Lecture Notes
This section contains a set of lecture notes and scribe notes for each lecture. Scribe notes are latex transcriptions by students as part of class work. Scribe notes are used with permission of the students named.
Course Description
This course covers a number of advanced "selected topics" in the field of cryptography. The first part of the course tackles the foundational question of how to define security of cryptographic protocols in a way that is appropriate for modern computer networks, and how to construct protocols that satisfy thesesecurity definitions. For this purpose, the framework of "universally composable security" is studied and used. The second part of the course concentrates on the many challenges involved in building secure electronic voting systems, from both theoretical and practical points of view. In the third part, an introduction to cryptographic constructions based on bilinear pairings is given.
WEEK # | TOPICS | LECTURE NOTES | SCRIBE NOTES |
1 | L1: Overview of the Course. The "Classic" Definitional Framework of Multiparty Function Evaluation (along the lines of [C00]): Motivation for the Ideal-Model Paradigm. L2: The Basic Definition of Security. Variants. | (PDF) | L1-L2: "Universal Composability" by Yoav Yerushalmi and Steve Weis (PDF) |
2 | L3: The Non-Concurrent Composition Theorem. Example: Casting Zero-Knowledge within the Basic Definitional Framework. The Blum Protocol for Graph Hamiltonicity. L4: Sequential Composability of Zero-Knowledge. Problems with Non-Sequential Composability of Commitments and Zero-Knowledge. | (PDF) | L3-L4: "Universal Composability" by Yael Tauman Kalai and Abhi Shelat (PDF) |
3 | L5: Theory of Cryptography Conference (TCC) L6: Theory of Cryptography Conference (TCC) (cont.) | ||
4 | L7: The Universally Composable (UC) Security Framework: Motivation and the Basic Definition (based on [C01]). L8: Alternative Formulations of UC Security. The Universal Composition Theorem. Survey of Feasibility Results in the UC Framework. | (PDF) | |
5 | L9: UC Commitments: Motivation. The Ideal Commitment Functionality. Impossibility of Realizations in the Plain Model. L10: UC Commitment in the Common Reference String Model (based on [CF01]). Realizing the Ideal Commitment Functionality. The Multi-Commitment Functionality and Realization. | (PDF) | L9: "UC Commitments and Other Feasibility Results" by Susan Hohenberger (PDF) |
6 | L11: UC Zero Knowledge from UC Commitments. Secure Realization of any Multi-Party Functionality with any Number of Faults: The Semi-Honest Case. (Static, Adaptive, Two-Party, Multi-Party.) L12: Secure Realization of any Functionality: The Byzantine Case. The Case of Honest Majority without Set-Up. | (PDF) | |
7 | L13: Universal Composition with Joint State. L14: UC Signatures. Equivalence with Existential Unforgeability Against Chosen Message Attacks (as in [GMRi88]). Usage for Certification and Authentication. | (PDF) | L13-L14: "JUC; UC Signatures and Authentication" by Yoav Yerushalmi and Steve Weis (PDF) |
8 | L15: Authenticated Key Exchange and Secure-Session Protocols. L16: UC Formulation of Public-Key Encryption. Equivalence with CCA Security. | (PDF) | |
9 | L17: Electronic Voting/Introduction L18: Electronic Voting/Introduction (cont.) | ||
10 | L19: Verifiable Mix-Nets L20: Verifiable Mix-Nets (cont.) | ||
11 | L21: Verifiable Mix-Nets (cont.) L22: Verifiable Mix-Nets (cont.) | ||
12 | L23: Chaum's Voting Scheme L24: Chaum's Voting Scheme (cont.) | ||
13 | L25: Pairing-Based Cryptography L26: Pairing-Based Cryptography (cont.) |
No comments:
Post a Comment