Insegnamento a.a. 2024-2025

- Introduction
- Review of Algorithms and Probability
- Private-Key Encryption: Defining Security
- Computational Number Theory
- One-Way Functions
- Pseudorandom Generators and Pseudorandom Functions
- Private-Key Encryption: Constructions
- Private-Key Encryption in Practice: Block Ciphers
- Trapdoor Functions and Public-Key Encryption
- Message Authentication, Digital Signatures, and Hashing
- Zero-Knowledge Proofs
- Protocols for secure computation
- Network and Systems Security
- Policy Issues
- Conclusions and what we didn't cover

What can you hope to learn?

- Definitions:  The importance of precisely defining cryptographic problems.
- Constructions: Examples of solutions to cryptographic problems.
- Foundations: The assumptions on which modern cryptography is based.
- Theory vs. Practice: The focus is on theory, but we will discuss how it relates to what is done in practice.
- Applications: If time permits, we will see examples of higher-level protocols such as auctions, voting, or electronic cash.

What can you hope to learn to do?

- Definitions:  How to define several important cryptographic problems.
- Constructions: How to design solutions to cryptographic problems and prove that they satisfy definitions of security.
- Foundations: Implications of the assumptions and intuition on what makes an assumption secure.

What this course will NOT teach you
- Acronyms: There are many different cryptographic algorithms, protocols, and standards out there, each with their own acronym.  It is not the aim of this course to cover these specific systems, which may come and go, but rather the general principles on which good cryptography is based. Understanding these principles will enable you to evaluate the specific systems~you encounter outside this course, on your own.
- Hacking:  We will not learn how to "break" or "hack" systems.
- Security: We will not learn "how to secure your system."  Cryptography is only one part of security, albeit an important one.
- Everything there is to know about cryptography:  Cryptography is a vast subject, and we will not attempt to be comprehensive here.  Instead, we aim to convey the main principles, philosophy, and techniques which guide the subject, focusing on the most basic primitives, such as encryption and digital signatures.  This should put you in a good position to read about other topics on your own or take more advanced courses on cryptography.

• Lectures
• Individual works / Assignments
• Collaborative Works / Assignments

- Lectures: Regular class attendance is strongly encouraged. Feel free to interrupt and ask questions. Beyond clarifying technical issues, we are always happy to discuss the philosophical and conceptual aspects of the material we learn in class. Having students participate actively in class will improve the learning atmosphere and make the experience more enjoyable to all of us.
- Homework: Doing the problem sets is for most students the best way to master the course material. We will have between 4 and 6 problem sets throughout the semester. Each problem set has 2-3 questions. Sometimes, the third question in a problem set will be a more difficult ``bonus" question.

- Collaborative work: Students are encouraged to work together to do homework problems. Remember that what is important is a student's eventual understanding of homework problems, and not how that is achieved. In particular, what a student turns in as a homework solution is to be his or her own understanding of how to do the problem. Therefore, in preparing the draft of the homework to be turned in, a student may not consult the notes or homework solutions of another student. In other words, you are required to write your homework by yourself.

The exam will be designed to assess the student's familiarity with the concepts taught in the course (definitions, constructions, proofs), as well as a general technical and conceptual understanding of the material, both at the concrete level and at the abstract level. Such skills can be acquired by attending lectures, actively participating them, and solving homework solutions throughout the semester.

We will hand lecture notes of the material taught in class. In addition, the course will loosely follow parts of the book Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell. A more advanced exposition of the material can be found in Oded Goldreich's Foundations of Cryptography (Volumes I and II). Further complementary material should be quite easy to find on the web.