Foundations of Cryptography

CS60088, Spring 2026, LTP: 3-1-0

Class Timings	MON: 15:00--16:55; TUE: 14:00--15:55
Venue	CSE 120
Instructors	Monosij Maitra and Somindu Chaya Ramanna
Teaching assistants	Soumojit Chatterjee

Notices and Announcements

First test to be held on 16th of February 2026 during class hours
Approval decisions for subject registration will be based on CGPA. Those who are not familiar with the course prerequisites (mentioned below) are strongly discouraged from joining this course.
Classes start on 5rd of January 2026.

Prerequisites

We assume basic familiarity with probability theory, algebraic structures (groups, rings, fields), linear algebra and algorithms. Some exposure to computational complexity is useful as well. These topics will not be covered in the course. No prior exposure to cryptography is necessary.

Syllabus (Tentative)

Introduction to Cryptography
Perfect secrecy -- definition, equivalent definitions, one-time pads, limitations of perfect secrecy, Shannon's theorem
Computational secrecy -- motivating the need for computational secrecy, formalising security under different threat models, reductionist arguments and hardness assumptions
Symmetric Encryption from psedorandom generators, pseudorandom functions and permutations
Message authentication codes (MACs), hash functions and their security definitions, provably secure constructions
Practical Constructions of symmetric encryption, MACs and hash functions
Public key encryption
Signatures
Introduction to one-way functions, constructing one-way functions from assumptions such as RSA, Discrete logarithm, hard-core predicates, construction of pseudorandom objects from one-way functions

References

Jonathan Katz and Yehuda Lindell, Introduction to Modern Cryptography, Chapman and Hall/CRC Press, 2007.
Shafi Goldwasser and Mihir Bellare, Lecture Notes on Cryptography, 2008 (available here).
Oded Goldreich, The Foundations of Cryptography, Volume 1 and Volume 2, Cambridge University Press, 2001 and 2004.
Mike Rosulek, The Joy of Cryptography, MIT Press, 2017 .
Wenbo Mao, Modern Cryptography: Theory and Practice, first edition, Pearson Education, 2004.

Evaluation (tentative)

The evaluation for this course will be based on the mid-sem, end-sem examinations and a term paper. Details are below.
30%: End-sem examination
30%: Mid-sem examination
40%: Term Paper + Presentation, Short Tests

Tests/Exams

Test 1

Mid-Semester Examination

Term paper + Presentation

The students have been organised into 8 teams - see here. Each team will submit a report and give a 30-minute presentation on the topic they choose. Each member of the team will present for 10 or 15 minutes depending on the team size being 3 or 2 respectively.

Below is a list of topics for the term paper. You are free to choose any topic outside of this list as long as it aligns with the theme of the course. Please contact the instructors if you need help finding reading material related to your topic.

Number Theoretic Constructions of Pseudorandom Generators
Number Theoretic Constructions of Pseudorandom Functions
Constrained Pseudorandom Functions
~~Secret sharing (SS) and Verifiable SS~~ Team 2
~~Threshold Signatures~~ Team 5
~~Cryptographic Commitments~~ Team 4
~~Zero Knowledge Proofs~~ Team 6
~~Identification Schemes~~ Team 1
~~Identity and/or Attribute-Based Encryption~~ Team 8
~~Additive Homomorphic Encryption~~ Team 7
Lossy Trapdoor Functions
~~Hash Proof Systems~~Team 3

The report (prepared in LaTeX) should discuss in detail atleast one non-trivial result with a complete analysis. It should be self-contained with an introduction explaining the importance of the topic. Pay attention to language aspects such as grammar and spelling. You are allowed to use material from other sources. But, you must understand and express in your own language and provide proper references. Directly copying from other sources is forbidden and will be heavily penalised.

Evaluation criteria are as follows.

Report:

introduction,
clarity of exposition,
content covered,
insights/criticisms/comments of your own, if any.

Presentation:

level of understanding,
clarity of presentation,

Deadline for choosing a topic: 10 March 2026, 11:59 IST
(Strict) Deadline for submission of report: 8 April 2026 11:59 IST (Anything received after the deadline will receive zero credit.)

Presentations will be scheduled on 15 and 16 April (evening from 5 PM to 7 PM).

Once you choose a topic, send us an email with the subject line FoCry Spring'26 Term Paper - Choice of Topic clearly stating the following in the main text: your choice of topic, team number and names of all members.

Lectures

Week	Date	Topics Covered
1	5 January	Introduction
1	6 January	Perfect secrecy: definition, equivalent definitions, one-time pads; Limitations of perfect secrecy
2	12 January	Shannon's theorem; Computational secrecy -- motivation, formalising security under different threat models; Reductionist arguments and hardness assumptions,
2	13 January	Pseudorandomness; Pseudorandom generators (PRGs); Using PRGs to construct secure encryption Tutorial 1 - Perfect Secrecy
3	19 January	Variable-length and multiple encryptions, Security against Chosen Plaintext Attacks Pseudorandom functions
3	20 January	IND-CPA-secure encryption from PRFs Modes of Operation
4	26 January	No Class - Institute Holiday (Republic Day)
4	27 January	Tutorial 2 - Computational secrecy: IND-EAV security, PRGs, IND-CPA security, PRFs
5	2 February	Message authentication codes (MACs)
5	3 February	Variable length MACs Cryptographic hash functions and their security definitions Merkle-Damgård Construction
6	9 February	MACs from hash functions - NMAC, HMAC
6	10 February	Defining CCA security CCA-secure encryption from MACs and CPA-secure encryption
7	16 February	Test 1
7	17 February	Tutorial 3 - MACs and Hash Functions
	18 - 26 February	Mid-Semester Examination
8	2 March	One-way functions, Candidate constructions Hard-core Predicates
8	3 March	Pseudorandom objects from one-way functions: PRG from OWP+hard-core predicate, GGM construction
9	9 March	Introduction to public key cryptography, Defining PKE and security
9	10 March	Tutorial 4 - One-Way Functions and Hardcore Predicates
10	16 March	PKE: Proving equivalence of multi-challenge CPA and single-challenge CPA security, discussion on CCA security
10	17 March	A primer on basic number theory, group theory and factoring assumption
11	23 March	RSA assumption, RSA Encryption, Primer on Cyclic Groups, Discrete logarithm
11	24 March	Discrete logarithm (Contd.), Discussions on Choices of Cyclic groups, Algorithms to test and find generators, Diffie-Hellman assumptions, Diffie-Hellman Key Exchange El Gamal encryption, CCA Security
12	30 March	DHKE (Contd.), revisting PKE: El Gamal encryption, CCA Security Tutorial 5 - Number Theory and Public-Key Encryption
12	31 March	No Class - Institute Holiday (Mahavir Jayanti)
13	6 April
13	7 April
14	13 April
14	14 April
15	20 April
15	21 April	No Class
	20 - 30 April	End Semester Examination