# Cryptographic Computation and Blockchain, MSc (Spring 2023)

#### Official course description:

##### Course info

##### Programme

##### Staff

##### Course semester

##### Exam

##### Abstract

This course will introduce basic concepts and techniques for designing and analysing cryptographic protocols with a focus on privacy preserving computation and blockchain protocols. We will cover both the main constructions of such protocols and the theoretical models used for proving their security.##### Description

In a modern cryptographic protocol, a group of users perform complex tasks that require privacy and/or authenticity guarantees against an attacker by exchanging messages and using cryptographic schemes. These protocols can be used for a multitude of applications, such as computing on private data you cannot see and agreeing on data with the guarantee that it becomes immutable. In order to construct powerful cryptographic protocols and mathematically prove that they are indeed secure, we use special techniques and theoretical models different from those used for obtaining simpler cryptographic primitives (such as public key encryption).

In this course, we will introduce both the main techniques for constructing cryptographic protocols and the theoretical models used for mathematically proving their security. We will focus on protocols for secure multiparty computation (MPC) and blockchain based consensus, which are now used for many applications. Besides exploring the features that these protocols provide and how they work, we will also understand why they securely provide these features and how to prove their security.

We will cover the following topics:- Adversarial Models
- Simulation Based Proofs
- Secure Multiparty Computation (MPC)
- Secret Sharing
- Commitments
- Oblivious Transfer
- Zero Knowledge Proofs
- Byzantine Agreement
- Blockchains based on Proof-of-Work
- Blockchains based on Proof-of-Stake
- Blockchain Applications

##### Formal prerequisites

1. Discrete Mathematics

2. Security 1

Students should be familiar with basic cryptography (hash functions, pseudorandom functions, message authentication codes, public key encryption and digital signatures) and discrete mathematics (models of computation, probability, number theory and group theory).

##### Intended learning outcomes

After the course, the student should be able to:

- Describe security guarantees of a cryptographic protocol
- Develop simulation based security definitions
- Describe building blocks for cryptographic protocols (commitments, oblivious transfer, zero knowledge proof)
- Prove the security of building blocks for cryptographic protocols (commitments, oblivious transfer, zero knowledge proof)
- Describe Secure Multiparty Computation protocols
- Prove the security of Secure Multiparty Computation protocols
- Identify the properties of consensus protocols
- Describe protocols for Proof-of-Work based Blockchains
- Prove the security of protocols for Proof-of-Work based Blockchains
- Describe protocols for Proof-of-Stake based Blockchains
- Describe Blockchain Applications

##### Learning activities

Lectures, exercises and course project.

- Exercises: in the exercise sessions you will solve exercises that consist on identifying the main properties and estimating the efficiency of cryptographic protocols, designing new protocols and (dis)proving the security of existing and new protocols.

- Exam Project: Along the course you will work on a project focusing on either privacy preserving computation or blockchain protocols that must be presented to the class by the end of the course. The students are expected to work in groups of up to 2 people on a project aimed at employing the concepts and techniques covered in the course to a concrete situation. The goal of this project is to allow students to have a hands on experience in applying cryptographic protocol techniques to solve practical and/or theoretical problems, resulting in a better understanding of how the course contents can be applied. By the end of the course students are expected to give a presentation explaining their project. The course project can focus on one of the following topics:

- Proposal of a new application of cryptographic protocols (analysing the application's required security guarantees and why they are provided).
- Design and sketch of security proof for a new protocol.
- Analysis of an existing protocol's security proof (and potentially its flaws).
- Development of a prototype implementation of a protocol and analysis of its efficiency.

##### Course literature

We will use chapters from the following textbooks for different parts of the course. All books are made freely available online by their authors.

Foundations of Distributed Consensus and Blockchains. Elaine Shi. https://www.distributedconsensus.net

Pragmatic MPC. David Evans, Vladimir Kolesnikov and Mike Rosulek. https://securecomputation.org

A Graduate Course in Applied Cryptography. Dan Boneh and Victor Shoup. http://toc.cryptobook.us

##### Student Activity Budget

Estimated distribution of learning activities for the typical student- Preparation for lectures and exercises: 5%
- Lectures: 50%
- Exercises: 20%
- Assignments: 25%

##### Ordinary exam

**Exam type:**

D: Submission of written work with following oral, Internal (7-point scale)

**Exam variation:**

D2G: Submission for groups with following oral exam supplemented by the submission. Shared responsibility for the report.

**Exam submission description:**

Exam project as described in Learning Activities. Further details will follow on LearnIT.

The projects will be evaluated based on the end of course presentation given by the students. Students must give a presentation that uses concepts and techniques covered in the course to clearly explain how they came up with a problem within their topic, how they solved this problem and why their solution works.

**Group submission:**

Group

- Group size: 1-2 students.

**Exam duration per student for the oral exam:**

20 minutes

**Group exam form:**

Mixed exam 1 : Individual and joint student presentation followed by an individual and a group dialogue. The students make a joint presentation followed by a group dialogue. Subsequently the students are having individual examination with presentation and / or dialogue with the supervisor and external examiner while the rest of the group is outside the room.

##### reexam

**Exam type:**

D: Submission of written work with following oral, Internal (7-point scale)

**Exam variation:**

D22: Submission with following oral exam supplemented by the submission.

**Exam duration per student for the oral exam:**

20 minutes