## Motivation and Objectives

The question of security is intrinsic to that of functionality for any cryptosystem and Cryptology has a long and chequered history of making and breaking such systems. In theoretical cryptography, a proof of security has almost become the raison d’etre for any cryptographic protocol. On the other hand, applied cryptography mandates that a cryptosystem should be both secure and efficient enough to be deployed in a concrete practical setting. In this course we investigate the paradigm of practice-oriented provable security in the context of public key cryptography. Central to this paradigm is the notion of security deﬁnition of a cryptographic task. Next comes the problem of designing protocols that can be proven secure assuming the intractability of certain computational problem(s) or the security of some atomic primitive(s). Several such cryptographic protocols will be studied in the course. These include public key encryption, digital signatures, identity- based encryption, key agreement protocol etc. We will also look at what concrete security assurance such provably secure cryptosystems can provide in practice.

## Syllabus

- The notion or deﬁnition of security and different formalizations of a notion and the question of equivalence; the structure of security proof (a.k.a security reduction).
- public key encryption: the notions of indistinguishability and semantic security including the question of equivalence of deﬁnitions, security against chosen pliantext and chosen ciphertext attacks.
- Some concrete public key encryption and identity-based encryption schemes and their security.
- Digital signatures and the notion of existential unforgability under chosen message attacks.
- Key agreement protocols and secure channels.
- The random oracle assumption.
- The quantitative measure of security including the questions of tightness in security reduction and concrete security.

## References

- Research papers (details will be posted as the course proceeds).

## Prerequisites

This is a self-contained research oriented course – the minimum requirement is an undergraduate-level background in abstract algebra, algorithms, public-key cryptography together with an interest in the art and science of cryptology.