Arvutiteaduse instituut
  1. Kursused
  2. 2024/25 kevad
  3. Krüptograafia ja küberturvalisuse uurimisseminar (MTAT.07.022)
EN
Logi sisse

Krüptograafia ja küberturvalisuse uurimisseminar 2024/25 kevad

  • Homepage
  • Topics
  • Links
  • Final reports

Pille Pullonen-Raudvere

Function secret sharing in privacy-preserving machine learning

In recent years, two topics - privacy preserving machine learning (PPML) and function secret (FSS) sharing have gained a lot of popularity in secure multiparty computation world. The goal of this seminar work is to study some papers that apply FSS for PPML. The goal is to extract some concrete information about how FSS is used: Which FSS schemes are used (which scheme, which functions)? Which components of the machine learning algorithms are evaluated using FSS? How are these components built from the functions for which we have FSS scheme? What is the justification for doing in this way? How is the rest of the algorithm evaluated that is not in FSS? What is the threat model? For the purpose of the seminar paper and presentation, a short introduction to FSS is also needed.

The starting points for this work are: ORCA - FSS-based Secure Training and Inference with GPUs https://eprint.iacr.org/2023/206 Sigma: Secure GPT Inference with Function Secret Sharing https://eprint.iacr.org/2023/1269.pdf These are both by EzPC team https://www.microsoft.com/en-us/research/project/ezpc-easy-secure-multi-party-computation/ Open-source code for EzPC, including the two papers, is available in https://github.com/mpc-msri/EzPC There are other papers that can be used to extend this research if interested

Suitable for MSc and PhD level, some prior knowledge about machine learning will be very useful.

Vitaly Skachek

Encryption from Random Quasi-Cyclic Codes

We will study a framework for constructing efficient code-based encryption schemes that do not hide any structure in their public matrix. There are two cryptosystems instantiated within this framework: the Hamming QuasiCyclic cryptosystem (HQC), based on the Hamming metric, and the Rank Quasi-Cyclic cryptosystem (RQC), based on the rank metric. In the project we will study and analyze those schemes.

Based on the paper: Aguilar, C., Blazy, O., Deneuville, J. C., Gaborit, P., & Zémor, G. (2016). Efficient encryption from random quasi-cyclic codes. arXiv preprint arXiv:1612.05572.

Suitable for MSc and PhD level students.

A Circuit Approach to Constructing Blockchains on Blockchains

Since the creation of Bitcoin 15 years ago, there has been an explosion in the number of permissionless blockchains. Each of these blockchains provides an open ledger that anyone can read from and write to. In this multi-chain world, an important question emerges: how can we build a more secure overlay blockchain by reading from and writing to a given set of blockchains? Drawing an analogy with switching circuits, we approach the problem by defining two basic compositional operations between blockchains, serial and triangular compositions, and use these operations as building blocks to construct general overlay blockchains. In this project, we will study and analyze this approach.

Based on the paper: Tas, E. N., Tse, D., & Wang, Y. (2024). A Circuit Approach to Constructing Blockchains on Blockchains. arXiv preprint arXiv:2402.00220.

Helger Lipmaa

ZKML [taken]

Abstract: ZKML is the application of zero-knowledge proofs within machine learning. The idea is to allow someone to prove they ran a machine learning model on some data and got a specific result — without revealing either the data itself or the model’s inner workings. In more technical terms, zkML enables privacy-preserving inference and model verification:

  • Privacy-preserving inference: You can run a machine learning model

on private data and prove that the model was run correctly without revealing the data or the model’s outputs.

  • Model verification: You can prove that a model was trained in a

certain way or that its outputs are correct without disclosing the model’s parameters or the dataset used for training.

We expect the student to read through some papers in this field and write a survey on specific ZKML techniques. The survey should combine ML and ZK knowledge, explaining how to represent common ML tasks (like inference) in the form of amicable to efficient ZK proofs, and explain at least one ZK approach that is amicable to ZKML. Interested students are recommended to browse YouTube videos at https://www.youtube.com/results?search_query=zkml, especially for a more technical introduction. The topic is related to a joint grant between Helger Lipmaa and Meelis Kull. It suits an MSc student interested in finding an MSc topic and continuing to a PhD or an existing PhD student.

Sedat Akleylek

The projects are suitable for all degrees (BSc, MSc, PhD)

A Comparison of Post-Quantum Symmetric-based Signature Schemes

The task is to understand the symmetric-based signature schemes submitted to NIST Post-Quantum Cryptography Standardization Project. The signature schemes are Picnic, AIMer, Ascon-Sign, FAEST, SPHINCS, SPHINCS-Alpha [1,2, 3]. At least 3 signature schemes are selected for both theoretical and practical comparison. The comparison includes performance analysis (running time, etc.) and the structural similarities/differences. [1] https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions [2] https://csrc.nist.gov/Projects/pqc-dig-sig/round-2-additional-signatures [3] https://kpqc.or.kr/competition_02.html

A Report on the Shortest Linear Program and Its Variants

Symmetric key cryptosystems have diffusion and confusion layers. The Shortest Linear Program (SLP) problem is the number of linear operations necessary to compute a set of linear forms. In this project, the task is to understand and implement the circuit minimization algorithms for linear/permutation layers of symmetric key cryptosystems. [1,2] are the code examples for the Boyar-Peralta algorithm. [3] explains the Boyar-Peralta algorithm. In the report, the basic workflow of the circuit minimization algorithms, their comparison, implementation results on the linear layers, and discussion on them are given. [1] https://bitbucket.org/anubhab001/boyar-peralta-xor3/src/master/ [2] https://github.com/thomaspeyrin/XORreduce [3] https://doi.org/10.1007/s00145-012-9124-7

A Report on the Host-Based Intrusion Detection-Prevention Systems

A host-based intrusion detection system (HIDS) monitors and analyzes the internal activities of a computer system, including network traffic on its interfaces, similar to a network-based intrusion detection system (NIDS). Unlike NIDS, which focuses on overall network traffic, HIDS specializes in detecting internal threats by tracking host activities. The task is to classify the machine/deep learning methods used in HIDS, give the details about the datasets, define the advantages/disadvantages and compare according to the success rate.

