Possible topics, 2D1441
Note that 9 and 15 have two subparts that can be voted
on separately if desired.
- 1. Cryptographic assumptions, examples, discussions
- 2. The definition of a good pseudorandom generator.
Construction of such a generator from any one-way
- 3. The definition of a good pseudorandom function.
Construction of such a generator from any good pseudorandom
- 4. Zero-knowledge proofs. Proofs for some of
the following: graph-isomorphism, graph-colorability
or even PSPACE-complete problems. Perfect, statistical
and computational flavors. Proofs of knowledge.
- 5. Zero-knowledge arguments. Arguments are proofs
whose soundness depends on computational assumptions
while the zero-knowledge property usually is perfect.
- 6. Distributed cryptography. Generation of keys and
decryption in a distributed environment where some parties
- 7. Security of encryption. Semantic security
(no information is leaked) and non-malleability (cannot
produce encryptions of related messages). Possibly
a system by Cramer and Shoup.
- 8. Elliptic curve cryptography. The definition
of an elliptic curve group. Discussions of which
cryptographic constructions that can be used with
elliptic curve groups.
- 9. Factorization and discrete logarithms. (9a) A study
of the best algorithms on classical computers (quadratic
sieve, number field sieve). (9b) A discussion of algorithms
for the problems on quantum computers.
- 10. Quantum cryptography. How to establish a common
random string over a public channel in the quantum world.
It is information-theoretically secure.
- 11. Modes of a block crypto. CBC, IAPM, Counter and KFB.
- 12. Digital money. Desirable properties and a proposed
system by Stefan Brands.
- 13. Voting. Definition of properties. Some
- 14. Multi-party computation. Joint computation
of a function on secret inputs. Possibly only in
the model of honest and curious participants.
- 15. Integer lattices. (15a) The algorithm of LLL with
some application to cryptanalysis, possibly breaking knapsack
cryptosystems. (15b) Using hardness assumptions on the computation
of shortest vector to create cryptosystems.
- 16. Cryptanalysis of some symmetric crypto scheme.
Possibly the details of linear cryptanalysis of DES.
Senast ändrad 13 mars 2003
Tekniskt stöd: <firstname.lastname@example.org>