General
Information  Announcements  Course Objectives  Course Outline  Lectures
 Required Text and Materials
 Class Requirements  Student Presentations  Exams
Sorin Iftene
Office: C301
Email: siftene@info.uaic.ro
Tel: (0232) 201538
Monday,
from
The seminar from May
2 is rescheduled on May 19 (C309, 16:00 – 18:00)
The seminar from
April 25 is rescheduled on April 23 (C112, 18:00 – 20:00)
This course will cover some of the latest cryptographic
techniques for security protocols. This course intends to stimulate
students in their own
research  improve their ability of extracting, presenting, and discussing
results from recent papers
on a certain topic
and try to extend/improve them.
Basics in cryptology  cryptosystems, digital
signatures, (keyed) hash functions
Secret sharing
Threshold cryptography
Latticebased cryptography
Elliptic curve cryptography
Oblivious transfer
Private information retrieval. Secure keyword search
Zeroknowledge proofs
Secure multiparty computations (case studies: set intersection, eauction, evoting)
Evoting based on mixnets
Pairingbased cryptography. Identity based encryption
Efficient arithmetic for cryptography
Discrete logarithm algorithms
More secret sharing  weighted, compartmented,
hierarchical
Additional capabilities in secret sharing
(dealerfree, composability, changeability)
Cryptosystems based on theory of formal languages
Signcryption
Broadcast encryption. Tracing traitors
Digital signatures with additional capabilities
online/offline signatures
undeniable signatures
designated confirmer signatures
failstop signatures
onetime signatures
forwardsecure digital signatures
group signatures
ring signatures
proxy signatures
delegateable signatures
list signatures
aggregate signatures
chameleon signatures
Credential systems
Exposure resilient
cryptography
Key escrow
Commitment schemes
Fair exchange
Coin flipping
Deniable encryption
Computation with
encrypted inputs
Conditional
oblivious transfer
Distributed
oblivious transfer
Oblivious
polynomial evaluation
Oblivious transfer
with adaptive queries
Search on encrypted
data
Password management
Incremental
cryptography
Visual cryptography
Micropayments
Elotteries
1. Basics in
cryptology – symmetric cryptosystems, publickey
cryptosystems, digital signatures, (keyed) hash functions (February 18)
References
·
Chapter 1 of Handbook
of Applied Cryptography (by Alfred J. Menezes, Paul C. van Oorschot and
Scott A. Vanstone)
·
Seminar  Efficient
arithmetic for cryptography Chapter 14 of
Handbook of Applied Cryptography
2. Secret sharing – access structures, models for secret
sharing, threshold secret sharing schemes (Shamir’s scheme, AsmuthBloom
scheme), general secret sharing schemes (schemes based on cumulative maps,
schemes based on formula templates) (February 25)
References
·
A. Shamir. How to share a secret. Communications of the ACM,
22(11):612–613, 1979
·
C. A. Asmuth and J. Bloom. A modular approach to key safeguarding.
IEEE Transactions on Information Theory, IT29(2):208–210, 1983
·
H. Ghodosi, J. Pieprzyk, R. SafaviNaini, and H. Wang.
On construction of cumulative
secret sharing schemes.
In C. Boyd and E. Dawson, editors, ACISP ’98:
Proceedings of the Third Australasian Conference on Information Security and
Privacy, volume 1438 of Lecture Notes in Computer Science, pages 379–390. SpringerVerlag,
1998
·
J. Benaloh and J. Leichter. Generalized
secret sharing and monotone functions. In
·
Seminar  Discrete
logarithm problem  A. M. Odlyzko. Discrete
logarithms: The past and the future. Designs, Codes, and Cryptography 19 (2000), pp. 129145.
Reprinted in Towards a QuarterCentury of Public Key Cryptography, N.
Koblitz, ed., Kluwer, 2000, pp. 5975
3. Verifiable secret sharing.
Threshold cryptography (March 3)
References
·
P. Feldman. A practical scheme for
noninteractive verifiable secret sharing. In Proceedings of the 28th
IEEE Symposium on the Foundations of Computer Science, 1987, pages 427–437.
IEEE Press, 1987
·
T. P. Pedersen.
Noninteractive
and informationtheoretic secure verifiable secret sharing. In J.
Feigenbaum, editor, Advances in Cryptology  CRYPTO ’91, volume 576 of Lecture
Notes in Computer Science, pages 129–140. SpringerVerlag, 1992
·
Y. Desmedt and Y. Frankel. Threshold
cryptosystems. In G. Brassard, editor, Advances in Cryptology  CRYPTO
’89, volume 435 of Lecture Notes in Computer Science, pages 307–315.
