# A nano-course in modern cryptography

## A nano-course in modern cryptography

##### A Short Course

— *Prof. Venkata Koppula, IIT Delhi*

While cryptography has been around for centuries, since the middle of twentieth century, cryptography has gradually moved from ‘art’ to ‘science’. Today, most cryptographic primitives/protocols come with a formal security proof. In this lecture series, we will discuss how to define security for cryptographic primitives, followed by constructions, security proofs (and vulnerabilities in real-world cryptosystems).

Venkata Koppula is an Assistant Professor at IIT Delhi. His primary area of research is theoretical cryptography.

- Dates: 21-26 December
- Format: Hybrid (over Zoom and at 7/101)
- Time: 5-6:30pm

Anyone with interest in theoretical computer science is welcome to attend. No cryptography background will be assumed.

Join us on Zoom! Use this link with the following details.

- Meeting ID: 994 5573 9745
- Passcode: 007700

### Teaching Plan

**Lecture 1: How to define security?**

We will start with the most basic security setting: Alice and Bob share a secret key, and want to use this secret key for exchanging information securely. The cryptographic primitive that is used for this is called private-key encryption. In this first lecture, we will build towards a popular security definition (called security against ‘chosen plaintext attacks’) for private key encryption.

Show that any correct encryption scheme with perfect one-time security must have key space at least as large as the message space.

In the first lecture, we discussed one-time perfect security. This definition aims to capture the intuition that the adversary does not learn anything about the message if the scheme is one-time perfectly secure.

Suppose an encryption scheme is one-time perfectly secure. Show that no adversary, given an encryption of a uniformly random message (using a uniformly random key), can compute the parity of the message bits (with probability 1). You can assume the message space is n-bit strings.

**Lecture 2: The first construction Part I**

In this lecture, we will discuss how to build a private-key encryption scheme secure against chosen-plaintext attacks. We will then discuss how to optimise the ciphertext size (without compromising on security). We will conclude this lecture with a popular cryptographic standard (PKCS v1.5) which was proposed and implemented in the 90s.

**Lecture 3: The first construction Part II**

In this lecture, we will discuss how to build a private-key encryption scheme secure against chosen-plaintext attacks. We will then discuss how to optimise the ciphertext size (without compromising on security). We will conclude this lecture with a popular cryptographic standard (PKCS v1.5) which was proposed and implemented in the 90s.

**Lecture 4: The need for stronger security**

While the PKCS v1.5 satisfies security against ‘chosen-plaintext attacks’, it turns out that this security is not enough for the real-world! We will start this lecture with an attack on the PKCS v1.5 scheme, then discuss a stronger definition (called security against ‘chosen ciphertext attacks’). This is now the ‘gold standard’ security definition for encryption schemes. In order to achieve this security, we require a new cryptographic primitive called ‘message authentication codes’. We will define and build message auth. codes. Next, we will see how to use message authentication codes to achieve security against chosen-ciphertext attacks.

**Lecture 6: Digital signatures**

Digital signatures are an essential component in the public key infrastructure. We will discuss their role in public key infrastructure, as well as their importance as a standalone primitive). We will conclude this lecture with a construction of a digital signature scheme.