## List of assigned topics

**List of topics:** Assigned-project.pdf

## List of proposed research topics

**Video from the meeting:** http://uttv.ee/naita?id=16685

**List of projects in PDF format:** List-project.pdf

### Supervised by Peeter Laud (in collaboration with Cybernetica)

**Committing to the results of a secure multiparty computation**

### Supervised by Sven Laur

**Overview of Easycrypt tool and its possible applications for ProveIt**

The main aim of this work is to understand and describe what kinds of propositions the Easycrypt tool is able to prove about security games and how easy it would be to use it inside ProveIt tool. First, you should find out what are the main differences in the Easycrypt and ProveIt languages for game descriptions. Second, you should find out what are the capabilities of Easycrypt tool, i.e., what type of facts about games can be proven with Easycrypt. Third, you should find out and specify the main translation rules for the compiler form ProveIt language to Easycrypt language. If you implement prototype compiler you get additional 3 EAP-s.

http://software.imdea.org/projects/certicrypt/easycrypt-0.2.pdf

**Towards more efficient floating point operations in Sharemind**

Sharemind is a secure multiparty computation framework. The aim of this project is to design new more efficient algorithms for certain floating point operations using polynomial approximation. For the purpose of this work one can consider the Sharemind framework as a processor with limited integer arithmetic which supports addition, subtraction and multiplication. Addition, subtraction and multiplication with a constant take no time at all. Multiplication of two variables takes time which is proportional to the bit-length of operators. In most cases, the approximation task can be reformulated in terms integer inputs and outputs, since floating point numbers are internally representad as integer triples. The aim of this project is to minimise the computational cost by choosing the most optimal approximation formula together with the bit-sizes of all internal variables.

**More efficient share conversion methods based on circuit re-randomisation**

The aim of this project is to study share-conversion protocols for additive secret sharing in two party setting. That is, a secret x is spit into two shares x_1 and x_2 that are known only to parties P_1 and P_2 respectively. The share conversion protocol must transform shares x_1+x_2=x mod M into a new set of shares y_1 + y_2 = x mod N without leaking any information about x during the process. For that parties can use a help from trusted dealer who can create set of cleverly correlated shares before the protocol starts. These shares must be independent form inputs. Parties can use these shares as usual: add respective shares locally to their inputs or do some other local operation with them. Besides that parties can publish individual bit of their shares as long as it does not leak information about their inputs. As a concrete goal, ons should give a construction for the settings where M = 2^3 and N=2^4 or prove its non-existence by exhaustive combinatorial search. For that one has to specify the problem in terms of allows operations and show that such combinatorial object does not exist.

### Supervised by Vitaly Skachek

**Topology-based network security**

This project will study a network protocol for secure delivery of information to a set of receivers, so that possible wiretapper does not gain any information about the message. This is achieved by randomization of the information sent over each particular link.

**References:**

K. Jain, “Security Based on Network Topology Against the Wiretapping Attack,” IEEE Wireless Communications, February 2004.

**Collusion-secure fingerprinting for digital data**

This project will study methods for assigning codewords for the purpose of fingerprinting digital data, e.g. documents, music, video, etc. Fingerprinting is a unique marking and registering each copy of the data. This marking allows a distributor to detect any unauthorized copy and trace it back to the user. However, more sophisticated fingerprinting schemes are required when the users collude. Such schemes will be studied in this project.

**References:**

D. Boneh, J. Shaw, “Collusion-Secure Fingerprinting for Digital Data,” IEEE Trans. on Information Theory, vol. 44, no. 5, pp. 1897–1905, September 1998.

A. Barg, G. Cohen, S. Encheva, G. Kabatiansky, G. Zemor, “A hypergraph approach to the identifying parent property: the case of multiple parents,” SIAM J. Discrete Math., vol. 14, no. 3, pp. 423–431, 2001.

**Efficient set reconciliation**

This project will study a method for efficient reconciliation of two similar sets of data, held by different hosts while minimizing the communication complexity. The proposed method is based on evaluation of polynomials and their subsequent interpolation.

**References:**

Y. Minsky, A. Trachtenberg, R. Zippel, “Set Reconciliation with Nearly Optimal Communication Complexity,” IEEE Trans. on Inform. Theory, vol. 49, no. 9, pp. 2213–2218, September 2003.

### Supervised by Riivo Talviste (in collaboration with Cybernetica)

**Demo app for secure multiparty computation**

### Supervised by Ahto Truu (in collaboration with GuardTime)

**GuardTime verifier in Haskell**

**GuardTime:**

**Task:**

**Special requirements:**

### Supervised by Dominique Unruh

**Proverif and length leaking encryption**

Proverif is a popular tool for (automatically) verifying the security of cryptographic protocols. However, Proverif does not normally take into account the fact that an encrypted message always leaks the length of the message. Thus Proverif may overlook attacks.

**Seminar topic:** Try out Proverif and understand it. Try out tricks to make Proverif think about length. A little case study which protocols can still be analysed.

**Automated design of crypto schemes**

Cryptographic schemes are often built by plugging smaller more elementary schemes together. To get efficient schemes, finding the optimal combination can be crucial.

**Seminar task:** A tool for automatically trying to built a bigger scheme from smaller ones, as optimized as possible.

**Quantum zero knowledge**

Requirement: Lecture on Quantum Cryptography or similar

Zero Knowledge proofs are a powerful tool in cryptography. They allow us to prove the truth of a statement to another person without revealing anything more (in particular, nothing about the proof itself is revealed). In the quantum setting, however, classical zero knowledge proofs often do not work as expected and may be insecure.

**Seminar topic:** Summarize existing results on quantum zero knowledge.
Extend them to more general settings.

### Supervised by Jan Willemson (in collaboration with Cybernetica and STACC)

**Fixed-point arithmetic and Bayesian classification in the secure computing model**