Janno Siim

Data Availability Sampling.

Consider a scenario in which a client has stored a large amount of data on a server and wants to verify that all of it is still stored. This is the case, for example, in Ethereum, where light nodes want to verify that full nodes are storing the complete blockchain. Since downloading the complete blockchain is too resource-consuming, more efficient protocols (with cool math) are used called Data Availability Sampling. The student’s task is to write a document explaining what is Data Availability Sampling, how it differs from related notions (proof of retrievability, verifiable information dispersal, etc.), and briefly explaining the current constructions. The main sources of information are recent publications https://eprint.iacr.org/2023/1079 and https://eprint.iacr.org/2024/248. There are also video presentations: and . Difficult: Master’s, PhD

How to Prove False Statements: Practical Attacks on Fiat-Shamir.

The Fiat-Shamir transform is a tool for making interactive (public-coin) cryptographic protocols non-interactive. It has found wide-scale use in the design of signature schemes and zero-knowledge proofs. The intuitive idea is that instead of the verifier sending a random challenge, the prover will hash the prior protocol transcript to obtain the next challenge. It’s possible to prove that (under some conditions) if the hash function is substituted with a random function, then the Fiat-Shamir transformation is secure. Such idealized security model is called the random oracle model. It has been known for a while that there are theoretical attacks in which a protocol is secure in the random oracle model but insecure with any hash function. However, common wisdom has been that real-world protocols are not affected by this attack. In a recent breakthrough result (https://eprint.iacr.org/2025/118), Khovratovich, Rothblum, and Soukhanov show for the first time such an attack against a real-world protocol. Student’s task is to summarize the paper and to write an explanation of the attack. Difficulty: Master’s, PhD

Maiara Francine Bollauf

Oblivious transfer protocol in noisy channels

In an oblivious transfer protocol, a sender has some secret information to be transmitted to the receiver so that it remains unknown which piece of information has been sent. Coding theoretical techniques can be applied to guarantee constant rate oblivious transfer protocols, given that the underlying error-correcting codes satisfy some properties regarding the element-wise multiplication of their codewords. General constructions of such good codes remain an open question in the area and constitute the main objective of this project. Suitable for master's and PhD students interested in security applications of coding theory, with a background in linear algebra.

Mathematics of lattice-based security schemes

In lattice-based cryptography or physical-layer security, some lattice quantities are crucial to define whether a system is secure or not, or more secure than others. This is the case of the theta series, used to characterize the distance profile of all the lattice points. During this project, the objective is not only to study some known theta series but also to explore some new identities that would translate into substantial improvements in the state of the art in lattice-based security schemes. Suitable for master's and PhD students interested in the mathematical foundations of lattice-based cryptography. Desired background includes number theory and algebra.

Arnis Paršovs

Applied cyber security topics

Applied cyber security group offers research seminar supervision on various cyber security-related topics for students who are interested in more applied research that may involve hands-on activities as well. Various hardware can be provided to students for experiments. Students who are doing applied research must still describe the research they have performed in a seminar report and convince the supervisor that the work done is worth 3 ECTS (~78 hours of work). Students are welcome to contact Arnis Paršovs (arnis.parsovs@ UT) with their seminar topic ideas.

Recommended prerequisites: Applied Cryptography (MTAT.07.017) / Wireless Technologies and Security (LTAT.04.009)

Level:BSc, MSc or PhD

Dominique Unruh

Protocol verification in EasyCrypt

Cryptographic security proofs are important to make sure a cryptosystem is indeed secure. But they are also error prone. Since humans make and read them, there will often be mistakes that invalidate the whole idea of a proof. EasyCrypt is a popular tool (theorem prover) for doing security proofs on the computer. In this tool, you can write down a cryptographic proof in a very detailed way such that the computer will be able to follow it, and make 100% sure that it works.

The task of the seminar is to give an overview over the EasyCrypt tool, both covering the theoretic foundations and showing some (simple) example how to prove something.

Prerequisites: Some course where you saw cryptographic proofs

Note: In person supervision possible only till March 17. Afterwards only remotely.

The quantum random oracle

Random oracles are a proof technique in cryptography that idealizes hash functions. Basically, instead of dealing with the messy details of how a specific hash function works, we simply assume that it is a completely random function. This technique makes a lot of cryptographic proofs a lot simpler. (But it is a heuristic.) When it comes to quantum security, things get more complex. Now the adversary can do a query the oracle in a superposition between many values which messes up classical proof techniques.

The task of the seminar is to give an overview how to random oracle works in the quantum setting, and how one can do security proofs in it after all.

Prerequisites: Some crypto course and some quantum course.

Note: In person supervision possible only till March 17. Afterwards only remotely.

  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused