Arvutiteaduse instituut
  1. Kursused
  2. 2019/20 sügis
  3. Krüptograafilised protokollid (MTAT.07.014)
EN
Logi sisse

Krüptograafilised protokollid 2019/20 sügis

  • Main Page
  • Lectures
  • Exercise sessions
  • Homework
  • Links

Course meeting times

  • Tuesdays at 12-14, Liivi 2-612
  • Wednesdays at 12-14, Liivi 2-612

According to studies information system, we should have lectures on Tuesdays and practice sessions on Wednesdays. In practice, we will not really make such a distinction.

Instructors

  • Peeter Laud, peeter.laud@cyber.ee
  • Alisa Pankova, alisa.pankova@cyber.ee
  • Pille Pullonen, pille.pullonen@cyber.ee

Content of the course

Key-exchange protocols

  • Specifying and modelling protocols. What does it mean to satisfy confidentiality / integrity properties? What properties are wanted? Symbolic model of cryptography. Some examples of protocols.
  • More "advanced" properties, e.g. forward secrecy, anonymity, resistance to offline guessing attacks, resistance to DoS attacks. Observational equivalences.
  • TLS (need to cover some options there, e.g. client-side certificates) and SmartID. Perhaps we'll also separately look at the Mobile-ID protocol.
  • Tools for proving protocol properties. ProVerif (most likely). Or Tamarin.
  • Relationship between symbolic and computational models.

Secure Multiparty Computation (SMC)

  • Security definitions for passively secure multiparty computation protocols.
  • Garbled circuits. Oblivious transfer (OT) and OT extension. Security proof in symbolic model. Tricks for reducing the communication (Free-XOR, garbled row reduction, half-gates)
  • Other ways for passively secure SMC. GMW. OT-extension. Linear secret sharing schemes (Shamir's scheme, additive sharing, replicated sharing) and multiplicative LSSS. Threshold homomorphic encryption. The general idea of pre-computed multiplication triples.
  • Definitions and the like for active security. Also cover some intermediate-strength properties like covert security and active-security-with-abort.
  • Protocols for broadcast. Byzantine agreement. Will perhaps do a short excursion towards blockchains (to put things into context and so that students understand that many blockchain technologies are actually Byzantine agreement protocols).
  • Actively secure schemes from verifiable secret sharing.
  • Theory: cannot have information-theoretically secure Byzantine agreement, if 1/3 of all parties are adversarial.
  • Actively secure OT.
  • Making garbled circuits actively secure. Cut-and-choose.
  • Making LSSS-based protocols actively secure. Linear MAC-s.
  • Actively secure pre-computation (We will see, which methods to cover. Whether to go into FHE land or not). Cut-and-choose + pairwise verification.
  • Active security from replicated activities. Three-party garbled circuits. Replicated parties and LSSS.

Zero-knowledge proofs

  • Security definitions. ZK proofs as a form of SMC.
  • Constructions. Will go through some modern constructions like Bulletproofs and QAP-based SNARKs. This will require a fair amount of time, due to the used cryptographic machinery. When discussing pairings, may actually do a side-trip to identity-based cryptography.
  • Active security for SMC with the help of ZK proofs.

Grading

  • Homework (70%)
  • Oral exam (30%)
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Tartu Ülikooli arvutiteaduse instituudi kursuste läbiviimist toetavad järgmised programmid:
euroopa sotsiaalfondi logo