Cryptographic Protocols (MTAT.07.005)
Time and location
| Lectures and practice sessions
|| Tue 12:15 - 15:45
|| Liivi 2-404
| Thu 10:15 - 11:45
|| Liivi 2-404
|| January 8th
9 - 13
| January 29th
9 - 13
Grade is determined by the final exam. There may be some optional
take-home exercises. The highest grade will theoretically be obtainable without doing
The course will cover two main topics:
- Protocols for authentication and key agreement. The definitions of
various properties, attacks against protocols, ways to determine their
- Multiparty computation and its various interesting variants. This part
of the course will be influenced by Helger Lipmaa's lectures
on the same topic.
- Dec. 13th: I came up with a take-home exercise. See
the lecture slides about universal composability.
- Dec. 13th: The book that served as the basis of
George's lecture about anonymous credentials is available
- Oct. 29th: The lectures in Dec. 4th and Dec. 6th (from
8:15 to 11:45) will be given by George Danezis. The focus of the lectures
will be on anonymity.
- Oct. 29th: I am not in Tartu (or, for that matter,
Estonia) from Nov. 4th to Nov 9th. There will be no lectures on Nov. 6th and
- Oct. 29th: First lecture will be on October 30th!
Slides of the lectures:
- October 30th
- On November 1st we'll continue with the attacks against the protocols,
and also take a look at some Internet security
- On November 13th we consider compositional
definitions of security.
- On November 15th we look at the computational
soundness of the formal model.
- On November 20th, we start with general multiparty
computation. Here's also an example of a scrambled circuit.
- On November 22nd, we'll take a look at secret sharing
- On November 27th, we continue with multiparty
- The same on November 29th. I'm currently contemplating on presenting
first the unconditionally secure error-free protocol with less than one
third of malicious users.
- Nov. 29th, 9:30: Added a slide (pg. 56 here).
- On Dec. 4th and 6th, George Danezis gave his lectures. The
slides can be found here.
- On Dec. 11th, we start with Universal composability /
reactive simulatability. I may still extend the slides.
- On Dec. 13th, we'll continue where we left off last time.
- On Dec. 18th, we take a look at the construction of
a UC voting protocol. The slides have been added to.
- On Dec. 20th, we speak about the Universally
composable cryptographic library. Here is an
example execution of the ideal library.