Lectures
The lecture slides will appear here sometime before (or perhaps after... hopefully before) the lecture.
- September 2nd (plus some extra exercises for the first week).
- On September 9th and and probably also 16th, we will check out the ProVerif protocol analyser. Please have it installed on your computers. The lecture slides are here. Here (1, 2, 3, 4) are the intermediate and final scripts for modelling our example key exchange protocol as Horn clauses, analysing it for secrecy. Here is the model as Horn clauses, analysis for the correspondence properties. Here (1, 2, 3) are the intermediate and final scripts for modelling it in spi-calculus. Here are the (Old) scripts for the analysis of the Mobile-ID identification protocol.
- On September 16th, we take a look at protocol properties beyond secrecy and authenticity. Perhaps we will use these scripts (1, 2) somewhere. Here (1, 2, 3) are the pictures and here (repeated authentication, Woo-Lam authentication) the protocol scripts from the first lecture in 2020. Here (1, 2, 3) are the pictures and here the script of the offline guessing example from the second lecture in 2020. We also intend to get in some discussion about TLS, also looking at the record protocol of its older versions.
- On September 23rd, Alisa will do more exercises with ProVerif. In order to follow the structure of this web page, the details can be found here: https://courses.cs.ut.ee/2021/cryptoproto/fall/Main/Exercises.
- On September 30th, we start with secure multiparty computation. We will do exercises in proving the security of the constructions for oblivious transfer. The whole lecture will be very similar to the one in previous year.
- On October 7th, we will take a look at secret sharing and protocols based on that. We can also return back to the various constructions of oblivious transfer in previous week's slides, and try to prove their security against passive adversaries.
- On October 14th, we plan to do an exercise session. We analyse the OT constructions that we have seen (or have not seen); we practice multiplication of secret-shared values. At some moment, we spoke about extending oblivious transfers.
- On October 21st, we started to discuss multiparty computation secure against malicious adversaries, speaking about maliciously secure garbled circuits and oblivious transfer. The used slides were a mix of this, this, this, and this.
- On October 28th, we will talk about actively secure multiparty computation based on linear secret sharing. In the exercise session we will do the exercises included in the slides.
- On November 4th, the lecture will be about actively secure multiparty computation using the SPDZ protocol and we also did most of the exercises on the slides. We did not cover the security analysis of the protocol. On November 11th, we continued with the preprocessing part of the SPDZ protocol. Slides for these two lectures are available in one slide deck.
- On November 18th, we discuss getting active security from replication. We did not reach the bonus material slides.
- In December (four weeks, starting from Nov. 25), we will talk about Zero-knowledge proofs. Here is an example of the GKR protocol in the form of a Jupyter notebook using OCaml (also as pdf).
- Right before Christmas, there will be a lecture about translating programs into MPC protocols or ZK proof statements.
