Arvutiteaduse instituut
  1. Kursused
  2. 2022/23 sügis
  3. Krüptograafilised protokollid (MTAT.07.014)
EN
Logi sisse

Krüptograafilised protokollid 2022/23 sügis

  • Main Page
  • Lectures
  • Exercise sessions
  • Homework
  • Links

Course meeting times

  • Wednesdays at 14-16, Δ-1037
  • Wednesdays at 16-18, Δ-1037 (indeed, the big lecture hall)

According to studies information system, we should have a lecture first and a practice session afterwards. In practice, we will not really make such a distinction.

We will try to use the cameras present in the lecture rooms in Δ to enable the lectures to be followed remotely and stored on University of Tartu's BigBlueButton. But, as long as it is possible, we consider the in-person attendance of lectures / practice sessions as the main channel of instruction.

Instructors

  • Peeter Laud, peeter.laud@cyber.ee
  • Alisa Pankova, alisa.pankova@cyber.ee
  • Pille Pullonen-Raudvere, pille.pullonen-raudvere@cyber.ee

Content of the course

The content of the course is not going to differ much from last year.

Key-exchange protocols

  • Specifying and modelling protocols. What does it mean to satisfy confidentiality / integrity properties? What properties are wanted? Symbolic model of cryptography. Some examples of protocols.
  • More "advanced" properties, e.g. forward secrecy, anonymity, resistance to offline guessing attacks, resistance to DoS attacks. Observational equivalences.
  • TLS (need to cover some options there, e.g. client-side certificates) and SmartID. Perhaps we'll also separately look at the Mobile-ID protocol.
  • Tools for proving protocol properties. Verifpal and ProVerif.
  • Relationship between symbolic and computational models.

Secure Multiparty Computation (SMC)

  • Security definitions for passively secure multiparty computation protocols.
  • Garbled circuits. Oblivious transfer (OT) and OT extension. Security proof in symbolic model. Tricks for reducing the communication (Free-XOR, garbled row reduction, half-gates)
  • Other ways for passively secure SMC. GMW. OT-extension. Linear secret sharing schemes (Shamir's scheme, additive sharing, replicated sharing) and multiplicative LSSS. Threshold homomorphic encryption. The general idea of pre-computed multiplication triples.
  • Definitions and the like for active security. Also cover some intermediate-strength properties like covert security and active-security-with-abort.
  • Protocols for broadcast. Byzantine agreement. Will perhaps do a short excursion towards blockchains (to put things into context and so that students understand that many blockchain technologies are actually Byzantine agreement protocols).
  • Actively secure schemes from verifiable secret sharing.
  • Theory: cannot have information-theoretically secure Byzantine agreement, if 1/3 of all parties are adversarial.
  • Actively secure OT.
  • Making garbled circuits actively secure. Cut-and-choose.
  • Making LSSS-based protocols actively secure. Linear MAC-s.
  • Actively secure pre-computation (We will see, which methods to cover. Whether to go into FHE land or not). Cut-and-choose + pairwise verification.
  • Active security from replicated activities. Three-party garbled circuits. Replicated parties and LSSS.
  • Possible new topics: distributed point functions, pseudorandom correlation generators

Zero-knowledge proofs

  • Security definitions. ZK proofs as a form of SMC.
  • Constructions. Will go through some modern constructions like Bulletproofs, STARKs, QAP-based SNARKs, ZK from MPC protocols. This will require a fair amount of time, due to the used cryptographic machinery.
  • Active security for SMC with the help of ZK proofs.

Grading

  • Homework (70%)
  • Oral exam (30%)
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused