Cryptographic protocols (Autumn 2010)
Time and location
As both the lectures and practice sessions are given by the same teacher,
their split will be pretty dynamic.
| Lectures and practice sessions
| Mon 12:15 - 15:45
| Liivi 2-404
| Thu 8:15 - 11:45
| Liivi 2-224
| (weeks 9—16)
- Peeter Laud
- Cryptographic protocols in the formal model
- Universal composability
- Bingsheng Zhang
- Secure multiparty computation
Grading is based on a number of take-home exercises during the course
(making up two thirds of the
grade) and an oral exam sometime after
the lectures have ended (making up the rest of the grade) (if someone wants
to make the exam in written form, this can be discussed). The oral exam
consists of a conversation with me on one of the topics listed here. You will know the topic one hour before the
- The examination paper (if there will be one) will contain questions that are less suitable for
- The exam is open-book.
The contents of the lectures is similar to the previous year. There is no single textbook that
covers all material of the course. The first lectures somewhat (but only
somewhat) follow certain chapters of Wenbo
Mao's "Modern Cryptography: Theory and Practice". For the second part,
Bingsheng has compiled a list of papers. For the
third part, I put together a list.
- Jan 6th Added the exam topics, and a list of papers
covering material on universal composability.
- Jan 2nd: Mentioned the existence of the 4th home
- Nov 29th: Added 2nd and 3rd home exercise.
- Oct 20th: The final exam of Cryptology I will take place in November 8th,
instead of the lecture. It will be administered by Bingsheng. I won't be in
Estonia in that day.
- Oct 20th: I won't be in Estonia in October 28th. The
lecture will be given by Bingsheng. The slides will appear below.
- Oct 20th:
The first lecture is at October 25th!
Slides of the lectures:
- October 25th
- On October 28th, Bingsheng will finish with the protocols in the end of
this set of slides. He will continue with
attacks against these protocols and
then talk about some Internet
- On November 1st, we start with the analysis of protocols using
ProVerif. Here and here (changed 03.11.2010) are some slides and here is some further explanation of
ProVerif syntax, but in general, it is very much recommended to attend the
lecture. You may also want to install ProVerif.
- On November 4th we continue. Depending on our progress, we also take a
look at some protocols with advanced
- On November 11th, we will finish with the protocol analysis part. I
want to go through the JFK protocol,
as well as talk about the relationship between symbolic and computational
- Please also check the detailed slides
about the indistinguishability of probability distributions and ways to
- Starting from November 15th, the course will cover secure multiparty
computation. The lectures are given by Bingsheng Zhang. He is planning to
use mostly the slides from the last year, which were the following:
- From Dec. 6th, we start with Universal
composability. We continued on Dec. 9th and 13th.
- We finish the course on Dec. 16th by considering the universally composable cryptographic
library. There is also an example