Data Privacy and Security (Fall 2024)
Master's Degree in Data Science
Syllabus
The course is meant to cover an overview of modern techniques aimed at protecting data privacy and security in digital applications. Below is a tentative list of topics.
Introduction to cryptography:
- Confidential communication, secret-key and public-key encryption.
- Authentic communication, cryptographic hashing, message authentication codes and digital signatures.
- Key exchange protocols and TLS.
- Post-quantum cryptography. Fully-homomorphic encryption.
Differential Privacy:
- Approximate and pure differential privacy. Properties.
- Examples of differentially-private mechanisms: randomized responses, the Laplace mechanism, the Gaussian mechanism, the exponential mechanism.
- Lower bounds on differentially-private mechanisms.
Blockchain:
- The Bitcoin protocol.
- Ethereum and smart contracts.
- Altcoins (Algorand, Cardano, ZCash, ...).
Multiparty Computation:
- Two-party and multi-party computation.
- Yao's garbled circuits.
- MPC with honest majority.
Logistics
Important: The lectures are offered exclusively in-person (with no registration taking place).
Lecture time: Tuesday (15:00 - 17:00) and Thursday (12:00 - 15:00).
Location: Room A2 - Via Ariosto 25, Rome.
Twitter: @SapienzaCrypto.
Google Group: SapienzaCrypto.
Grading
Student’s presentation (30%), oral exam (70%).
Course Slides
- Course info [pdf].
- Chapter 1: Secret-key cryptography [pdf].
- Chapter 2: Public-key cryptography [pdf].
- Chapter 3: Key exchange protocols [pdf].
- Chapter 4: Post-quantum cryptography [pdf].
- Chapter 5: Differential privacy [pdf].
- Chapter 6: Bitcoin [pdf].
- Chapter 7: Alternative currencies [pdf].
- Chapter 8: Secure multiparty computation [pdf].
References
While we will not follow a single book; the following sources are suggested as reference. However, only the material included in the slides will be part of the oral exam.
- Daniele Venturi. Crittografia nel Paese delle Meraviglie, Springer, Collana di Informatica, 2012.
- Jonathan Katz, Yehuda Lindell. Introduction to Modern Cryptography, CRC Press, Third Edition, 2020.
- Salil Vadhan. The Complexity of Differential Privacy, Chapter 7 of Tutorials on the Foundations of Cryptography, Yehuda Lindell Ed., Springer, 2017.
- Carmit Hazay and Yehuda Lindell. Efficient Secure Two-Party Protocols, Springer, 2010.
Students' Projects
As part of the exam, students are required to present a research paper or solve a small project and present the solution during the exam. Reach out to me by email after choosing a topic of preference (among those covered in the course) in order to get an assignment.
Exams
Below are the exam dates for academic year 2024/2025. Please register via Infostud.
Exam 1. Date: 15/01/25. Aula T1 (Viale Regina Elena 295). Starting time: 09:30.
Exam 2. Date: 05/02/25. Aula T1 (Viale Regina Elena 295). Starting time: 09:30.
Exam 3. Reserved to part-time and working students (you must make a formal request to the secretariat; registration in Infostud is still required). Date: 26/03/25. Stanza G29 (Viale Regina Elena 295). Starting time: 09:30.
Exam 4. Date: 11/06/25. Aula T1 (Viale Regina Elena 295). Starting time: 09:30.
Exam 5. Date: 16/07/25. Aula G0 (Viale Regina Elena 295). Starting time: 09:30.
Exam 6. Date: 10/09/25. Aula T1 (Viale Regina Elena 295). Starting time: 09:30.
Exam 7. Reserved to part-time and working students (you must make a formal request to the secretariat; registration in Infostud is still required). Date: 14/10/25. Stanza G29 (Viale Regina Elena 295). Starting time: 09:30.
Announcements
18/09/2024: The course will start on September 26th, 2024.
16/11/2024: The lecture on 12/12/2024 will not take place in order to allow second year students to participate to the 52nd edition of the ITMeeting.