SpringerVerlag, 1990
·
V. Shoup. Practical threshold signatures.
In B. Preneel, editor, Advances in Cryptology  EUROCRYPT 2000, volume 1807 of
Lecture Notes in Computer Science, pages 207–220. SpringerVerlag, 2000
·
K. M. Martin,
R. SafaviNaini, H. Wang, and P. R. Wild. Distributing the encryption and
decryption of a block cipher. Designs, Codes and Cryptography,
36(3):263–287, 2005
·
Seminar  Secret sharing based on
information dispersal. More secret sharing  weighted, compartmented,
hierarchical.
4. Latticebased cryptography. Elliptic curve cryptography
(March 10)
References
·
P. Q. Nguyen and J. Stern. The Two Faces
of Lattices in Cryptology. In Revised Papers From the international
Conference on Cryptography and Lattices (
·
N. Koblitz, A. Menezes, and S. Vanstone. The State of
Elliptic Curve Cryptography. Designs,
Codes and Cryptography Volume 19 , Issue 23 (March 2000),
173193
·
Seminar  Additional capabilities
in secret sharing (dealerfree, composability, changeability, multisecret
sharing)
5. Oblivious transfer
(March 17)
References
·
M. O. Rabin. How to exchange secrets by oblivious
transfer. Technical Report TR81, Aiken Computation Laboratory,
·
S. Even, O. Goldreich, and A.
Lempel. A
Randomized Protocol for Signing Contracts. Communications of the ACM,
Volume 28, Issue 6, pg. 637647, 1985
·
C. Crépeau. Equivalence
between two flavours of oblivious transfer. In Advances in Cryptology:
CRYPTO '87, volume 293 of Lecture Notes in Computer Science, pages 350354.
SpringerVerlag, 1988
·
M. Bellare and S. Micali. Noninteractive
oblivious transfer and applications. In Advances in Cryptology: CRYPTO
'89, volume 435 of Lecture Notes in Computer Science, pages 547557.
SpringerVerlag, 1990
·
F. Bao, R. H. Deng, and P. Feng. An Efficient and Practical Scheme for
Privacy Protection in the ECommerce of Digital Goods. In Proceedings
of ICISC 2000, volume 2015 of Lecture
Notes in Computer Science, pages 162170. SpringerVerlag, 2001
·
Seminar  student
presentations (Cryptosystems based on theory of formal languages, Signcryption,
Onetime digital signatures)
6. Private information
retrieval (March 24)
References
·
E. Kushilevitz and R. Ostrovsky. Replication is NOT
Needed: SINGLE Database, ComputationallyPrivate Information Retrieval.
In Proceedings of 38th Annual Symposium on Foundations of Computer Science
(FOCS 1997), pages 364373, 1997
·
R. Ostrovsky and W. E. Skeith III. A
Survey of SingleDatabase Private Information Retrieval: Techniques and
Applications. In Proceedings of Public Key Cryptography 2007, Lecture
Notes in Computer Science 4450, pages 393411, 2007
·
Seminar  student
presentations (Broadcast encryption, Tracing traitors, Failstop digital
signatures, Undeniable digital signatures)
Midterm Exam (Friday, April 4,
18.0020.00, in C112)
7. Zeroknowledge
proofs (April 7)
References
·
O. Goldreich. Zeroknowledge
twenty years after its invention. Electronic Colloquium on
Computational Complexity, Report No. 63, 2002 (a revised
version )
·
Seminar  student presentations
(Conditional oblivious transfer, Distributed oblivious transfer, Secure keyword
search)
8. ∑Protocols (April 14)

Identification protocols – FiatShamir, GuillouQuisquater,
Schnorr
 Proofs of equality of (double) discrete logarithms with
applications in verifiable encryption and publicly verifiable secret sharing
References
·
A. Fiat and A. Shamir. How to prove
yourself: Practical solutions to identification and signature problems.
