Syllabus

Topics

• Elliptic curves

• The chord-and-tangent method

• Bilinear maps and pairing groups

References

• Boneh-Shoup (Chapter 15.1-4)

Topics

• Bilinear maps and pairing groups

• Tripartite Diffie-Hellman

• The MOV discrete log algorithm

References

• Boneh-Shoup (Chapter 15.4)

• A One Round Protocol for Tripartite Diffie–Hellman by Antoine Joux

• Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field by Alfred Menezes, Scott A. Vanstone, and Tatsuaki Okamoto

Topics (Lecture Notes)

• Boneh-Lynn-Shacham (BLS) signatures

• The random oracle model

References

• Boneh-Shoup (Chapter 15.5)

• Short Signatures from the Weil Pairing, by Dan Boneh, Ben Lynn, and Hovav Shacham

Topics (Lecture Notes)

• Aggregating BLS signatures

• Multi-signatures

References

• Boneh-Shoup (Chapter 15.5)

• Short Signatures from the Weil Pairing, by Dan Boneh, Ben Lynn, and Hovav Shacham

• Aggregate and Verifiably Encrypted Signatures from Bilinear Maps, by Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham

Topics (Lecture Notes)

• Shamir secret sharing

• Threshold BLS signatures

References

• Boneh-Shoup (Chapter 15.5, 22-22.1)

• Short Signatures from the Weil Pairing, by Dan Boneh, Ben Lynn, and Hovav Shacham

Topics (Lecture Notes)

• Identity-based encryption (IBE)

• Boneh-Franklin construction

References

• Boneh-Shoup (Chapter 15.6)

• Identity-Based Encryption from the Weil Pairing, by Dan Boneh and Matt Franklin

Topics (Lecture Notes)

• Broadcast encryption

• Boneh-Gentry-Waters construction

References

• Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys, by Dan Boneh, Craig Gentry, and Brent Waters

Topics (Lecture Notes)

• Broadcast encryption

• Boneh-Gentry-Waters construction

• Kolonelos-Malavolta-Wee construction

References

• Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys, by Dan Boneh, Craig Gentry, and Brent Waters

• Distributed Broadcast Encryption from Bilinear Groups, by Dimitris Kolonelos, Giulio Malavolta, and Hoeteck Wee

Topics (Lecture Notes)

• Attribute-based encryption

• Linear secret sharing

• Goyal-Pandey-Sahai-Waters construction

References

• Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, by Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters

Topics (Lecture Notes)

• Attribute-based encryption

• Linear secret sharing and monotone span programs

• Goyal-Pandey-Sahai-Waters construction

• Selective security of the GPSW scheme

References

• Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, by Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters

Topics (Lecture Notes)

• Somewhat homomorphic encryption

• Composite-order pairing groups and the subgroup decision assumption

• Boneh-Goh-Nissim construction

References

• Evaluating 2-DNF Formulas on Ciphertexts, by Dan Boneh, Eu-Jin Goh, and Kobbi Nissim

Topics (Lecture Notes)

• Non-interactive zero-knowledge (NIZK) for NP

• Groth-Ostrovsky-Sahai construction

References

• Perfect Non-Interactive Zero Knowledge for NP, by Jens Groth, Rafail Ostrovsky, and Amit Sahai

Topics (Lecture Notes)

• Batch arguments for NP

• Waters-Wu construction

References

• Batch Arguments for NP and More from Standard Bilinear Group Assumptions, by Brent Waters and David J. Wu

Topics (Lecture Notes)

• RAM programs

• SNARGs for P

• Functional commitments and homomorphic signatures

References

• SNARGs for P from LWE, by Arka Rai Choudhuri, Abhishek Jain, and Zhengzhong Jin

Topics (Lecture Notes)

• Polynomial commitments

• Proving properties on committed values

• Kate-Zaverucha-Goldberg construction

References

• Constant-Size Commitments to Polynomials and Their Applications by Aniket Kate, Gregory M. Zaverucha, and Ian Goldberg

Topics (Lecture Notes)

• SNARGs for NP

• The PLONK construction

References

• PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge by Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru

Topics (Lecture Notes)

• Why lattices?

• Definitions and computational problems

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 2)

Topics (Lecture Notes)

• The short integer solutions (SIS) problem

• Collision-resistant hash functions from SIS

• The leftover hash lemma (LHL)

• Commitments from SIS

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 4.1, 5.1)

Topics (Lecture Notes)

• Inhomogeneous SIS and gadget trapdoors

• Lattice-based signatures in the random oracle model

• Preimage-sampleable trapdoor functions

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 5.4-5.5)

• Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller, by Daniele Micciancio and Chris Peikert

Topics (Lecture Notes)

• Lattice-based signatures in the random oracle model

• The learning with errors (LWE) assumption

• Symmetric encryption from LWE

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 5.4-5.5)

• Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller, by Daniele Micciancio and Chris Peikert

Topics (Lecture Notes)

• Public-key encryption from LWE

• Somewhat homomorphic encryption (SWHE)

• The Gentry-Sahai-Waters (GSW) FHE scheme

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 5.2, 6.1)

• Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based by Craig Gentry, Amit Sahai, and Brent Waters

Topics (Lecture Notes)

• Bootstrapping SWHE to FHE

• Key agreement from LWE

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 6.1)

• Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE by Joppe Bos, et al.

Topics (Lecture Notes)

• Homomorphic signatures

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 6.1)

• Leveled Fully Homomorphic Signatures from Standard Lattices, by Sergey Gorbunov, Vinod Vaikuntanathan, and Daniel Wichs

Topics (Lecture Notes)

• Homomorphic commitments

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 6.1)

• Leveled Fully Homomorphic Signatures from Standard Lattices, by Sergey Gorbunov, Vinod Vaikuntanathan, and Daniel Wichs

• Succinct Vector, Polynomial, and Functional Commitments from Lattices, by Hoeteck Wee and David J. Wu

• Lattice-Based Functional Commitments: Fast Verification and Cryptanalysis, by Hoeteck Wee and David J. Wu

Topics (Lecture Notes)

• \ell-Succinct SIS assumption

• Functional commitments

• Dual Regev encryption

References

• Succinct Vector, Polynomial, and Functional Commitments from Lattices, by Hoeteck Wee and David J. Wu

• Lattice-Based Functional Commitments: Fast Verification and Cryptanalysis, by Hoeteck Wee and David J. Wu

Topics (Lecture Notes)

• Attribute-based encryption for circuits

References

• A Decade of Lattice Cryptography, by Chris Peikert (Chapter 6.1)

• Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE, and Compact Garbled Circuits, by Dan Boneh, Craig Gentry, Sergey Gorbunov, Shai Halevi, Valeria Nikolaenko, Gil Segev, Vinod Vaikuntanathan, and Dhinakaran Vinayagamurthy

• Lattice-Based Functional Commitments: Fast Verification and Cryptanalysis, by Hoeteck Wee and David J. Wu

Topics

• Succinct attribute-based encryption

• Broadcast encryption

References

• Lattice-Based Functional Commitments: Fast Verification and Cryptanalysis, by Hoeteck Wee and David J. Wu

Topics

• Private information retrieval (PIR)

References

• One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval by Alexandra Henzinger, Matthew M. Hong, Henry Corrigan-Gibbs, Sarah Meiklejohn, and Vinod Vaikuntanathan