Course information Course goals: gentle and intuitive (yet formal) introduction into surprising things you can do with cryptography: zero-knowledge proofs, computing on encrypted data, maybe some blockchain aspects (if have time). Collaboration. I highly encourage collaboration. Students in previous instance of this course indicated that it was very helpful to discuss among themselves homeworks and other topics. We will see how to get you all connected to each other over remote. Textbooks. We will use the book I wrote with Dave Evans and Mike Rosulek. Book is available here: https://securecomputation.org/ Lecture slides will be posted on canvas <-- Main study materials. Additional reading: Goldreich Intro to Cryptography, current and foundational papers on the topic of cryptography and secure computation. Content: This course is an introduction to secure computation. It is intended for graduate students, especially those interested in research in cryptography or security. I plan to focus on the following topics: Formal definitions of security Secure two-party and multi-party computation GMW and garbled circuits Zero-knowledge Alternative security models All discussions will be formal or readily formalizable. We will work with definitions, foundations, and mathematical proofs of security. Students are expected to read and present papers from the literature. Prerequisites: mathematical maturity. Ability to read, understand and write definitions and proofs. No prior background in cryptography is required. I expect that you did well in your undergraduate discrete math class and took basic algorithms and computability/complexity theory classes. For example, I expect students to understand running time of an algorithm, basic probability theory, be familiar with computational models, such as Turing machines, etc. Piazza forum: Let me know if there are some features on Piazza that are missing from Canvas. I might not be reading Piazza unless we agree that there is something there. Grade. Class participation 10% Class presentation 30% 2-4 (probably 3) homeworks 60% Class participation includes attendance and contributions to in-class discussions, such as questions/answers during lectures (and on Canvas if it picks up) Grading Scale Your final grade will be assigned as a letter grade according to the following scale: A 90-100% B 80-89% C You shouldn't be reading past A range anyway:) Rules. Georgia Tech and College of Computing academic Honor Code applies (http://www.catalog.gatech.edu/policies/honor-code/). Homeworks are announced and posted on Canvas. You can work on the homeworks individually or in groups for up to 3 people, but you have to write and turn in your own solutions and indicate the name of your collaborator, if any. You cannot use the Internet to find the solutions, unless stated otherwise. No late homeworks will be accepted. Please report any typos you find in the notes, slides, homeworks or the solutions. ------------------------------------------ Preliminary list of topics (not all may be covered, and not necessarily in this order) Simulator. Composition. Oblivious transfer and OT extension. The GMW protocol. Yao's garbled-circuit. GC Optimizations. Free-XOR and Half-gates Implementations of semi-honest secure two-party computation. Secure computation using FHE. Oblivious RAM, and secure computation in the RAM model of computation. Special-purpose protocols. Private set intersection. Semi-honest multi-party computation. Information-theoretic security. Multi-party computation in constant rounds (the Beaver-Micali-Rogaway protocol). Zero-knowledge proofs/arguments and use in MPC Cut-and-choose for efficient secure two-party computation. Alternative security models (e.g. computation with 1-bit leakage, covert, PVC) The IKOS compiler and efficient zero knowledge from secure computation. Fairness