Fall 2023
Lectures: Tuesday & Thursday, 12:30pm-1:50pm (Room CSE 2154)
Instructor: Daniele Micciancio (Office Hour: Tuesday 3:30pm-4:30pm, CSE 4214)
TA: Yizhao Zhang (Office Hour: Friday 10am-11am, CSE B215)
Tools:
If you are enrolled in the class, you should get access to piazza and gradescope automatically through canvas. Other than that, we will not make use of canvas. Homework assignments and other course material will be posted on this webpage.
CSE208 is an advanced, graduate level course in cryptography, and assumes a solid background in cryptography, as provided, for example, by the introductory graduate cryptography course CSE207. The most important course prerequisite is a working understanding of the definitional/theoretical security framework of modern cryptography, i.e., how to rigorously formulate security requirements, and anlyze candidate cryptographic constructions with respect to them. Familiarity with a number of common cryptographic primitives, like public key encryption, digital signatures, hash functions and commitment schemes is also assumed.
Building on what you have already learned in your introductory crypto course, CSE208 explores more complex primitives and protocols, which typically combine cryptography with some form of general purpose comptuation, like zero knowledge proof systems, functional encryption, forms of verifiable computation, secure two-party and multi-party computation, and fully homomorphic encryption.
In Fall 2023, the course will focus on Fully Homomorphic Encryption (FHE), i.e., encryption schemes that allow the evaluation of arbitrary functions on encrypted data.
The course has no textbook. Reading/study material for the course will consist of lecture notes (mostly slides from lecture), research papers and surveys. Anything below the dashed line is material from a previous edition of the course, which you can use as a reference and or take a peek at what we may be doing next. But this quarter the course will a bit different. As we progress through the course, past material will be updated and moved above the line, and new material may be posted.
Lecture notes: Course Introduction (slides)
Fully Homomorphic Encryption from the Ground Up: slides from invited talk at Eurocrypt 2019. See motivations/applications pp.1-9. If you want to watch the whole talk, you can find it here
Supplemental reading: some magazine articles with informal presentation of FHE
Homework 1: Due Oct 10 (submit on gradescope)
Lecture notes: Defining FHE (slides)
Composability and Bootstrapping (slides). (This is an extract from a longer talk given at the Simons Institute 10th Annirsary Symposium and FHE.org)
Read “Fully Composable Homomorphic Encryption (DRAFT)” for a more detailed presentation of composability and bootstrapping.
Supplemental reading: For more information about circular (in)security, see the following papers and references therein
Homework 2: Due Oct 17 (submit on gradescope)
Papers:
Homomorphic addition (linearity) and multiplication was covered in blackboard lectures using the gadget product operations. (See class notes on “Gadget LWE”.) The following slides are from the previous year and use somehow different notation, still may be a useful reference.
Papers:
Slides from previous year:
For a good survey/introduction to FHEW/TFHE, see
A recent method using BGV/BFV to bootstrap FHEW-like ciphertexts is
Fundamentals of Fully Homomorphic Encryption - A Survey (Brakerski, in “Providing Sound Foundations for Cryptography”, ACM books, 2019)
Homomorphic Encryption (Halevi, in “Tutorials on the Foundations of Cryptography”, 2017)