UCLA  Computer Science Department       CS282B/MATH209B Cryptographic Protocols Instructor: Prof. Rafail Ostrovsky

Course Home Page Contact Info General Information/Policies Course Materials by Lecture Number

Course Materials and Handouts FROM 2004

Lecture 1 (Mon. April 5th 2004): Introduction to NIZK

• Introduction to NIZK (part I) Paper by Feige Lapidot and Shamir. "Multiple Non-Interactive Zero Knowledge Proofs Under General Assumptions". Read chapter 6 of Uriel Feige PhD thesis that explains it. It can be found on Feige home page As a preliminary material, you can also look at the original paper of Blum, DeSantis, Micali and Persiano .

Lecture 2 (Wed. April 7th 2004): Conclusion of [FLS] NIZK.

• NIZK (part II). Read Jonathan Katz scribe notes lectures 12 and 13.

Lecture 3 (Mon. April 12th 2004): Intro to CCA-1

• Moni Naor and Moti Yung, Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. You can get it from Naor's Page.

Lecture 4 (Wed. April 14th 2004): Intro to CCA-2

• Introduction to non-malleability. Read Dolev, Dwork and Naor paper "Non-Malleable Cryptography" (read only definitions section and public-key encryption sections of "DDN".)

Lecture 5 (Mon. April 19th 2004:) Cramer-Shoup light

• Introduction to Cramer-Shoup "light" (i.e. CCA-1). Start reading Ronald Cramer and Victor Shoup "A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack" . You can get it from Shoup's page. Make sure you read section 2.2 and understand random self-reduciblity properties. That is, understand claim and proof of lemma 3.2 in reference [17] (you already should know how to get [17] paper on-line.)

Lecture 6 (Wed. April 21st 2004:) Full Cramer-Shoup. Intro to non-malleable non-interactive commitment

• Cramer-Shoup -- the actual proof.
• Introduction to non-malleabile commitment, for the protocol, see my STOC98 paper.

Lecture 7 (Mon. April 26st 2004:) Finishing non-malleable non-interactive commitment

• See my STOC98 paper and number-theoretic euroctypt 2001 variant. (The proofs here will cover the stoc proofs as well.)

Lecture 8 (Wed. April 28st 2004:) Non-malleable and non-interactive zero-knowedgle

• See "Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security" by Amit Sahai and
• "Robust Non-Interactive Zero Knowledge" from my web-cite. (I'll present a simpler proof, using ideas from Eurocrypt 03 paper by Garay, MacKenzie and and Yang.)

Lecture 9 (Mon May 10 2004:) THIS LECTURE IS DEDICATED TO THE MEMORY OF PROFESSOR SHIMON EVEN, WHO PASSED AWAY MAY FIRST.

• surpize quiz.
• Introduction to Oblivious Transfer (OT) and Multi-Party Computation (MPC)
• Read Shimon Even, Goldreich, Lemel "EGL" paper that inroduced 1-2-OT in pdf.
• Read Claude Crepeau paper on equivalence of Rabin's OT and 1-2-OT. in pdf.
• Read appendix of this paper for the simple explanation of the connection between OT and Mulit-party-computation (MPC).

Lecture 10 (Wed. May 12 2004:) Finish MPC in the hones-but-curious model, intro to PIR

• For a detailed treatment of MPC refer to Goldreich's manuscript.
• See multi-database PIR

Lecture 11 (Mon May 17 2004:) PIR

• See multi-database PIR
• See single-DB PIR and
• See PIR based on trapdoor permutations

Lecture 12 (Wed. May 19 2004:) Software Protection, Searching on Encrypted data (private-Key) and Oblivious RAMs simulation

• See Software Protection paper.

Lecture 13 (Mon May 24 2004:) Issues of round-complexity

• Round-complexity of ZK
• Yao's grabled circuits. Read [Beaver Micali and Rogoway] paper.

Lecture 14 (Wed. May 16 2004:) Round-complexity continues

• My upcoming crypto paper on round-optinal 2-party computation paper.
• Everthing in IP is also in computational ZK

Lecture 16 (Wed. June 2nd 2004:) IP=PSAPCE proof

• PSPACE complete problem, how to replace private coin with public coin, and Shamir's IP=PSAPCE,