CS 290G: Advanced Topics in Cryptography (Fall 2017)

Instructor: Huijia (Rachel) Lin, rachel.lin(at)cs(dot)ucsb(dot)edu

Class time and location: MW 11:00am-12:50pm, Phelps 2510

Office hours: Mon 4:30-5:30pm or by appointment, HFH 1153

Piazza: We will be using Piazza for class-related discussions. https://piazza.com/ucsb/fall2017/cs292f/home.

Course Description

This class is meant to open to you research in Cryptography, both theoretical and applied. To do so, the class will involve reading research papers, reviewing them, discussing them, and doing a project.

Course Set-ups and Requirements: At the beginning of the course, I will give some lectures on the bare basics of cryptography for 4 lectures.

Next, the class will move to reading research papers. In each class, we will read one or two papers. Two students will be assigned as the lead, who will be responsible in understanding the papers thoroughly (collaboration is recommended), and do the following:

• Write down reviews for the papers, which summarize and evaluate the papers. The review must be typed using Latex and submitted 12 hours before the class on Piazza.
• Prepare and give together a 1 hour presentation of the papers (you can use the board, but slides are recommended). There is no restriction on the forms of presentation. You can present sequentially, each 30 minutes, or act a play together, or anything else.
• Lead a discussion in the remaining 30 minutes of the class about the strength and weakness of the paper, and open questions following the paper.

Other students in class are expected to read the paper and the review written by the lead students before the class, come with questions and participate in discussions of the paper.

What papers will we read? There are many exciting research directions in theoretical and applied cryptography, such as, the following ones and many others.

• Crypto Currency (BitCoin)
• Program Obfuscation
• Computing over encrypted data
• Verifiable Computation (SNARK)
• Cryptographic protocols (Multi-party computation, TLS/SSL)
• Password-based Cryptography

Clearly, it is impossible to cover all topics in crypto in one class. So we will only sample some papers to read.

I will publish an initial list of papers of my choice. But you should also contribute to the list. One first task to you is contributing to the list, by the end of the second week, as many papers you recommend, and at least one. You can find interesting papers on cryptography in top crypto venues (EuroCrypt, Crypto, TCC) or in top security venues (Security and Privacy, Usenix Security, CCS, NDSS). You do not need to be restrcted to the topics mentioned above, but the paper must be related to crypto.

Assignment of lead students Then I will pick a subset of the papers from our list and assign two lead students to papers. You can swap assigned papers between youselves, as long as, both parties agree. You need to report back to me which papers you are the lead for by the end of the third week. We have 10 classes for paper reading. This means suppose there are 10 students in class, each student will be lead twice. If there are more students, we will assign more lead students per class.

Projects Another component of the class is project. You can form teams of two for the project. There are two milestones.

• By the end of the 6th week, you need to decide on your project, and submit to me a project proposal about what your project is and why it is a meaningful project.
• By the middle of the final week, you need to hand in the final report.

Some examples of the flavors of projects are: 1. Implementing a crypto system you read about. 2. Benchmarking some existing crypto schemes/protocols. 3. Surveying a topic in cryptography. 4. Extending one of the papers we talked about/you read about.

Final assessment will depend on a combination of presentation 40%, in-class participation 20%, and final project 40%.

Initial List of Papers

BitCoin and Distributed Concensus

• BitCoin Specification in the book
• Zerocash: Decentralized Anonymous Payments from Bitcoin
• SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies
• Paxos Made Simple
• Catena: Efficient Non-equivocation via Bitcoin

Verifiable Computation

• Verifying Computations without Reexecuting Them
• Pinocchio: Nearly Practical Verifiable Computation
• IntegriDB: Verifiable SQL for Outsourced Databases

Secure Database

• Deterministic Encryption
• Order-Preserving Encryption
• Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation
• Leakage-Abuse Attacks Against Searchable Encryption
• Dynamic Proofs of Retrievability Via Oblivious RAM
• Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage
• Path ORAM: An Extremely Simple Oblivious RAM Protocol

Program Obfuscation

• On the (im)possibility of obfuscating programs
• How to Use Indistinguishability Obfuscation: Deniable Encryption, and More

Privacy

• Differential Privacy
• Basic Algorithms in the book The Algorithmic Foundations of Differential Privacy
• Stealing Machine Learning models
• RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response

Multiparty Computation

• Two-party Computation Basics, Lecture Notes
• Two-party and Multi-party Computation Basics, Lecture Notes
• Improving Yao's Garbled Circuits
• From Mental Poker to Core Business: Why and How to Deploy Secure Computation Protocols?
• SecureML: A System for Scalable Privacy-Preserving Machine Learning

Computing Over Encrypted Data

• The Swiss Army Knife of Cryptography
• A fully homomorphic encryption scheme
• A functional encryption scheme from public key encryption

Failures of Cryptography (Cryptanalysis and Attacks)

• Breaking RSA in practice
• Overview of Key Extraction Attacks on PCs
• Physical Side Channel Attacks via "Ground" Electric Signal.

Post-Quantum Cryptography

• post-quantum TLSslides
• post-quantum TLS, more (implemented by Google)

Schedule

This will be filled when we finalize the assignment of papers.