(3+3 AP = 4.5+4.5 ECTS)

[General Information]
[Course description]
[Course Organization]
[Schedule]
[Background]
[OIS]

- Seminars lead by Helger Lipmaa. Office 334. Office hours: by appointment.
- Time and room: Friday 14:15-15:45, room ???. Seminars are only going to happen when somebody talks.
Check the schedule page.
**I will directly email information to all students, so email me if you want to be in my mailing list** - Course material: papers and surveys on the subjects (see schedule). More information follows later.
- To pass the course: see Course Organization (http://research.cyber.ee/~lipmaa/teaching/MTAT.07.006/organization.php)
- Mailing list:
`teadus dot crypto at lists dot ut dot ee`. No brochure in Estonian. No exams.

**The next will be discussed during the first seminar**. The seminar
series will not have a concrete focus. Instead, various supervisors propose
their topics for interested students. The supervisors mainly choose topics
that are interesting for themselves, which in particular means that they are
*in most cases* able to continue supervision also after the seminar
to the end of a potential MSc (or BSc/PhD?) thesis. Such continuation is
however not mandatory.

Students can also propose their own topics, but in this case they have to find a supervisor who is interested in supervision.

Some topics require previous knowledge of cryptography, but other topics will be accessible to students who take Crypto I in parallel (although, some independent work is to be expected in this case).

This course is obligatory for our NordSecMob master students. Everybody else is also more than welcome.

Fastest way: use OIS. If you do not manage - don't blame me, OIS was not programmed for human usage. (You probably have to email Ülle Holm who will then manually register you.)

Registered students:

- Riivo Talviste (supervisor: DB) - 24 April
- Katharina Kahrs (supervisor: SL) - 8 May
- Kaur Kasak (supervisor: HL) - 15 May
- Margus Niitsoo (supervisor: AB) - 22 May
- Dan Bogdanov (supervisor: SL) - 29 May

For most of the topics, browse the corresponding section of Helger's Cryptopointers to find links to papers, surveys etc.

List of the supervisors follows. Click on the name of the supervisor for topics proposed by the concrete supervisor.

- Homological Classification of Zero-Knowledge Proofs (MSc topic)
- Requires: Good mathematical background and ability to summarise. The
work should give an overview of basic zerro-knowledge proof techniques and
their properties. The main outcome has pedagogic value --- it will be a
supporting material for Crypto II course.
Similar work: Liina Kamm. Homological Classification of Commitment Schemes.

- Reasonably Efficient Certified Computations (MSc topic)
- Requires: Good mathematical background and ability to summarise. The work should give an overview of the GMW-compiler technique that allows to prove that outputs are computed correctly even if there are hidden (private) committed inputs. In particular, I am interested on the general construction that uses Pedersen Commitments and disjunctive proofs of knowledge in order to create zero-knowledge proof. The main outcome has pedagocoic value --- it will be a supporting material for Crypto II course
- Efficient Verifiable Protocols for Arithmetic Operations (MSc topic)
- Requires: Good mathematical background and ability to produce new ideas. The work should review the classical multiparty computation techniques from 1980-ies and generalise them for the setting where shares are taken form the ring ZZ_{2**n} (modulo 2**n) The main expected outcome is a verifiable protocols for multiplication, addition, bit extraction, and comparison.
- General Description of Multiplication Protocols for Additively Homomorphic Secret Sharing Schemes
- Requires: Good understanding of linear algebra and ability to solve functional equations. The work should describe all (or almost all) multiplication protocols with shares that are functional and secure. In particular, it should somehow explain why is the multiplication protocols harder when shares are taken from rings. The work can be both empirical or theoretical. In empirical apprach, one should generate all possible functional protocols for ZZ_{4}, ZZ_{5}....,ZZ_{still small enough modulus} and then somehow generalise the results. Fort example, conclude some impossibility results. In theoretical apprach, one should establish a general description for multiplication protocols (that is large enough to cover Shamir's scheme and the one used in Sharemind)
- Automatic Generation of Garbled Circuits (Practical implementation topic).
- Requires: Understanding how to parse algebraic and logical expressions. The student should implement a compiler that converts expression into boolean circuit and then converts this circuit into Yao's garbled circuit.

Want to know something about subject? Browse the link collection at http://research.cyber.ee/~lipmaa/crypto/.

Previous years: [Autumn 2001 @TKK] [Autumn 2002 @TKK] [Autumn 2003 @TKK] [Autumn 2004 @TKK] [Autumn 2005 @Tartu] [Autumn 2008 @Tartu]

This page: http://research.cyber.ee/~lipmaa/teaching/MTAT.07.006/