Research activities are divided into two parts: single paper reviews with provided papers, and a self-directed research paper on a topic of your choice. For general background into standards and practice of research in computer security, see the Research in Computer Science and Computer Security overview.
In cryptography, current cutting-edge papers often require significant experience and mathematical knowledge. Because of this, our primary focus will be on some foundational papers and concepts rather than what is cutting-edge in 2023.
Because of a late start on these assignments, we will only have one paper review before the start of the project.
For part of this course, you will be given research papers to read and review. In general, you will be given 2 weeks to read these papers and consider the results, and write a 1-2 page summary of each paper.
In your review, you should (briefly!) address the following issues:
These points should be clearly woven into a narrative report – don’t make a bullet list or answer these as if they were individual questions! In your review, remember that everything you write should be your own words, so don’t copy any text (including conclusions) from the paper.
Report due Tuesday, Oct 17: A. Fiat and A. Shamir. “How to Prove Yourself: Practical Solutions to Identification and Signature Problems,” 1986 Conference on Advances in Cryptology (CRYPTO), pp. 186–194, doi:10.1007/3-540-47721-7_12.
Notes: This is a classic paper that has driven, directly and indirectly, a lot of modern cryptographic systems and the general idea is now referred to as the “Fiat-Shamir heuristic.” It’s a great example of how people started thinking about proof systems and zero-knowledge when these concepts were first being developed, with this paper coming just one year after the paper that formalized the notion of a zero-knowledge proof. The math isn’t deep, and the only thing you have to really understand is the notion of a quadratic residue with an RSA-style composite modulus. The basic definition of quadratic residues is at the bottom of page 257 (Chapter 14) in our textbook, and a little bit more detail can be found on slides 3-7 of these slides from Purdue.
For this part, you are to select a cryptography topic that you are interested in that goes beyond the scope of the class, and has some relevance to current cryptography research (some remaining open problems, for example). You should locate research papers to read to learn that topic (basics as well as current research), and then write a paper summarizing your topic and the current state with regard to research. Your sources should be research-level (peer reviewed) papers, but do not need to be the “pure research” papers that initially described breakthroughs/ideas – using survey papers or “Systematization of Knowledge” (SoK) papers is perfectly fine, but they should be papers that have gone through peer review for a respected journal, conference, or book, and not just random things you find on the Internet.
If at any point you are uncertain about what is expected, or if you would like some guidance, please contact me – don’t just make guesses about what you should do! The major “project milestones” are explained below.
Topic selection (due Tuesday, Oct 24): Submit a basic description of your project topic in Canvas for this part. All I need is a very brief (couple of sentences) description of your project research component, but if you want to provide more information then I can give you feedback on that. I will hand out a list of potential projects in class, but you are not restricted to those topics.
Progress report (due Tuesday, Nov 14): By the time of the progress report your project should be pretty well investigated, meaning you’ve collected and read the main reference papers, and thought through what you’re going to write about in your report. You should turn in a progress report that contains the introduction section to your project report (this should describe the topic you’re studying at a high level and describe what you will be giving details on), as well as an outline of your report and a list of bibliographic references that you plan on using. You need at least two solid references (peer-reviewed conference or journal papers). Make sure you use appropriate citation styles (including full conference/journal names, dates, and page numbers).
The progress report is graded, and counts for 20% of your overall project grade. However, the most important part of the progress report is that I will provide comments and suggestions in Canvas soon after you submit it. This is where I tell you if you are going in the right direction, and give suggestions for things you should include for a good final report. You can turn in your progress report at any point, and I will provide feedback promptly. You are encouraged to turn in your progress report before the deadline so you can get early feedback on the direction you are taking!
Final report (due Thursday, Dec 5, 7:00 PM): Your final report is due at the scheduled final exam time.
This is intended to be a computer science oriented project (emphasis on the science), not a technology description. A topic which describes a product or system but without any significant underlying research question is not appropriate. For example, describing a protocol like TLS isn’t appropriate because it’s a technology description, and not a research question. However, there are certainly topics that delve into research questions related to TLS, even some very recent papers.
Technical depth is important. Formulas, theorems, proofs, and analysis are certainly important and should be included as appropriate. As described above, there should be some current research questions related to your topic, so it’s important to think about (and write about) what questions are left unanswered by the current research that should be investigated (“open problems”). As for the length of the paper, something around 10 pages (11 or 12 point font, single spaced) should be enough to cover the important parts. There’s no need to try to write about everything that’s out there related to your topic.
Remember that the writing should be entirely your own – it is not acceptable to copy text from a paper or the web. My general advice to people is this: Investigate and read as much about the topic as you can until you really understand it, taking some light notes. Then you should know the topic well enough to put aside all your references, and do the writing without looking at the original material. That ensures that the writing is coming from you and not the reference material.