ATI / Studies / MTAT.07.006 Research Seminar in Cryptography

MTAT.07.006 Research Seminar in Cryptography
(3+3 AP = 4.5+4.5 ECTS)

Autumn 2008: Various Topics in Cryptography

[General Information] [Course description] [Course Organization] [Schedule] [Background] [OIS]

General Information

Focus for 2009

The next will be discussed during the first seminar. The seminar series will not have a concrete focus. Instead, various supervisors propose their topics for interested students. The supervisors mainly choose topics that are interesting for themselves, which in particular means that they are in most cases able to continue supervision also after the seminar to the end of a potential MSc (or BSc/PhD?) thesis. Such continuation is however not mandatory.

Students can also propose their own topics, but in this case they have to find a supervisor who is interested in supervision.

Some topics require previous knowledge of cryptography, but other topics will be accessible to students who take Crypto I in parallel (although, some independent work is to be expected in this case).

This course is obligatory for our NordSecMob master students. Everybody else is also more than welcome.

Signing up for the seminar

Fastest way: use OIS. If you do not manage - don't blame me, OIS was not programmed for human usage. (You probably have to email Ülle Holm who will then manually register you.)

Registered students:

Proposed Topics (sorted by supervisor)

For most of the topics, browse the corresponding section of Helger's Cryptopointers to find links to papers, surveys etc.

List of the supervisors follows. Click on the name of the supervisor for topics proposed by the concrete supervisor.

Helger Lipmaa

I am able to supervise up to 3 students. It is highly recommended though not necessary that students continue on those topics to finish a MSc/PhD thesis.

Efficient cryptocomputing
Consider a client-server scenario where client asks some complex query from the server, with additional privacy requirement that server is oblivious to the specifics of the query. For example, client gets to know whether some database element (e.g., a fingerprint template) is close to client's input (concrete fingerprint data), without the server getting to know either client's input or which database element it was compared to. Such cryptocomputing protocols have obviously wide applications. I've done recently a lot of research on this topic, and I'd like to involve some of the students too.

Goal: study my recent eprint (I'll rewrite it in the near future), and try to improve on it. Requires: good mathematical background, ability to learn some key concepts of cryptography and theoretical computer science; MSC almost a must.

Privacy-preserving data mining
The primary task of data mining is to develop models about aggregated data, for example bout the habits of the Internet users, about the loyal customers, etc. The main question of privacy-preserving data mining (PPDM) is, can we develop accurate models without access to precise information in individual data records? The latter question has proven to be difficult to solve.

Goal: study some existing PPDM methods (primarily cryptographic techniques). Requires: good mathematical background, ability to learn some key concepts of cryptography and data mining.

See seminar in Finland (2003) with a lot of links. Helger's cryptopointers on PPDM.

E-voting protocols enable to securely vote over the internet. In particular, Estonia has e-voting.

Goal: Survey some of the secure systems; show what kind of security is possible or impossible to achieve. Show that the Estonian e-voting systems are not secure even in the sense of possible goals. Requires: good understanding of real-world security issues, ability to learn some key concepts of cryptography.

Some links:,

IND-CCA2 secure cryptosystems
The standard security assumption of public-key cryptosystems is that they are IND-CCA2 secure. The first such cryptosystem that is secure under reasonable assumptions was proposed by Cramer and Shoup in 1998.

Goal: Survey some recent works on this area. Requires: good mathematical background, ability to learn some key concepts of cryptography.

Hash functions
NIST runs currently a competition for the new hash function standard SHA-3. Many candidates were proposed, and soon a selection of the second round candidates will pick some of them for the further competition.

Goal: study on of the candidate hash functions. Write a survey that describes the function, security claims, etc. Discuss any known cryptanalysis. Possibility for independent work - try to break it.

Dan Bogdanov

Ahto Buldas

Peeter Laud

Sven Laur


Review form.

Want to know something about subject? Browse the link collection at

Previous years: [Autumn 2001 @TKK] [Autumn 2002 @TKK] [Autumn 2003 @TKK] [Autumn 2004 @TKK] [Autumn 2005 @Tartu] [Autumn 2008 @Tartu]

This page: