# Data Privacy and Security (Fall 2024)

Master's Degree in Data Science

## Syllabus

The course is meant to cover an overview of modern techniques aimed at protecting data privacy and security in digital applications. Below is a tentative list of topics.

*Introduction to cryptography:*

- Confidential communication, secret-key and public-key encryption.
- Authentic communication, cryptographic hashing, message authentication codes and digital signatures.
- Key exchange protocols and TLS.
- Post-quantum cryptography. Fully-homomorphic encryption.

*Differential Privacy:*

- Approximate and pure differential privacy. Properties.
- Examples of differentially-private mechanisms: randomized responses, the Laplace mechanism, the Gaussian mechanism, the exponential mechanism.
- Lower bounds on differentially-private mechanisms.

*Blockchain:*

- The Bitcoin protocol.
- Ethereum and smart contracts.
- Altcoins (Algorand, Cardano, ZCash, ...).

*Multiparty Computation:*

- Two-party and multi-party computation.
- Yao's garbled circuits.
- MPC with honest majority.

## Logistics

** Important: **The lectures are offered exclusively in-person (with no registration taking place).

*Lecture time:* Tuesday (15:00 - 17:00) and Thursday (12:00 - 15:00).

*Location:* Room A2 - Via Ariosto 25, Rome.

*Twitter:* @SapienzaCrypto.

*Google Group:* SapienzaCrypto.

## Grading

Student’s presentation (30%), oral exam (70%).

## Course Slides

- Course info [pdf].
- Chapter 1: Secret-key cryptography [pdf].
- Chapter 2: Public-key cryptography [pdf].
- Chapter 3: Key exchange protocols [pdf].
- Chapter 4: Post-quantum cryptography [pdf].
- Chapter 5: Differential privacy [pdf].
- Chapter 6: Bitcoin [pdf].
- Chapter 7: Alternative currencies [pdf].
- Chapter 8: Secure multiparty computation [pdf].

## References

While we will not follow a single book; the following sources are suggested as reference. However, only the material included in the slides will be part of the oral exam.

- Daniele Venturi.
*Crittografia nel Paese delle Meraviglie*, Springer, Collana di Informatica, 2012. - Jonathan Katz, Yehuda Lindell.
*Introduction to Modern Cryptography*, CRC Press, Third Edition, 2020. - Salil Vadhan.
*The Complexity of Differential Privacy*, Chapter 7 of Tutorials on the Foundations of Cryptography, Yehuda Lindell Ed., Springer, 2017. - Carmit Hazay and Yehuda Lindell.
*Efficient Secure Two-Party Protocols*, Springer, 2010.

## Students' Projects

As part of the exam, students are required to present a research paper or solve a small project and present the solution during the exam. Reach out to me by email after choosing a topic of preference (among those covered in the course) in order to get an assignment.

## Exams

The exam dates for academic year 2024/2025 will be displayed here when available.

## Announcements

__18/09/2024:__ The course will start on September 26th, 2024.

## Lectures

Date | Topics | References |
---|---|---|

Lecture 1 26/09/24 | Introduction to the course. Modern cryptography. Message confidentiality and authenticity. Symmetric encryption. Perfect secrecy and Shannon's impossibility result. The AES blockcipher. | Chapter 1 |

Lecture 2 01/10/24 | Modes of operation: ECB, CBC, CFB, OFB and CTR. Definition of CPA security for symmetric encryption. Message authentication codes and unforgeability. CBC-MAC and its security. | Chapter 1 |

Lecture 3 03/10/24 | Collision-resistant hash functions. The Merkle-Damgaard paradigm and SHA-1. The sponge construction and SHA-3. HMAC. Definition of CCA security for symmetric encryption. Combining encryption and authentication. | Chapter 1 |

Lecture 4 08/10/24 | A brief tour of Minicrypt: one-way functions, pseudorandom generators, pseudorandom functions and pseudorandom permutations. Beginning of asymmetric cryptography: brush-up on number theory. | Chapter 2 |

Lecture 5 10/10/24 | The RSA public-key encryption and its security. The ElGamal public-key encryption and its security. Diffie-Hellmann assumptions. | Chapter 2 |

Lecture 6 15/10/24 | Pairings and assumptions on bilinear groups. Digital signatures and unforgeability. Signing with RSA and Full-Domain Hash. Public-key infrastructures and X.509 certificates. Identity-based encryption. | Chapter 2 |

Lecture 7 17/10/24 | Key exchange protocols. Diffie-Hellmann key exchange. Security in the Canetti-Krawczyk model. ISO 9697 protocol. IPsec and IKE: SKEME and SIGMA. MQV and HMQV. | Chapter 3 |

Lecture 8 22/10/24 | Key derivation functions using HMAC. Passwords. Bloom filters. Password-based encryption. Password-authenticated key exchange. | Chapter 3 |

Lecture 9 24/10/24 | The TLS protocol and TLS 1.3. Post-quantum cryptography. Lattices and hard problems: SIS and LWE. | Chapter 3, 4 |

Lecture 10 29/10/24 | Basic cryptographic primitives based on lattices. Lattice trapdoors and Falcon. Canonical identification schemes and Crystals-Dilithium. | Chapter 4 |

Lecture 11 31/10/24 | Regev public-key encryption. The Fujisaki-Okamoto transform and Crystals-Kyber. Fully-homomorphic encryption. | Chapter 4 |

Lecture 12 05/11/24 | Fully-homomorphic encryption. Identity-based encryption and attribute-based encryption from lattices. | Chapter 4 |

Lecture 13 07/11/24 | Differential privacy and approximate differential privacy. Properties. Randomized responses. The Laplace and the Gaussian mechanisms. | Chapter 5 |