Lectures
| Date | Topics | References |
|---|---|---|
| Lecture 1 26/09/24 | Introduction to the course. Modern cryptography. Message confidentiality and authenticity. Symmetric encryption. Perfect secrecy and Shannon's impossibility result. The AES blockcipher. | Chapter 1 |
| Lecture 2 01/10/24 | Modes of operation: ECB, CBC, CFB, OFB and CTR. Definition of CPA security for symmetric encryption. Message authentication codes and unforgeability. CBC-MAC and its security. | Chapter 1 |
| Lecture 3 03/10/24 | Collision-resistant hash functions. The Merkle-Damgaard paradigm and SHA-1. The sponge construction and SHA-3. HMAC. Definition of CCA security for symmetric encryption. Combining encryption and authentication. | Chapter 1 |
| Lecture 4 08/10/24 | A brief tour of Minicrypt: one-way functions, pseudorandom generators, pseudorandom functions and pseudorandom permutations. Beginning of asymmetric cryptography: brush-up on number theory. | Chapter 2 |
| Lecture 5 10/10/24 | The RSA public-key encryption and its security. The ElGamal public-key encryption and its security. Diffie-Hellmann assumptions. | Chapter 2 |
| Lecture 6 15/10/24 | Pairings and assumptions on bilinear groups. Digital signatures and unforgeability. Signing with RSA and Full-Domain Hash. Public-key infrastructures and X.509 certificates. Identity-based encryption. | Chapter 2 |
| Lecture 7 17/10/24 | Key exchange protocols. Diffie-Hellmann key exchange. Security in the Canetti-Krawczyk model. ISO 9697 protocol. IPsec and IKE: SKEME and SIGMA. MQV and HMQV. | Chapter 3 |
| Lecture 8 22/10/24 | Key derivation functions using HMAC. Passwords. Bloom filters. Password-based encryption. Password-authenticated key exchange. | Chapter 3 |
| Lecture 9 24/10/24 | The TLS protocol and TLS 1.3. Post-quantum cryptography. Lattices and hard problems: SIS and LWE. | Chapter 3, 4 |
| Lecture 10 29/10/24 | Basic cryptographic primitives based on lattices. Lattice trapdoors and Falcon. Canonical identification schemes and Crystals-Dilithium. | Chapter 4 |
| Lecture 11 31/10/24 | Regev public-key encryption. The Fujisaki-Okamoto transform and Crystals-Kyber. Fully-homomorphic encryption. | Chapter 4 |
| Lecture 12 05/11/24 | Fully-homomorphic encryption. Identity-based encryption and attribute-based encryption from lattices. | Chapter 4 |
| Lecture 13 07/11/24 | Differential privacy and approximate differential privacy. Properties. Randomized responses. The Laplace and the Gaussian mechanisms. | Chapter 5 |
| Lecture 14 12/11/24 | Advanced composition. The exponential mechanism and its applications. | Chapter 5 |
| Lecture 15 14/11/24 | The SmallDB mechanism. Information-theoretic lower bounds. Traitor tracing and computational lower bounds. Differential privacy and game theory. | Chapter 5 |
| Lecture 16 19/11/24 | Introduction to Bitcoin. Basic design principles. | Chapter 6 |
| Lecture 17 21/11/24 | Mining pools and attacks. Security of Bitcoin. | Chapter 6 |
| Lecture 18 26/11/24 | Lightning networks. Altcoins: Ethereum. | Chapter 6, Chapter 7 |
| Lecture 19 28/11/24 | Altcoins: Cardano, Algorand, Litecoin, Filecoin. | Chapter 7 |
| Lecture 20 03/12/24 | Altcoins: Zerocash. | Chapter 7 |
| Lecture 21 05/12/24 | Introduction to multi-party computation. Coin tossing and oblivious transfer. | Chapter 8 |
| Lecture 22 10/12/24 | Yao's protocol for semi-honest and malicious adversaries. | Chapter 8 |
| Lecture 23 17/12/24 | Secret sharing. MPC with honest majority. | Chapter 8 |
| Lecture 24 19/12/24 | Redactable blockchain. | Chapter 8 |