In Jan-May 2026, I will be teaching CS7260: Post-Quantum Cryptography.
Course Description
The course will cover the exciting impact on cryptography created by the advent of quantum computers. Quantum computers, which harness the power of quantum mechanics, have demonstrated surprising power over classical computers -- in particular, a famous algorithm by Shor demonstrates that most of modern cryptography, believed to be secure against classical computers, is completely insecure against quantum computers. Moreover, significant progress has been made in recent times to develop quantum computers, so it is an urgent need to base cryptography on problems that remain hard against quantum attackers. The field of post-quantum cryptography was born to fill this very gap.
In this course, we will study the mathematical foundations of post-quantum cryptography. This is an exciting emerging area with many many more questions than answers. We will study how to build cryptography from the hardness of problems in lattices, codes, multivariate quadratics and isogenies which are believed to withstand quantum attacks. We will pay particular attention to the cryptographic schemes that underlie the finalists of the
NIST PQC competition. We will study the evidence we have for the hardness of these problems, and the properties of these mathematical structures that lend themselves to crypto design. We will NOT get into quantum computing at all.
Administrative Information
Lectures are Thursdays 2:00- 3:15 pm and Fridays, 3:30-4:45 pm. Venue: CSB 34.
Pre-requisites.
The course CS 6111 (Foundations of Cryptography) is
not a pre-requisite for this course though it is helpful if you have studied it. This course requires mathematical maturity, in particular comfortable working knowledge of linear algebra and probability. The course will be entirely mathematical in nature and the material could be considered challenging, so please only sign up if you are really excited by puzzles and cryptography.
Requirements.
- Project and class presentation : 30%
- Assignments : 25%. Assignments will be open ended in nature and collaboration is encouraged.
- Class Participation: 5%.
- Midterm :20% March 8, 10 am - 12 pm.
- Final :20%
Policies and Grades.
Collaboration is encouraged but you must write up solutions on your own. You must also write the names of all the people you discussed the problem with. In case you find material that will help you in solving some problems, you should mention the source in your writeup. Class participation will also be taken into account when assigning grades.
I expect all students to behave according to the highest ethical standards. Any cheating or dishonesty of any nature will result in failing the class.
Topics
Below are some topics we will discuss in class. We'll cover some subset of these, depending on time.
Part 0: Crash Course in Cryptography.
Security parameter, Negligible functions, One way Function, Secret and Public Key Encryption, Digital Signatures. Some simple proofs.
Part 1: Lattices
- Introduction to lattices, core concepts, hard problems.
- The LWE and SIS problem. One way functions from these.
- Worst case to average case reduction
- Symmetric and Public Key encryption
- Fully homomorphic Encryption
- Trapdoor Construction
- Digital Signatures
Part 2: Codes
- Codes: Basic Definitions and Properties. The decoding problem.
- Random Codes
- McEliece encryption scheme
Part 3: Isogenies
Lecture Summaries
| Date |
Topic |
References |
| Jan 22 |
Course Overview and Plan, Administrative Information. Quantum computing and its impact on cryptography. |
None |
| Jan 23 |
Crash Course in Cryptography: Efficient algorithms, security parameter, negligible function, one way function, key exchange. |
Sec 3.1, 7.1 Katz-Lindell |
| Jan 29 |
Secret Key Encryption. Syntax, different ways of defining security. CPA security, single and multiple challenge security. |
Ch 3.2, Katz-Lindell |
| Jan 30 |
Public Key Encryption. Definition, CPA security, equivalence of single and multiple challenge security. |
Ch 11, Katz-Lindell |
| Feb 5 |
Introduction to the LWE and SIS problems. |
Notes |
| Feb 13 |
Public and Symmetric Key Encryption from LWE. |
Notes . A lecture by me on this topic is here. |
| Feb 19 |
Proof of CPA-Security. Hermite Normal Form. |
Notes 1 and Notes 2. |
| Feb 20 |
Search to Decision Reduction, Connection to Worst Case Lattice Problems. |
Same as above. |
| Feb 26 |
Fully Homomomorphic Encryption. GSW Scheme. |
Notes and Section 5.1 of this survey. |
| Feb 27 |
Wrapping up GSW scheme. Bootstrapping. |
Notes on bootstrapping are here. |
| March 5 |
Wrapping up Bootstrapping. Lattice Trapdoors. |
Useful slides are here. |
| March 6 |
Construction of Lattice Trapdoors. |
Paper is here. Slides as in previous lecture. |
| March 12 & 13 |
Digital Signatures from Lattices. |
Section 5.5 here. Short slides are here. |
| March 19 |
Discussion of Midterm Solutions |
None |
| March 20 |
Identity Based Encryption. |
Section 5.5.2 in Peikert's survey. |
| March 26 |
Identity Based Encryption continued. |
Section 5.5.2 in Peikert's survey. |
| March 27 |
No class on account of Theory Fest |
Not Applicable. |
Resources
-
For basics of cryptography, we will primarily use Katz-Lindell. Other good references are Boneh-Shoup and Pass-Shelat.
- For lattice based cryptography, we will follow these notes by Regev and these notes by Vinod. Peikert's survey is also a useful reference.