, side-channel attacks. Textbook: Sec. 7.2.1, 7.2.5.
- Lecture 9 (Sep. 27): Diffie-Hellman, modular arithmetic. Textbook: parts of Sec. 9.1, 11.3.
- Lecture 10 (Sep. 29): Group theory. Textbook: Sec. 9.1.3, 9.1.4.
- Lecture 11 (Oct. 4): Euler-Fermat theorem. Textbook: Sec. 9.1.4, parts of 9.3.
- Lecture 12 (Oct. 6): Breaking Diffie-Hellman with poor parameters, choice of parameters for Diffie-Hellman, finding primes. Textbook: Sec. 9.1.5, 9.2.1, 9.2.2, 10.2.1.
- Lecture 13 (Oct. 11): Hardness of discrete log, security of Diffie-Hellman. Textbook: Sec. 9.3.2, 9.3.3, 11.3.
- Lecture 14 (Oct. 13): El Gamal public key encryption, KEM/DEM. Textbook: Sec. 12.2 (except 12.2.3), 12.3 (except 12.3.2), 12.4.1 and 12.4.2.
- Lecture 15 (Oct. 18): Review of reductions, number theory, group theory.
- Lecture 16 (Oct. 25): RSA. Textbook: Sec. 9.2.4, much of 12.5.
- Lecture 17 (Oct. 27): Message authentication codes. Textbook: Sec. 4.1, 4.2, 4.3, 4.4.1.
- Lecture 18 (Nov. 1): Hash functions. Textbook: Sec. 6.1, 6.2, 6.3.1, 6.4.1, 7.3.1, 7.3.2, parts of 6.5.
- Lecture 19 (Nov. 3): Applications of hash functions: verifying file storage, bit commitment. Textbook: Sec. 6.6.
- Lecture 20 (Nov. 8): CCA security and authenticated encryption. Textbook: Sec. 5.1, 5.2, 5.3.
- Lecture 21 (Nov. 10): authenticated encryption, CCA security for public key protocols, introduction to digital signatures. Textbook: Sec. 5.3, 12.2.3, 12.3.2, parts of 12.4.4 and 12.5.5, 12.5.4, 13.1.
- Lecture 22 (Nov. 15): RSA and discrete-log based digital signatures. Textbook: Sec. 13.2, 13.4, 13.5.1, 13.5.3.
- Lecture 23 (Nov. 17): Certificate authorities, TLS. Textbook: Sec. 13.6, 13.7, 13.8.
- Lecture 24 (Nov. 22): Quantum computers, quantum key distribution. Textbook: Sec. 14.1, 14.2.
- Lecture 25 (Nov. 29): Post-quantum cryptography. Textbook: Sec. 14.3.
- Lecture 26 (Dec. 1): Overview of other kinds of cryptography.
- Lecture 27 (Dec. 6): Review of basic principles, cryptographic primitives, and cryptographic protocols.
- Lecture 28 (Dec. 8): Review of modular arithmetic and group theory.

- Classical cryptography
- Modern private-key cryptography (including one-time pad, pseudorandom generators and functions, security definitions and proofs, DES, AES)
- Public key encryption (including purpose and applications, RSA)
- Authentication (including message authentication codes, digital signatures)
- Additional advanced topics, as time permits (possibilities include post-quantum cryptography, quantum key distribution, secure multiparty computation, homomorphic encryption, blockchain)

- Terminology, types, and techniques of cryptographic protocols
- What makes a protocol secure or insecure
- Basic understanding of particular protocols used in real world, such as AES and RSA.

Your grade will have 3 components:

- Problem sets (30%)
- Mid-term exam (30%)
- Final exam (40%)

Additional notes on grading and assignments:

- The problem sets will be available on this web page.
- The problem sets will be turned in on Gradescope.
- The problem sets will be a mix of theory-focused problems and programming assignments.
- The problem set grade will be determined by dropping the highest and lowest grades and then averaging the remaining scores.
- By default, the scores will not be curved. However, I may curve up the grades for any problem set or exam if I decide it was substantially harder than I expected. I will not curve down grades if the assignment is easier than expected.
- For the problem sets, if you use any external material to solve it (other than the lectures and textbook), cite the source and indicate what you took from it.
- You may discuss problem sets with other students, but you must understand and write up your solution or code by yourself. If you do collaborate, indicate who you talked to on your assignment.
- Late problem sets will not be accepted unless an extension is granted by me or one of the TAs
*before*the problem set is due. - Note that the extension must be
*granted*before the deadline, not*requested*before the deadline. Be sure to leave enough time to get a response (24 hours should be sufficient). - Extension requests should specify a valid reason and how long an extension you are requesting. Medical, religious, family emergency are examples of valid reasons (not an exhaustive list). "I have an assignment due in another class" is not a valid reason: Plan ahead!
- Maximum extension is 1 week, so that we can distribute solutions. If you have a valid reason for a longer extension, discuss with me.

- Lectures will be recorded and available through the course's page on ELMS. However, I strongly recommend that you attend class and not rely on the recordings to follow the class.
- There will be a Piazza for asking questions on the class. Unless you have a question that is very specific to you personally, please use the Piazza to ask questions. This includes questions about both the content and administration of the course.