This is an old revision of the document! Table of Contents
Techniques in Cryptography and CryptanalysisInstructors for 2019  2020: Michel Abdalla (DR @ CNRS) and Brice Minaud (CR @ INRIA) Language of Instruction: English Preliminary schedule for 20192020Time: Tuesdays, from 17h45 to 19h15 Location: Room 1013, Building Sophie Germain
The Midterm Exam will take place on Tuesday, 19 November 2019, from 16h15 to 17h45 in the usual room.
The Final Exam will take place on Tuesday, 25 February 2020, from 16h15 to 17h45 in the usual room. SummaryThe main objective of the course is to introduce students to cryptographic schemes built using the *provablesecurity* paradigm and to cryptanalytic techniques. Throughout the construction part of the course, various schemes (such as authentication, identification, signature, encryption, identitybased encryption, etc.) will be presented whose security is based on presumedtobehard mathematical problems such as factoring, discrete log, subset sum, learning parity with noise, and lattice problems; in the cryptanalysis part, algorithmic methods to study or solve some of these presumably hard problems will be presented. At the end of the course, students should have the necessary tools to perform research in academiclevel cryptography. PreRequisitesThe main requirement is being comfortable with mathematical proofs. Some knowledge of basic mathematical topics such as probability, number theory, and linear algebra will also be assumed. TopicsIn the course, we will present constructions of cryptographic primitives whose security depends on the presumed hardness of various mathematical problems. Below are examples of such primitives and assumptions that we will cover in the course. In the cryptanalysis part, algorithmic techniques related to these assumptions will be presented. Cryptographic Primitives 1. Oneway functions 2. Pseudorandom functions 3. Authentication schemes 4. Digital signatures 5. Publickey encryption 6. Identitybased encryption Hardness assumptions 0. Generic assumptions: onewayness, collisionresistance, ... 1. Factorization and RSA related assumptions 2. Discrete log and related assumptions 3. Learning parity with noise 4. Subset sum 5. Lattice problems 6. Code based problems HomeworksHomework 1: http://www.di.ens.fr/~mabdalla/coursedocs/homework1.pdf Homework 2: http://www.di.ens.fr/~mabdalla/coursedocs/homework2.pdf NotesNotes 1: http://www.di.ens.fr/~mabdalla/coursedocs/provablesecurity.pdf Notes 2: Reference for the GoldreichLevin Theorem: http://wwwcse.ucsd.edu/users/mihir/papers/gl.pdf Notes 3: References for the NaorReingold PRF: Original paper, Gamebased proof (see Appendix A) Notes 4: Reference for the CHK transform: https://eprint.iacr.org/2003/182.pdf (see Sections 1—3) Notes 5: Reference for the BBG scheme: https://eprint.iacr.org/2005/015.pdf (see Pages 5—8) Slides on identitybased encryption: http://www.di.ens.fr/~mabdalla/coursedocs/IBE.pdf Slides on hierarchical identitybased encryption: http://www.di.ens.fr/~mabdalla/coursedocs/HIBE.pdf Slides on identitybased encryption with wildcards: http://www.di.ens.fr/~mabdalla/coursedocs/WIBE.pdf Equipe pédagogique / Possible lecturers
