ECE/CS 598 AM: CRYPTOGRAPHY WITH IDEAL FUNCTIONALITIES
Spring 2022
Times: Tu Th 9:30am – 10:50am
Location: 2015 Electrical & Computer Eng Bldg (Jan 25 and later)
Zoom link for synchronous lectures (see Piazza)
Piazza: piazza.com/illinois/spring2022/ece598am
Instructor: Andrew Miller Office hours: Thursdays 3pm-4pm, and by appointment
Teaching Assistant (unofficial): Surya Bakshi Office hours: TBD
The Ideal Functionalities model (or “Universal Composability” (UC)) is considered the gold standard for defining security in many cryptographic tasks, such as multiparty computation and zero knowledge proofs.
It can be considered a unification of property-based definition styles, where instead of describing one property at a time (i.e., one game for confidentiality, one game for integrity, and so on), we give a concrete instance of an idealized program that exhibits all these properties at once. While UC is broadly adopted in cryptography, it has yet to gain traction elsewhere in software engineering and in distributed systems.
The aim of this course is to explore the connections between UC in cryptography versus in other domains like fault tolerant systems, and to see what UC can offer to software engineers concerned with implementing large systems and not just modelling small primitives.
The course will give a self contained introduction to UC, making use of our research software prototypes, Haskell-SaUCy and Python-SaUCy, which are programming frameworks that implement UC. We’ll then survey the UC-based cryptography literature for a range of cryptographic tasks, including well known applications like key exchange and multiparty computation, as well as more challenging cases like non-interactive primitives and smart contract blockchain protocols. Using the software frameworks as a secret weapon, we’ll try to improve on and simplify prior UC proofs.
The course is built on recent research efforts to provide software tools for UC, ILC (PLDI’19) and is supported by NSF grants #1801321 “Automated Support for Writing High-Assurance Smart Contracts” and #1943499 “CAREER: Composable Programming Abstractions for Secure Distributed Computing and Blockchain Applications.”
Prerequisites:
It is not necessary to have background knowledge of Ideal Functionalities and UC. However, some mathematical maturity and familiarity with cryptography is expected, such as experience writing traditional game-based security proofs.
Reference texts (all free available online):
- Security and Composition of Cryptographic Protocols: A Tutorial (Canetti 2006). https://eprint.iacr.org/2006/465
- Pragmatic MPC http://securecomputation.org/
- Python-SaUCy https://github.com/amiller/ece598-uc-contracts
- Course slides and course notes from Canetti 2004 http://courses.csail.mit.edu/6.897/spring04/materials.html