# Douglas Stebila

# CO 789 - Topics in Cryptography: Lattice-based cryptography (Winter 2019)

## CO 789 - Topics in Cryptography: Lattice-based cryptography (Winter 2019)

### Instructor

Douglas Stebila

### Class time & location

Mondays/Wednesdays/Fridays, 2:30-3:30pm, MC 6486.

Due to conflict with the Real World Cryptography conference, there will be no CO 789 lectures during the first week of classes (January 7, 9, 11). Classes will start Monday January 14, 2019.

### Topics

The first 1/2 to 2/3 of the course will consist of lecture material on the following topics:

- Lattices and lattice problems
- Cryptographic constructions directly from lattices
- Learning with errors (LWE) and variants
- Cryptographic constructions from LWE and variants (public key encryption, signatures, advanced constructions)
- Reductions from lattice problems to learning with errors
- Algorithms for solving lattice problems

The remainder of the course will be seminar-style, with student presentations on recent research papers.

### Suggested reading

- Chris Peikert. A Decade of Lattice Cryptography.
*Foundations and Trends in Theoretical Computer Science*, 10(4):283–424, March 2016. https://web.eecs.umich.edu/~cpeikert/pubs/lattice-survey.pdf

### Assumed background

I will assume students know the core cryptographic primitives (symmetric encryption, message authentication codes, hash functions, public key encryption, digital signatures, key exchange) taught in any undergraduate crypto or security course. I will also assume typical undergraduate knowledge of probability and linear algebra. I will assume basic understanding of algebra (rings and fields), but will reintroduce more complex notions as needed. Some parts will employ the probable security methodology, which assumes a basic undergraduate understanding of computational complexity theory, such as reductions between problems.