- 1. Cryptographic assumptions, examples, discussions and comparisons.
- 2. The definition of a good pseudorandom generator. Construction of such a generator from any one-way permutation.
- 3. The definition of a good pseudorandom function. Construction of such a generator from any good pseudorandom generator.
- 4. Zero-knowledge proofs. Proofs for some of the following: graph-isomorphism, graph-colorability or even PSPACE-complete problems. Perfect, statistical and computational flavors. Proofs of knowledge.
- 5. Zero-knowledge arguments. Arguments are proofs whose soundness depends on computational assumptions while the zero-knowledge property usually is perfect.
- 6. Distributed cryptography. Generation of keys and decryption in a distributed environment where some parties might misbehave.
- 7. Security of encryption. Semantic security (no information is leaked) and non-malleability (cannot produce encryptions of related messages). Possibly a system by Cramer and Shoup.
- 8. Elliptic curve cryptography. The definition of an elliptic curve group. Discussions of which cryptographic constructions that can be used with elliptic curve groups.
- 9. Factorization and discrete logarithms. (9a) A study of the best algorithms on classical computers (quadratic sieve, number field sieve). (9b) A discussion of algorithms for the problems on quantum computers.
- 10. Quantum cryptography. How to establish a common random string over a public channel in the quantum world. It is information-theoretically secure.
- 11. Modes of a block crypto. CBC, IAPM, Counter and KFB.
- 12. Digital money. Desirable properties and a proposed system by Stefan Brands.
- 13. Voting. Definition of properties. Some system.
- 14. Multi-party computation. Joint computation of a function on secret inputs. Possibly only in the model of honest and curious participants.
- 15. Integer lattices. (15a) The algorithm of LLL with some application to cryptanalysis, possibly breaking knapsack cryptosystems. (15b) Using hardness assumptions on the computation of shortest vector to create cryptosystems.
- 16. Cryptanalysis of some symmetric crypto scheme. Possibly the details of linear cryptanalysis of DES.

Sidansvarig: <johanh@nada.kth.se>

Senast ändrad 13 mars 2003

Tekniskt stöd: <webmaster@nada.kth.se>