CS 7111: Topics in Cryptography (Jan-May 2026)
Instructor: Ashrujit Ghoshal, ashrujit@cse
Time and Location: Wednesdays (3:30-4:45 pm) and Fridays (2-3:15 pm) at CS 34
Office Hours: Wednesdays (5-6 pm) at SSB 206
General Description
This course will focus on two cryptographic tools: Zero-knowledge proofs (ZKPs) and Private Information Retrieval (PIR). ZKPs are used to prove a statement to a verifier, without revealing anything more beyond the veracity of this statement. We will focus particularly on succinct non-interactive ZKPs that are practically appealing for their efficiency. PIR is a tool that allows a client to access entries of databases stored on one or more non-colluding servers, without the servers gaining any information about what was accessed. We will focus on the recent progress on preprocessing PIR that has taken strides towards making practical, scalable PIR a reality.
These tools are cornerstones in the design of privacy-preserving systems, e.g., in solutions for private browsing, private contact discovery, anonymous credentials etc.
Covered Materials (tentative). Zero Knowledge Proofs: definitions, the simulation paradigm, NIZKs and the Fiat-Shamir Transform, SNARKs: modern constructions, Private Information Retreival: definition, two-server information theoretic constructions, Distributed Point Functions, Single-server PIR with preprocessing, Doubly Efficient PIR.
Required Background. The class will be self-contained with the only expectation being students being able to understand mathematical definitions and proofs, and write simple ones.
Grading
There will be two take-home assignments and students are expected to present a paper (in groups) from a list of assigned papers during the last two weeks of classes. Due to somewhat unpredictable enrollment numbers, the exact implementation of this will be finalized during the first week of class. There will also be a midterm and a final, and a class participation component that will decide the final grade.
- Assignments: 10%
- Project writeup: 15%
- Project presentation: 25%
- Midterm: 20%
- Final: 25%
- Class Participation: 5%
Resources
There is no mandatory textbook. Slides and reading materials will be posted online. These are some good reference materials (books and courses) for the topics of the class.
- Proofs, Argument and Zero-Knowledge, a textbook by Justin Thaler (Good reference for ZKP)
- Cryptography meets Algorithms, a course by Elaine Shi (The first part of Elaine’s course is a good reference for PIR)
Finally, these are some good general cryptography textbooks.
- A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup
- Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell
- The Joy of Cryptography by Mike Rosulek
Schedule
The schedule will be expanded and refined as we proceed through the semester.
| # | Date | Topic | Resources |
|---|---|---|---|
| 1 | 21/01 | Introduction and cryptography basics • Organization Details • What is the course about? (Examples) • PPT Adversaries, Negligible functions, Computational Indistinguishability |
• [Slides] [Annotated] |
| 2 | 23/01 | Zero Knowledge Proofs • Interactive Proofs • Zero Knowledge and the Simulation Paradigm • ZK Proof for 3-coloring |
• [Slides] [Annotated] • Shafi Goldwasser, Silvio Micali, Charles Rackoff. The Knowledge Complexity of Interactive Proof Systems • Yehuda Lindell. How To Simulate It – A Tutorial on the Simulation Proof Technique |
| 3 | 28/01 | Zero Knowledge Proofs 2 • ZK Proof for 3-coloring (contd) • ZK Proof for Graph Hamiltonicity • Commitments |
• [Slides] [Annotated] • Oded Goldreich, Silvio Micali, Avi Widgerson. Proofs that Yield Nothing But Their Validity |
| 4 | 30/01 | Proofs of Knowledge • Basic group theory • The Discrete Logarithm Problem • Introduction to proofs of knowledge |
• [Slides][Annotated] • Section 2.6 of Rafael Pass, Abhi Shelat. A Course in Cryptography |
| 5 | 04/02 | Proof of Knowledge 2 • Schnorr’s protocol • Computational Diffie Hellman Problem • Decisional Diffie Hellman Problem |
• [Slides] [Annotated] • Mihir Bellare, Oded Goldreich. On defining Proofs of Knowledge • [Assignment 1] |
| 6 | 11/02 | Proof of Knowledge 3 + NIZKs • Proof of Knowledge for the DDH Language • Introduction to NIZKs |
• [Slides] [Annotated] • Manuel Blum, Paul Feldman, and Silvio Micali. Non-Interactive Zero-Knowledge and Its Applications |
| 7 | 13/02 | Random Oracle Model and Fiat-Shamir • The Random Oracle Model • The Fiat-Shamir Transform |
• [Slides] [Annotated] • Mihir Bellare and Philip Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols • Amos Fiat and Adi Shamir. How To Prove Yourself:Practical Solutions to Identification and Signature Problems |
| 8 | 18/02 | Analysis of Fiat-Shamir • Completeness analysis • Why is the non-interactive protocol an argument? • Soundness Analysis |
• [Slides] [Annotated] • Section 5.3.2 of Justin Thaler. Proofs, Argument and Zero Knowledge |
| 9 | 20/02 | Analysis of Fiat-Shamir 2 • Soundness Analysis (Contd.) • Zero Knowledge Analysis |
• [Slides] [Annotated] |
| 10 | 25/02 | Modern SNARKs • Introduction to Finite Fields, Arithmetic Circuits • Succinctness |
• [Slides] [Annotated] • Anca Nitulescu. zk-SNARKs: A Gentle Introduction |
| 11 | 27/02 | Modern SNARKs 2 • Polynomial IOPs • Polynomial Committments • Compiling Polynomial IOPs with Polynomial Commitments |
• [Slides] [Annotated] • Section 10.2 of Justin Thaler. Proofs, Argument and Zero Knowledge |
| 12 | 06/03 | PlonK Polynomial IOP 1 | |
| 13 | 11/03 | PlonK Polynomial IOP 2 | |
| 14 | 13/03 | Polynomial Commitments 1 | |
| 15 | 18/03 | Polynomial Commitments 2 | |
| 16 | 20/03 | Private Information Retreival | |
| 17 | 25/03 | Two-server PIR 1 | |
| 18 | 27/03 | Two-server PIR 2 | |
| 19 | 03/04 | Doubly efficient PIR 1 | |
| 20 | 08/04 | Doubly efficient PIR 2 | |
| 20 | 10/04 | Doubly efficient PIR 3 | |
| 22 | 15/04 | PIR with client-side preprocessing | |
| 23 | 17/04 | PIANO PIR | |
| 24 | 22/04 | Student Presentations 1 | |
| 25 | 24/04 | Student Presentations 2 | |
| 26 | 29/04 | Student Presentations 3 |
Academic Integrity
Academic integrity is central to this course. For assignments, you are permitted to work with one partner and submit a single joint solution. The work you submit must reflect the combined independent effort of your pair. It must be written in your own words, and you must clearly acknowledge any external sources or help received.
While you may discuss high-level concepts or approaches with students outside of your partnership, the work you submit cannot be copied, closely paraphrased, or derived from another group’s solution. If you do discuss the assignment with others, please include a brief note listing who you spoke with and the nature of that discussion.
The use of LLMs to generate solutions is strictly prohibited. If you are ever unsure about what is permitted, do not assume. Please ask the instructor or course staff for clarification. Any violation of these rules will result in a failing grade for the course and a report to the disciplinary committee.