• Lectures: Tuesday & Thursday, 12:30pm-1:50pm
• Canvas: https://canvas.ucsd.edu/courses/18878
• Instructor: Daniele Micciancio
• TA: Jessica Sorrell

Course Description

CSE208 is an advanced, graduate level course in cryptography, and assumes a solid background in cryptography, as provided, for example, by the introductory graduate cryptography course CSE207. The most important course prerequisite is a working understanding of the definitional/theoretical security framework of modern cryptography, i.e., how to rigorously formulate security requirements, and anlyze candidate cryptographic constructions with respect to them. Familiarity with a number of common cryptographic primitives, like public key encryption, digital signatures, hash functions and commitment schemes is also assumed.

Building on what you have already learned in your introductory crypto course, CSE208 explores more complex primitives and protocols, which typically combine cryptography with some form of general purpose comptuation, like zero knowledge proof systems, functional encryption, forms of verifiable computation, secure two-party and multi-party computation, and fully homomorphic encryption.

In Fall 2020, the course will focus on Fully Homomorphic Encryption (FHE), i.e., encryption schemes that allow the evaluation of arbitrary functions on encrypted data.

Reading and Homework

The course has no textbook. Reading/study material for the course will consist of lecture notes (mostly slides from lecture), research papers and surveys. Slides and pointers to the papers will be posted below as we progress with the course.

Introduction to FHE and Bootstrapping

• Course Introduction (slides)
• Defining FHE (slides)
• Bootstrapping (slides)
• Homework 1
• All slides

Papers:

• Computing arbitrary functions on encrypted data (Gentry, CACM 2010 [preface])
• Computing Blindfolded: New Developments in Fully Homomorphic Encryption (Vaikuntanathan, FOCS 2011)
• Fully Homomorphic Encryption: Cryptography’s Holy Grail (Wu, XRDS 2015)

Public Key Encryption from the LWE

• Homework 2
• LWE (slides)
• Linearity (slides)
• All slides

Papers:

• The LWE Problem (Regev, CCC 2010, invited survey)
• Homomorphic Encryption: from Private-Key to Public-Key (R. Rothblum, TCC 2011)
• How to encrypt with the LPN problem (Gilbert, Robshaw, Seurin, ICALP 2008)

Homomorphic Multiplication

• Key Switching (slides)
• Homomorphic Multiplication (slides)
• Bootstrapping Algorithms (slides)

Papers:

• Additively Homomorphic Encryption with d-Operand Multiplications (Aguilar, Gaborit & Herranz, Crypto 2010)
• Efficient Fully Homomorphic Encryption from (Standard) LWE (Brakerski & Vaikuntanathan, FOCS 2011 / SIAM J. Computing 2014)
• (Leveled) Fully Homomorphic Encryption without Bootstrapping (Brakerski, Gentry & Vaikuntanathan - ITCS 2012 / ToCT 2014)
• Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP (Brakerski - Crypto 2012)
• Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based (Gentry, Sahai & Waters, Crypto 2013)

Ring LWE and FHEW

• Ring LWE (slides)
• FHEW slides
• FHEW paper (Ducas & Micciancio, Eurocrypt 2015)
• FHEW survey
• FHEW++ (Micciancio & Sorrell, ICALP 2018)

FHE Surveys

• Fundamentals of Fully Homomorphic Encryption - A Survey (Brakerski, in “Providing Sound Foundations for Cryptography”, ACM books, 2019)

• Homomorphic Encryption (Halevi, in “Tutorials on the Foundations of Cryptography”, 2017)

Some open source libraries implementing FHE schemes:

…

• IBM HElib
• Microsoft SEAL
• NJIT/Duality PALISADE
• Functional Lattice Cryptography LoL
• Fastest FHE of the West FHEW
• FHE over the Torus TFHE
• Approximate FHE HEAAN