This is a first course on formal cryptography with the goal of answering important
questions about the "why" of cryptographic techniques.
Computational models are
presented of both the "good guys" and the "bad guys" and techniques for reasoning
about the models and their interactions.
The nature of randomness, information and knowledge is explored,
and computational and informational model variants are introduced.
The course emphasizes a computational approach where programming exercises
practice the conceptual and mathematical framework.
Textbooks and slack:
Required: Introduction to Modern Cryptography, by Jonathan Katz and Yehuda Lindell.
(Amazon)
The 3ird addition is a great new edition. However, for this class, either the 3ird or the 2nd edition will be fine.
Deterministic public key schemes are insecure under any model.
Ease-dropping security is the same as CPA security.
Zero Knowledge Proof Systems
Schnorr Signatures and bit commitment
Definition, and adversary
Identification schemes, perfect correctness and probabilistic soundness
Schnorr identification, and knowledge extraction
Fiat-Shamir transformation and Schnorr dig-sig's
Interactive Proof systems
Completeness, and soundness
Relationship to NP and BPP
Graph Non-isomorphism is in IP
Zero knowledge, knowledge and information
ZK proof for Graph Isomorphism
Simulator, role of non-halting for language instances
Zero Knowledge proofs of knowledge: modular square root
All of NP in Zero Knowledge: 3-colorability
Fiat-Shamir zero-knowledge identification system
References
The Knowledge Complexity of Interactive Proof-Systems, Goldwasser, Micali and Rackoff.
The
FoCS (1985) paper and the final
SIAM J.Comp 1(989) journal version.
Proofs that Yield Nothing But Their Validity,
or All Languages in NP Have Zero-Knowledge Proof Systems,
Goldreich, Micali, Wigderson (JACM 1991)
Michael Ben-Or, Shafi Goldwasser, Avi Wigderson, Completeness
theorems for non-cryptographic fault-tolerant distributed computation,
Proc. 20-th ACM Symposium on Theory of Computing, 1988. pp 1-10.
Philippe Oechslin, Making a faster cryptanalytic time-memory trade-off,
Crypto 03. (cached)
Equivalence between two flavours of oblivious transfers
(PDF)
Completeness Theoerms for Fault Tolerant Distributed Computing
(PDF)
Parallel Reducibility for Information-Theoretically Secure Computation
(PDF)