Let’s move it from **4/8 to 4/11**, since I won’t get to digital signatures until then.

## Comments on your Executive Summaries

A chunk of your grade comes from reading a recent paper in the provable-security literature, and producing a nice executive summary of that paper for me. I don’t care too much what paper you select, but it must have a reasonable provable-security component — formal syntax, security definitions, and proofs. The point of this is to see if you could pick up a research paper and apply what you’ve learned to produce a useful summary of what it delivers. Some questions you might want to ask yourself (and answer in the summary) are:

- What problem is this paper tackling?
- What is the potential impact on cryptographic practice of these results?
- What advances over the previous state of knowledge are made?
- What are the main results; what do the security bounds “say”?
- Are the constructions efficient? Could they, reasonably, be implemented/run on a laptop? A smart phone? A smart card? An embedded device?
- Do the hardness assumptions that are used to support proofs seem reasonable?
- What open problems are surfaced by the authors, for future work? (Do you see any that they don’t?)

Three to five typeset pages is about the right target length, possibly more if you need to include big figures or tables.

**DUE: 11:59p, Sunday 4/29**

## HW5 posted

## 1-IND-CPA implies q-IND-CPA

Here’s a “virtual” whiteboard screenshot that goes through the 1-implies-q argument in much more detail. Perhaps I’ll find the time to make a voiceover track to put on this picture, i.e. make a more proper screencast lecture out of it, but in the meantime…

## Chris’ lecture notes

I hope you all enjoyed Chris’ lecture today! Here are his personal lecture notes.

## List of papers for executive summary

Here’s a list of papers from which to choose. Executive summaries are to be done by each of you, individually. To avoid duplicates, it’s first come, first served! [Update: titles in parentheses have been claimed.]

=============================

C’17

=============================

Boosting Authenticated Encryption Robustness With Minimal Modifications

Message Franking via Committing Authenticated Encryption

Key Rotation for Authenticated Encryption

(Black-Box Parallel Garbled RAM)

Anonymous Attestation with Subverted TPMs

(Incremental Program Obfuscation)

(Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory)

(Ratcheted Encryption and Key Exchange: The Security of Messaging)

A New Distribution-Sensitive Secure Sketch and Popularity-Proportional Hashing

===============================

EC’18

===============================

On the Gold Standard for Security of Universal Steganography

(The Wonderful World of Global Random Oracles)

Random Oracles and Non-Uniformity

(Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions)

Masking Proofs are Tight, and How to Exploit it in Security Evaluations

Efficient Circuit-based PSI via Cuckoo Hashing

Untagging Tor: A Formal Treatment of Onion Encryption

===============================

EC’17

===============================

(Formal Abstractions for Attested Execution Secure Processors)

(Improved Private Set Intersection against Malicious Adversaries)

Private Puncturable PRFs From Standard Lattice Assumptions

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited

(Public-Seed Pseudorandom Permutations)

Modifying an Enciphering Scheme after Deployment

Patchable Indistinguishability Obfuscation: iO for Evolving Software

Non-Interactive Secure 2PC in the Offline/Online and Batch Settings

## A nice video lecture on DH key exchange, the hardness problems, and elliptic curves

Check out this lecture, starting at 34:50. Later, if you’re really interested in elliptic curve DH, you can watch the preceding portion of the lecture. It’s really well done!