Advances in Cryptology–CRYPTO ’86 (LNCS 263), 186–194, 1987
·
U. Feige, A. Fiat, and A. Shamir. Zeroknowledge proofs of identity.
Journal of Cryptology, 1 (1988), 77–94
·
L. C. Guillou,
J.J. Quisquater. A
practical zeroknowledge protocol fitted to security microprocessor minimizing
both transmission and memory. Advances in
Cryptology–EUROCRYPT ’88 (LNCS 330), 123–128, 1988
·
C. P. Schnorr. Efficient
identification and signatures for smart cards. Advances in
Cryptology–CRYPTO ’89 (LNCS 435), 239–252, 1990
·
R. Cramer, R.
Gennaro, and B. Schoenmakers. A secure and optimally
efficient multiauthority election scheme. In W. Fumy, editor, Advances
in Cryptology  EUROCRYPT ’97, volume 1233 of Lecture Notes in Computer
Science, pages 103–118. SpringerVerlag, 1997
·
M. Stadler. Publicly verifiable
secret sharing. In U. M. Maurer, editor, Advances in Cryptology 
EUROCRYPT ’96, volume 1070 of Lecture Notes in Computer Science, pages 190–199.
SpringerVerlag, 1996
·
B. Schoenmakers. A simple publicly
verifiable secret sharing scheme and its application to electronic voting.
In M. J. Wiener, editor, Advances in Cryptology  CRYPTO ’99, volume 1666 of
Lecture Notes in Computer Science, pages 148–164. SpringerVerlag, 1999
·
Seminar  student
presentations (Search on encrypted data, Incremental cryptography, Ring
signatures)
9. Secure Multiparty
Computation (April 21)

Yao’s garbled circuit technique

Techniques based on secret sharing

Private Set Intersection
References
·
A. C. Yao. Protocols for secure
computations (extended abstract). In Proceedings of Twentythird IEEE Symposium
on Foundations of Computer Science,
·
A. C. Yao. How to generate
and exchange secrets. In Proceedings of the 27th IEEE Symposium on
Foundations of Computer Science, pages 162167, 1986
·
D. Malkhi, N.
Nisan, B. Pinkas and Y. Sella. Fairplay  A Secure TwoParty
Computation System. Proceedings of Usenix Security '2004, pp. 287–302,
·
M. BenOr, S.
Goldwasser, and A. Wigderson. Completeness
theorems for noncryptographic faulttolerant distributed computation (extended
abstract). In Proceedings of the Twentieth ACM Symposium on Theory of
Computing, STOC ’88, pages 1–10, 1988
·
R. Gennaro, M. O.
Rabin, and T. Rabin. Simplified VSS and
fasttrack multiparty computations with applications to threshold cryptography.
In PODC ’98: Proceedings of the seventeenth ACM symposium on Principles of
distributed computing, pages 101–111. ACM Press, 1998
·
M. Freedman, K.
Nissim and B. Pinkas. Efficient Private Matching and
Set Intersection. Advances in Cryptology  Eurocrypt '2004 Proceedings,
LNCS 3027, SpringerVerlag, pp. 119, May 2004
·
Seminar  student
presentations (Fair exchange, Visual cryptography, Biometrics identification)
Eastern holiday (April 28 – May 2)
10. Evoting protocols
(May 5)
References
·
R. Cramer, M. K.
Franklin, B. Schoenmakers, and M. Yung. Multiauthority
secretballot elections with linear work. In U.Maurer, editor, Advances
in Cryptology  EUROCRYPT ’96, volume 1070 of Lecture Notes in Computer
Science, pages 72–83. SpringerVerlag, 1996
·
R. Cramer, R.
Gennaro, and B. Schoenmakers. A secure and optimally
efficient multiauthority election scheme. In W. Fumy, editor, Advances
in Cryptology  EUROCRYPT ’97, volume 1233 of Lecture Notes in Computer
Science, pages 103–118. SpringerVerlag, 1997
·
A. Fujioka., T.
Okamoto, and K. Ohta. A Practical Secret Voting Scheme for Large Scale
Elections. In Proceedings
of the Workshop on the theory and Application of Cryptographic Techniques:
Advances in Cryptology (December 13  16, 1992). J. Seberry and Y.
Zheng, Eds. Lecture Notes In Computer Science, vol.
718. SpringerVerlag,
·
M. Jakobsson and
A. Juels. Millimix:
Mixing in Small Batches. DIMACS
Technical Report 9933, 1999
·
D. Boneh and P.
Golle. Almost Entirely
Correct Mixing With Applications to Voting. In Proceedings of the 9th
ACM Conference on Computer and Communications Security, pages 6877, 2002
·
Seminar  student
presentations (Password management, Computation with encrypted inputs)
11. Pairingbased
cryptography (May 12)
References
·
A. Joux. A oneround
protocol for tripartite DiffieHellman. Algorithm Number Theory
Symposium (ANTSIV), Lecture Notes on
Computer Science 1838, SpringerVerlag (2000), pp. 385394
·
D. Boneh, M.
Franklin. Identitybased
encryption from the Weil pairing.
