(3+3 AP = 4.5+4.5 ECTS)

[General Information]
[Course description]
[Course Organization]
[Schedule]
[Background]
[OIS]

- Seminars lead by Helger Lipmaa. Office 334. Office hours: by appointment.
- Time and room: Monday 14:15-15:45, room 315.
**The first seminar is on 05.09.2005**However,**we will have ``appetiser'' cryptographic seminars already in August; everybody is welcome.** - Course material: papers and surveys on the subjects (see schedule). More information follows later.
- To pass the course: see Course Organization (http://research.cyber.ee/~lipmaa/teaching/MTAT.07.006/organization.php)
- Mailing list:
`teadus dot crypto at lists dot ut dot ee`. No brochure in Estonian. No exams.

**Focus for 2005**: Since this will be the first similar seminar in Tartu, it
will not have a very concrete focus. Instead, we will look at recent
developments in cryptography that should be in the curriculum (Crypto I/II)
but are not "there yet". As such, some topics will be accessible to students
who take Crypto I in parallel (although, some independent work is to be
expected in this case).

Fastest way: use OIS. If you are not from your university (and thus do not have an account at OIS), or you were too late to register on OIS, then please send an email to the professor by 15 September 2005 with the following information (it is not mandatory, but useful in getting to know your background):

- Name, student id, department
- Information about yourself (list of publications, prerequisites, work experience that is relevant, description of your knowledge of area, a short research plan...). --- this is mostly needed to know your background, what do you know about the area and which topics might be interesting for you.

This additional information is not needed if you have participated in Lipmaa's seminars before. Still, please send an email unless you register by OIS.

Registered students (contact us or register in OIS if your name is not here): Sven Laur, Jaak Pruulmann-Vengerfeldt, Kaspar Ilves, Hando Tint, Marko Jõemets, Aleksei Ivanov, Liina Kamm, Konstantin Tretjakov, Alexandre Grebennik, Dan Bogdanov, Kadri Hendla, Oleg Kos^ik.

For most of the topics, browse the corresponding section of Helger's Cryptopointers to find links to papers, surveys etc.

*Enigma*. Enigma was the machine used by Germans to encrypt their data during WW2. Breaking of Enigma by Polish and British cryptanalysts is considered to be one of the very important reasons why the allies won.Goal: Work through the available descriptions of Enigma, familiarise yourself with it. Write a survey on Enigma and on its recent cryptanalysis. /* Possibly two diffent topics */

Extended goals (any of them are suitable for MSc thesis): (a) Study existing Enigma simulators. Implement some cryptanalytic attacks so that the results will be visually appealing and understandable. (b) Extend attacks (for theory oriented). (c) Implement Enigma by using Lego Mindstorms.

Links: here.

*Hash functions and their security*. Most of the standard hash functions (including MD5, SHA1) have been ``broken'' during the last year by a Chinese team of cryptographers.Goal: study the recent attacks by Wang, etc. Study whether collision-resistancy is needed in real life. /* Possibly two different topics */

- Disk sector encryption. Recently, several efficient and secure block
cipher modes have been proposed for large-block encryption that is suitable
for example for disk sector encryption.
Goal: study the corresponding papers. See here for papers.

*Private Information Retrieval*. PIR protocols are used to retrieve an element of the database without the database maintainer getting to know which element was retrieved. As such, they are basic components of many privacy-preserving data-mining (but not only) protocols.Goal: study the recent PIR protocols by Lipmaa and Gentry/Ramzan.

*Privacy-preserving data-mining*. The primary task of data-mining is to develop models about aggregated data, for example bout the habits of the Internet users, about the loyal customers, etc. The main question of privacy-preserving data-mining (PPDM) is, can we develop accurate models without access to precise information in individual data records? The latter question has proven to be difficult to solve.Goal: study some existing PPDM methods (primarily cryptographic techniques).

See seminar in Finland (2003) with a lot of links. Helger's cryptopointers on PPDM.

*E-voting*: E-voting protocols enable to securely vote over the internet.Goal: Survey some of the secure systems; show what kind of security is possible or impossible to achieve. Show that the Estonian e-voting systems are not secure even in the sense of possible goals.

