Cryptology II: Assignment topics
General description
The written assignment gives 50% of the final grade. Each student gets his or her topic and must write 6-10 pages long research report about the topic. The report should be self-contained, i.e., any other course participant should understand it without consulting the original sources. I grade both readability and mathematical precision. I ignore all grammar mistakes in the text, as long as they do not make the text unreadable. A good readability is assured by well structured presentation and natural exposition of the problem. A consistent and easily memorable notation is certainly a good start. Mathematical precision is mainly correctness of proofs and definitions. The proofs should be without gaps and glitches.
Depending on the topic, the report can be either fully referative or contain some new results. In both cases, the results should be proved in the exact security framework, i.e., all security guarantees must be stated in explicit (t,e)-language.
The preferable structure of the report is following.
- Introduction. Basic description of the problem and motivation why is it interesting at all.
- Cryptographic preliminaries. Description of all preliminary results that are used in further sections. For example, basic definitions and common notation.
- Main result/Main techniques. The most important result presented in the report.
- Proofs. All technical details that are necessary for self-containment, but break the normal flow.
- References. A list of papers that are either used in the report or otherwise relevant.
Block-ciphers and their working modes
Liina Kamm
Task- Give game-playing security proofs for common block-cipher working modes
(ECB, CTR, CBC, CFB, OFB). - Give a game-playing security proof for the PRP/PRF switching lemma.
- Mihir Bellare, Joe Kilian, Phillip Rogaway: The Security of Cipher Block Chaining. CRYPTO 1994: 341-358
- Mihir Bellare, Phillip Rogaway: The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs. EUROCRYPT 2006: 409-426
- Victor Shoup: Sequences of games: a tool for taming complexity in security proofs, EPRINT.
- Give game-playing security proofs for common block-cipher working modes
-
Circuit evaluation techniques
Dan Bogdanov
Task- Describe the Yao's circuit evaluation protocol for the semi-honest model.
- Generalise the result to the information theoretical security model.
- Yehuda Lindell and Benny Pinkas: A Proof of Yao's Protocol for Secure Two-Party Computation, EPRINT.
- Phillip Rogaway. The Round Complexity of Secure Protocols. MIT Ph.D. Thesis, June 1991.
- Benny Pinkas: Fair Secure Two-Party Computation. EUROCRYPT 2003: 87-105.
- Dahlia Malkhi, Noam Nisan, Benny Pinkas, Yaron Sella: Fairplay - Secure Two-Party Computation System. USENIX Security Symposium 2004: 287-302
-
Fairness in two-party computations
Margus Niitsoo: Final Report
Task- Describe in modern language the lower limit on the number of rounds in two-party protocol that are needed to achieve fairness.
- Generalise the result for balanced predicates.
- Generalise the result for unbalanced predicates and functions.
- Generalise the result for computations with honest minority.
- Richard Cleve: Limits on the Security of Coin Flips when Half the Processors Are Faulty (Extended Abstract), STOC, 1986.
- A mystical remark in one of crypto articles in the late 1980-ies that says what is the corresponding generalisation for other functions.
-
Hybrid encryption and key encapsulation methods
???
Task- Give an overview of the KEM/DEM framework.
- Describe a KEM method that leads to IND-CPA secure cryptosystem.
- Describe one possible KEM method that leads to the IND-CCA2 secure cryptosystem.
- Dennis Hofheinz, Eike Kiltz: Secure Hybrid Encryption from Weakened Key Encapsulation. CRYPTO 2007: 553-571.
- Masayuki Abe, Rosario Gennaro, Kaoru Kurosawa, Victor Shoup: Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM. EUROCRYPT 2005: 128-146.
- Kaoru Kurosawa, Yvo Desmedt: A New Paradigm of Hybrid Encryption Scheme. CRYPTO 2004: 426-442.
-
CDS-proof techniques for honest verifiers
Long Ngo
Task- Describe and define sigma protocols.
- Describe how to construct proofs of knowledge to facts [I know A] OR [I know B] and [I know A] AND [I know B].
- Describe how to construct proofs knowledge for all monotone formulae if you have proofs of knowledge for each ground term.
- Describe how to construct proofs knowledge for all formulae if you have proofs of knowledge for each ground term with the help of auxiliary variables.
- Ronald Cramer, Ivan Damgård, Berry Schoenmakers: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. CRYPTO 1994: 174-187.
-
Canonical constructive correspondence for share-computing
Yanjun Yao
Task
General structural result implies that a multiparty protocol is secure if it is extractable, simulatable and equivocable. Prove this result for share-computing protocols that first share all inputs and then do lots of computations with shares and then finally publish shares.- Define extractability.
- Define perfect simulatability.
- Define re-sharing.
- Prove that an extractable protocol that uses re-sharing before publishing the final shares is secure if it is perfectly simulatable.
- Give some examples.
- Talk to Jan and Sven about it