(6*3 AP = 6*4.5 ECTS)

[General Information]
[Course description]
[Course Organization]
[Schedule]
[Background]
[OIS]

**THIS PAGE IS NOT READY YET. COME BACK LATER**

- Seminars lead by Helger Lipmaa. Office 334. Office hours: by appointment.
- Time and room: Wednesday 16:15-17:45, room 404.
**The first seminar is on 15.02.2006. Seminar time changed from Monday to Wednesday (10.01.06)** - Course material: papers and surveys on the subjects (see schedule). More information follows later.
- To pass the course: see Course Organization (http://research.cyber.ee/~lipmaa/teaching/MTAT.07.007/organization.php)
- Mailing list:
`teadus dot crypto at lists dot ut dot ee`. No brochure in Estonian. No exams.

**Focus for 2006**: This seminar will not have a very concrete focus.
Instead, we will look at recent developments in cryptography that should be
in the curriculum (Crypto I/II) but are not "there yet". I generally assume
that students have taken some course on cryptography.

Fastest way: use OIS. If you are not from your university (and thus do not have an account at OIS), or you were too late to register on OIS, then please send an email to the professor by 15 September 2005 with the following information (it is not mandatory, but useful in getting to know your background):

- Name, student id, department
- Information about yourself (list of publications, prerequisites, work experience that is relevant, description of your knowledge of area, a short research plan...). --- this is mostly needed to know your background, what do you know about the area and which topics might be interesting for you.

This additional information is not needed if you have participated in Lipmaa's seminars before. Still, please send an email unless you register by OIS.

Registered students (contact us or register in OIS if your name is not here): XXX.

For most of the topics, browse the corresponding section of Helger's Cryptopointers to find links to papers, surveys etc.

*Hash functions and their security*. Most of the standard hash functions (including MD5, SHA1) have been ``broken'' during the last year by a Chinese team of cryptographers.Goal: study the recent attacks by Wang, etc. Study whether collision-resistancy is needed in real life. /* Possibly two different topics */

Warning: Attacks by Wang part is not easy.

- Differential cryptanalysis: papers by Lipmaa (with Moriai, Wallén)
- Cryptography and coding theory: connections /* appetizer for the winter school */
- Secure P2P transmissions. See this paper and its references. /* appetizer for the winter school */ Also Byzantine agreement (see the paper on "Random Oracles in Constantinople")
*Privacy-preserving data-mining*. The primary task of data-mining is to develop models about aggregated data, for example bout the habits of the Internet users, about the loyal customers, etc. The main question of privacy-preserving data-mining (PPDM) is, can we develop accurate models without access to precise information in individual data records? The latter question has proven to be difficult to solve.Goal: study some existing PPDM methods (primarily cryptographic techniques).

Assume Kostya's seminar from previous semester as a prerequisite. See seminar in Finland (2003) with a lot of links. Helger's cryptopointers on PPDM.

*E-voting*: E-voting protocols enable to securely vote over the internet.Goal: Survey some of the secure systems; show what kind of security is possible or impossible to achieve. Show that the Estonian e-voting systems are not secure even in the sense of possible goals.

*E-auctions*: secure auctioning over the internet.Goal: Survey some of the secure systems; compare some existing protocols (Naor-Pinkas-Sumner, Lipmaa-Asokan-Niemi, ...).

*Zero-knowledge*is a central notion of cryptography, and in some sense, of computing in general.Goal: survey some papers. (Basing on the seminar of the last semester.)

- 2G/3G Mobile security
- Primality tests
- Traitor tracing/Broadcast encryption
*Special-Purpose Cryptanalytic Devices*:Goal: Study the links at http://www.wisdom.weizmann.ac.il/~tromer/cryptodev/, and write an overview/comparison. How do those devices effect the security of AES? RSA? Elliptic curve cryptosystems?

*Pairing-based cryptography*: A bilinear map is an efficiently computable non-trivial function f(x,y), s.t. f(a x,y)=f(x,a y)=f(x,y)^{a}. Given such a map, one can construct efficient cryptographic protocols for many interesting problems.Goal: study the paper Short signaturs without random oracles.

One topic proposed by Peeter Laud:

Goal: to study the papers. For MSc thesis --- extend them.

Papers:

Martin Abadi, Phillip Rogaway. Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption). Journal of Cryptology 15, 2 (2002), 103-127.

Daniele Micciancio, Saurabh Panjwani: Adaptive Security of Symbolic Encryption. Theory of Cryptography Conference 2005: 169-187

Daniele Micciancio, Bogdan Warinschi: Soundness of Formal Encryption in the Presence of Active Adversaries. Theory of Cryptography Conference 2004: 133-151

Véronique Cortier, Bogdan Warinschi: Computationally Sound, Automated Proofs for Security Protocols. European Symposium On Programming 2005: 157-171

Jonathan Herzog: A computational interpretation of Dolev-Yao adversaries. Theoretical Computer Science 340(1): 57-81 (2005)

Three topics by Jan Willemson (descriptions in Estonian, you'll have to check with him if you want to choose any of those topics; the last two topics are from general data security):

- Tarkvara sogastamine
- Tarkvara sogastamine (obfuscation) on tarkvara binaarkoodi muutmine funtsionaalsust säilitades eesmärgiga hoida ära pöördprojekteerimist (reverse engineering). Seminaritöö teemaks on koostada ülevaade efektiivsematest sogastamismehhanismidest ning nende teoreetilistest alustest (niipalju kui neid eksisteerib). Töö peaks sisaldama endas levinumate sogastamisvahendite (nt Zend Encrypt, mõni Java sogastaja omal valikul) analüüsi ja ründeid nendele. Töö teoreetiline osa peaks võtma kokku ja hindama väljapakutud formaalseid mudeleid sogastamise käsitlemiseks.
- Riskianalüüsi meetodid andmeturbes
Riskianalüüs võimaldab anda ratsionaalseid kvantitatiivseid hinnanguid andmeturbeinvesteeringutele. Seminaritöö teoreetiline osa hõlmab riskianalüüsi meetodite käsitlust ning uurib nende rakendusvõimalusi andmeturbesse. Praktiline osa peaks endast kujutama mõne konkreetse (näiteks seminarisosaleja tööga seotud) probleemi juhtumianalüüsi.

- Globaalsete turvaprobleemide mänguteoreetiline käsitlus
Mitmed globaalsed turvaprobleemid (rämpspost, viirused, DDoS ründed) on küllalt hästi kirjeldatavad evolutsioonilise ja/või majandusliku mänguteooria abil. Seminaritöö ülesandeks ongi valida üks turvaprobleem ning esitada selle käsitlus mänguteooria seisukohast. Teemaga tegelemine eeldab enese kurssiviimist majandusliku modelleerimise metoodikaga.

Want to know something about subject? Browse the link collection at http://research.cyber.ee/~lipmaa/crypto/.

Previous years (at TKK, Finland): [Autumn 2001] [Autumn 2002] [Autumn 2003] [Autumn 2004]

This page: http://research.cyber.ee/~lipmaa/teaching/MTAT.07.006/