Advances in Cryptology Crypto'2001, Lecture Notes on Computer Science
2139, SpringerVerlag (2001), pp. 213229
·
D. Boneh, B.
Lynn, H. Shacham. Short signatures
from the Weil pairing. Advances in Cryptology Asiacrypt'2001, Lecture
Notes on Computer Science 2248, SpringerVerlag (2001), pp. 514532
·
D. Boneh, C. Gentry,
B. Lynn, H. Shacham. Aggregate and
Verifiably Encrypted Signatures from Bilinear Maps. Advances in
Cryptology  Eurocrypt'2003, Lecture Notes on Computer Science 2656,
SpringerVerlag (2003), pp. 416432
·
D. Boneh, G. Di
Crescenzo, R. Ostrovsky, G. Persiano. Public key
encryption with keyword search. Advances in Cryptology Eurocrypt'2004,
Lecture Notes on Computer Science 3027, SpringerVerlag (2004), pp. 506522
·
Seminar  student
presentations (Eauctions, Epayments)
Cryptosystems based on theory of formal
languages (Besliu Larisa Elena (MSD), Fodor Gabi Razvan (MISS))
Signcryption (Acasandrei Anca Liliana
(MSD), Herghelegiu Ioana (MISS))
Onetime digital signatures (Costea George
Alin (MSD), Cotoi Cristian (MISS))
(March 17, March 21)
Broadcast encryption. Tracing traitors (Onica Emanuel
(MSD), Diaconu Adrian (MISS), Mirza Lesan Ion (MISS))
Failstop digital signatures (Cracana
Roxana (MISS))
Undeniable digital signatures (Cristea Marius
(MSD), Dobrincu Dan Ionel (MISS))
(March 24, March 28)
Conditional oblivious transfer (Mardari Laura
(MLC), Gheorghita Irina Ioana (MISS), Munteanu Anca Stefana (MISS))
Distributed oblivious transfer (Dima Emanuel
(MSD))
Secure keyword search (Amariei Ciprian
(MSD), Matcovici Ioan (MISS))
(April 7, April 11)
Search on encrypted data (Botea Bogdan
(MISS), Postudor Vlad (MISS), Pantilimon Narcisa Maria (MISS))
Incremental cryptography (Mihaila Andrei
(MSD), Rotaru Adrian (MISS))
Ring signatures (Popa Tudor (MISS))
(April 14, April 18)
Fair exchange (Caltais Georgiana (MISS),
Goriac Eugen Ioan (MISS), Dabija Constantin Alexandru (MISS))
Visual cryptography (Rustioru Raluca
(MSD), Valica Ecaterina (MISS))
Biometrics identification (Turcu Paul (MISS))
(April 21, April 23)
Password management (Deliu Constantin
Gabriel (MISS), Matei Irinel (MISS), Rusu Anda Ramona (MISS), Sandu Roxana
(MISS))
Computation with encrypted inputs (Goldan Elena
Amalia (MISS), Tabara Iulian (MISS))
(May 5, May 9)
Eauctions (Pantescu Andreea (MSD),
Morosan Raluca Melania (MISS), Soldanescu Alina Dana (MISS), Ungureanu Radu
Andrei (MISS))
Epayments (Sardariu Costel Cristinel
(MISS), Perietanu Elena (MISS), Sarghie Costel Cristinel (MISS))
Elotteries and Ecasinos (Luca Bogdan Lucian
(MISS), Vlad Silviu Adrian (MISS))
(May 12, May 16, May 19)
Most of the course and seminar material will be based on conference or
journal articles which will be announced in advance.
Class participation: Students are expected to come prepared and
actively participate in the courses and seminars.
Class presentation: Every student is
required to give a class presentation (roughly 25 minutes) on a selected topic
(see the above list)
The course grade will be determined
as follows:
presentation of a report on a
selected topic (during seminars):
40%
midterm exam:
30%
final exam:
30%
(You have to collect at least 50% points from
the presentation, and at least 50% points from each
exam)
 midterm exam (Friday, April
4, 18.0020.00, in C112)
 final exam (Friday, May 23,
18.0020.00, in C112)
 reevaluation exam
(Tuesday, June 17, 18.0020.30, in C112)