Lectures
The lecture slides will appear here sometime before (or perhaps after... hopefully before) the lecture.
- September 3rd (plus some extra exercises for the first week). In the second lecture, we filled out this text file.
- On September 10th and 17th, we will check out the ProVerif protocol analyser. Please have it installed on your computers. The lecture slides are here. Here (1, 2) are the pictures of the whiteboard I took during the first lecture. Here (1, 2, 3, 4) are the intermediate and final scripts for modelling our example key exchange protocol as Horn clauses. Here (1, 2, 3) are the intermediate and final scripts for modelling it in spi-calculus. Here (final, draft, injective agreement) are the models for ISO three-pass authentication protocol. Here is the model of the extremely simple pure authentication protocol that has agreement, but not injective agreement. Here is a picture of the message flow of the Mobile ID protocol (At 13.09, am not sure how much are we going to study its analysis). Here are the (Old) scripts for the analysis of the Mobile-ID identification protocol.
- On September 17th, we will also consider protocol properties beyond secrecy and authenticity. Perhaps we will use these scripts (1, 2) somewhere. Here (1, 2, 3) are the pictures and here (repeated authentication, Woo-Lam authentication) the protocol scripts from the first lecture. Here (1, 2, 3) are the pictures and here the script of the offline guessing example from the second lecture.
- On September 24th, we spoke about TLS, also looking at the record protocol of its older versions. Later, Alisa gave an exercise session.
- On October 1st, we start with secure multiparty computation. During the lectures, we wrote things into a text file.
- On October 8th, we will continue with some things we did not cover last week. At the same time, we will take a look at secret sharing and protocols based on that. During the lectures, we wrote things into a text file.
- Even though we promised a practice session for October 15th, we will continue with our course with extending oblivious transfers, and the first part of maliciously secure MPC protocols. In the lecture we wrote some notes and drew some pictures.
- On October 29th, we will introduce zero-knowledge proofs, and present garbled circuits secure against malicious adversaries. In the lecture we wrote some notes.
- On November 5th we started with actively secure multiparty computation based on linear secret sharing. In the exercise session we did the exercises included in the slides. Accidentally, the exercise session was not recorded in the right BBB room and is available in this location instead.
- On November 12th we looked at the online phase of the SPDZ protocol and did the exercises on the slides in the exercise session. On November 18th we continued with the same slides and talked about the preprocessing phase for SPDZ and did the relevant exercises on the practice session.
- On November 26th we discussed achieving security from replication. In the practice session we continued with the lecture and then discussed the exercises in the end of the slides.
- In December, we will talk about Zero-knowledge proofs. Here is an example of the GKR protocol in the form of a Jupyter notebook using OCaml (also as pdf).