*E-auctions*: secure auctioning over the internet.Goal: Survey some of the secure systems; compare some existing protocols (Naor-Pinkas-Sumner, Lipmaa-Asokan-Niemi, ...).

*IND-CCA2 secure cryptosystems*. The standard security assumption of public-key cryptosystems is that they are IND-CCA2 secure. The first such cryptosystem that is secure under reasonable assumptions was proposed by Cramer and Shoup in 1998.Goal: Survey the Cramer-Shoup paper and some of the more recent works on this area.

*Zero-knowledge*is a central notion of cryptography, and in some sense, of computing in general.Goal: survey some papers.

*Special-Purpose Cryptanalytic DevicesSpecial-Purpose Cryptanalytic Devices*:Goal: Study the links at http://www.wisdom.weizmann.ac.il/~tromer/cryptodev/, and write an overview/comparison. How do those devices effect the security of AES? RSA? Elliptic curve cryptosystems?

*Pairing-based cryptography*: A bilinear map is an efficiently computable non-trivial function f(x,y), s.t. f(a x,y)=f(x,a y)=f(x,y)^{a}. Given such a map, one can construct efficient cryptographic protocols for many interesting problems.Goal: study the paper Short signaturs without random oracles.

One topic proposed by Peeter Laud:

Goal: to study the papers. For MSc thesis --- extend them.

Papers:

Martin Abadi, Phillip Rogaway. Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption). Journal of Cryptology 15, 2 (2002), 103-127.

Daniele Micciancio, Saurabh Panjwani: Adaptive Security of Symbolic Encryption. Theory of Cryptography Conference 2005: 169-187

Daniele Micciancio, Bogdan Warinschi: Soundness of Formal Encryption in the Presence of Active Adversaries. Theory of Cryptography Conference 2004: 133-151

Véronique Cortier, Bogdan Warinschi: Computationally Sound, Automated Proofs for Security Protocols. European Symposium On Programming 2005: 157-171

Jonathan Herzog: A computational interpretation of Dolev-Yao adversaries. Theoretical Computer Science 340(1): 57-81 (2005)

Three topics by Jan Willemson (descriptions in Estonian, you'll have to check with him if you want to choose any of those topics; the last two topics are from general data security):

- Tarkvara sogastamine
- Tarkvara sogastamine (obfuscation) on tarkvara binaarkoodi muutmine funtsionaalsust säilitades eesmärgiga hoida ära pöördprojekteerimist (reverse engineering). Seminaritöö teemaks on koostada ülevaade efektiivsematest sogastamismehhanismidest ning nende teoreetilistest alustest (niipalju kui neid eksisteerib). Töö peaks sisaldama endas levinumate sogastamisvahendite (nt Zend Encrypt, mõni Java sogastaja omal valikul) analüüsi ja ründeid nendele. Töö teoreetiline osa peaks võtma kokku ja hindama väljapakutud formaalseid mudeleid sogastamise käsitlemiseks.
- Riskianalüüsi meetodid andmeturbes
Riskianalüüs võimaldab anda ratsionaalseid kvantitatiivseid hinnanguid andmeturbeinvesteeringutele. Seminaritöö teoreetiline osa hõlmab riskianalüüsi meetodite käsitlust ning uurib nende rakendusvõimalusi andmeturbesse. Praktiline osa peaks endast kujutama mõne konkreetse (näiteks seminarisosaleja tööga seotud) probleemi juhtumianalüüsi.

- Globaalsete turvaprobleemide mänguteoreetiline käsitlus
Mitmed globaalsed turvaprobleemid (rämpspost, viirused, DDoS ründed) on küllalt hästi kirjeldatavad evolutsioonilise ja/või majandusliku mänguteooria abil. Seminaritöö ülesandeks ongi valida üks turvaprobleem ning esitada selle käsitlus mänguteooria seisukohast. Teemaga tegelemine eeldab enese kurssiviimist majandusliku modelleerimise metoodikaga.

Want to know something about subject? Browse the link collection at http://research.cyber.ee/~lipmaa/crypto/.

Previous years (at TKK, Finland): [Autumn 2001] [Autumn 2002] [Autumn 2003] [Autumn 2004]

This page: http://research.cyber.ee/~lipmaa/teaching/MTAT.07.006/