Provable Security

A tantárgy neve magyarul / Name of the subject in Hungarian: Bizonyított biztonság

Last updated: 2017. január 30.

Budapest University of Technology and Economics
Faculty of Electrical Engineering and Informatics
PhD Course
Course ID Semester Assessment Credit Tantárgyfélév
VIHID022   4/0/0/v 5  
3. Course coordinator and department Dr. Vajda István,
4. Instructors István Vajda    Professor    Department of Networked Systems and Services
5. Required knowledge MSc level knowledge in Discrete Mathematics, Probability Theory and in Theory of Algorithms
7. Objectives, learning outcomes and obtained knowledge This subject provides an introduction into the techniques of constructions of cryptographic primitives and protocols with formally provable security guarantees. In contrast to ad-hoc approaches in the usual practice.
8. Synopsis 1. week:  Paradigms in provable security:  Algorithmic reduction, algorithmic indistinguishability, simulatability.  Security by indistingushability (security game) vs. security by simulation of ideal functionality.
2. week: Standard secure cryptographic primitives: Public key encryption: semantic security, message-indistinguishability (IND-CPA, IND-CCA2), non-malleability. Digital signature. Message authentication.
3. week: Standard secure cryptographic protocols: Stand-alone setting. GMW oblivious transfer protocol. Fiat-Shamir party authentication protocol.
4. week: Secure Multiparty Computation. Secure function evaluation.
5. week: Universal composability (UC): Modular composition. Concurrent setting. UC-security vs. non-concurent (stand-alone) security.
6. week: Models in the UC security framework: Computational model. Model of protocol execution. Bare model. Plain model. Trusted setups and trusted third parties.  Adversarial models. Hybrid protocol.
7-10. week: Ideal functionalities and trusted setup models in the UC:  Authenticated communication. Secure communication channel. Key exchange. Public key encryption. Digital signature. Commitment. Oblivious transfer. Remote coin tossing.  Zero knowledge proofs (ZKP). Secure function evaluation.  The Common Reference String and Key setup models.
11. week: The UC composition theorem.
12. week: UC with joint state (JUC).
13. week: Realizability issues in the UC framework.
14. week: Protocol applications: E-voting, E-auction.  

9. Method of instruction lectures with plenty of analysis/construction examples
10. Assessment a. During the semester: One in-class test (ZH) in the second half of the semester.
Condition for the signature is the pass mark of ZH test (40% above). There is a possibility to rewrite the in-class test (ZH). In the rectification period (repeat period) there is another (final) possibility to rewrite the in-class test (ZH).
b. Examination: Oral exam.

12. Consultations Consultation is possible at pre-arranged time.
13. References, textbooks and resources - Goldreich: Foundations of Cryptography, Cambridge Press, 2004
- R.Canetti: Universally Composable Security: A New Paradigm for Cryptographic Protocols, 2005
- presentation slides

14. Required learning hours and assignment
Kontakt óra42
Félévközi készülés órákra10
Felkészülés zárthelyire20
Házi feladat elkészítése 
Kijelölt írásos tananyag elsajátítása 
Vizsgafelkészülés48
Összesen120
15. Syllabus prepared by István Vajda    Professor    Department of Networked Systems and Services