**Schedule:** Tue,Thu 11:00am-12:20pm in EBU3B (CSE) 4217**Section ID:** 809063**Instructor:** Daniele Micciancio**Office hour:** by appointment

Point lattices are powerful mathematical objects that can be used to efficiently solve many important problems in computer science, most notably in the areas of cryptography and combinatorial optimization. This course gives a general introduction to the theory of point lattices, their algorithms, computational complexity, mathematical techniques, and applications to cryptography. Specific topics touched by the course include:

**Algorithms**: approximation algorithms for the efficient solution of lattice approximation problems, exponential time algorithms for the exact solution of NP-hard lattice problems.**Lattice Based Cryptography**: the design of cryptographic functions that are as hard to break as solving hard lattice problems. From basic public key encryption and digital signature schemes, to advanced applications like identity based encryption and fully homomorphic encryption.**Computational Complexity**: connection between*average-case*and*worst-case*complexity, reductions, NP-hardness, interactive proof systems.**Advanced mathematical techniques**: Fourier/Harmonic analysis methods for the study of lattice problems. Lattice problems from Algebraic Number Theory and their application to the design very efficient cryptographic functions.**Other Applications**: If time permits, applications to lattices in coding theory (error correction), combinatorial optimization (integer programming), and more.

*Prerequisites:* The main prerequisites for the course are general mathematical maturity, knowledge of basic mathematics (mostly linear algebra, probability theory, and a little bit of calculus) and introductory level algorithms and complexity theory (analysis of algorithms, polynomial time solvability, NP-hardness, etc.) Some prior knowledge of cryptography is useful, but not strictly required. No prior knowledge of advanced complexity theory, Fourier analysis, or algebraic number theory is assumed, but you will learn a little bit about all this through the course.

Revised lecture notes and pointers to research papers and other reading material will be posted here as we cover the material in class. As a reference, see pointers to previous lecture notes and other courses in the external links section below.

**Introduction**: Lattices, Bases, Gram-Schmidt orthogonalization, and Lattice determinant.**Minkowski's Theorem**: The Shortest Vector Problem (SVP), Shortest Independent Vectors Problem (SIVP), and Minkowski's Theorems.**Duality**: The dual lattice and the Closest Vector Problem (CVP)**Basic Algorithms**for Gram-Schmidt orthogonalization, Hermite Normal Form computation, Nearest plane approximation algorithm, and Enumeration algorithms for exact CVP computation.**Basis reduction**and the LLL algorithm, with applications to the approximate solution of SVP and SIVP.**Lattice Cryptography**: Random lattices, their properties, and construction of basic cryptographic primitives, like one-way functions and public key encryption.

Coursework for students enrolled in the course will include a small number of individual homework assignments (say, 3), and a group project to be executed in groups of 2 or 3 students. Projects should be discussed with the instructor during the 6th week of classes.

- Homework 1
- Homework 2 Due Thursday May 8, 2014.
- Homework 3

- Complexity of Lattice problems: a cryptographic perspective: A bit out of date in terms of cryptographic applications, but still a good introduction, and basically the only book on the topic. For more recent accounts of lattice based cryptography, see survey chapters in The LLL Algorithm and Post Quantum Cryptography.
- You can find older sets of lecture notes for this course on webpages from previous quarters Winter 2002, Spring 2007, Winter 2010, Winter 2012,
- Oded Regev's course webpage at Tel Aviv university.
- Victor Shoup's Number Theory Library (NTL). A C++ library for lattice basis reduction that has been widely used in cryptanalysis.