Institute of Computer Science
  1. Courses
  2. 2019/20 fall
  3. Cryptographic Protocols (MTAT.07.014)
ET
Log in

Cryptographic Protocols 2019/20 fall

  • Main Page
  • Lectures
  • Exercise sessions
  • Homework
  • Links

Lectures

The lecture slides will appear here sometime before (or perhaps after... hopefully before) the lecture. As long as we are covering similar topics to the last time I gave this course, the lecture slides are also expected to be similar.

  • September 3rd and 4th (plus some extra exercises for the first week)
  • September 10th and 11th: guest lectures by Jan Willemson about elliptic curves
  • September 17th and 18th: we will start with formal methods for verifying security properties of cryptographic protocols. Please install ProVerif on your laptops.
* Part 1 and Part 2 of the slides
* Steps 1, 2, 3, 4 of the analysis of the protocol using Horn clauses
* Steps 1, 2 of the analysis of the protocol using spi-calculus
* A cheat sheet for Proverif syntax
  • September 24th and 25th. Here is an example script that we used on September 24th. Here is the script that we used to look for attacks against password-based key-exchange protocols on September 25th.
  • October 1st.
  • October 8th-9th. An example of a garbled circuit.
  • October 15th (updated / corrected on November 13th).
  • On October 22nd, we first spoke about extending oblivious transfers and then moved on to secure multiparty computation secure against active adversaries. There is a separate set of slides for the proof of impossibility of broadcast if two many parties are malicious.
  • On October 29th, we will talk about garbled circuits that are secure against malicious adversaries. On October 30th, we continue, but also talk about the uses of homomorphic encryption.
  • On November 5th, we start by correcting the mess I did last time with constructing simulators for OT protocols. We continue with actively secure multiparty computation based on Shamir's sharing and will also talk more generally about Linear Secret Sharing Schemes (LSSS).
  • On November 12th, we start with the SPDZ protocol for actively secure MPC from additive secret sharing.
  • On the week of November 19th, we discuss how replication helps to achieve security in MPC.
  • On November 26th and 27th, we will see how we can get active security in MPC from verifying the computations of parties. This, being an example of zero-knowledge proofs, will serve as an introduction to that topic in general.
  • On December 3rd and 4th, we will talk about zk-SNARKs.
  • On December 10th, we will talk about Bulletproofs. We will finish the course with this topic.
  • Institute of Computer Science
  • Faculty of Science and Technology
  • University of Tartu
In case of technical problems or questions write to:

Contact the course organizers with the organizational and course content questions.
The proprietary copyrights of educational materials belong to the University of Tartu. The use of educational materials is permitted for the purposes and under the conditions provided for in the copyright law for the free use of a work. When using educational materials, the user is obligated to give credit to the author of the educational materials.
The use of educational materials for other purposes is allowed only with the prior written consent of the University of Tartu.
Terms of use for the Courses environment