6.897: Selected Topics in Cryptography
May 13, 2004
Lecture 26
Scribe: DahYoh Lim
1
Recap of PairingBased Cryptography
Setting (as usual): (G1 = P , +),(G2 , ): two groups of the same prime order q . Assume DLP
is hard in both groups. Note that in the lit

6.897 Special Topics in Cryptography
Instructor : Ran Canetti
Lecture 25: PairingBased Cryptography
May 5, 2004
1
Scribe: Ben Adida
Introduction
The eld of PairingBased Cryptography has exploded over the past 3 years [cry, DBS04].
The central idea is the

6.897: Advanced Topics in Cryptography
April 30, 2004
Lecture 24: Ne Voting
Scribed by: abhi shelat
1
Introduction
This lecture is a synopsis of Nes voting scheme.
Each ballot is identied with a unique id number, i, and a unique codebook, V Ci which maps

6.897: Advanced Topics in Cryptography
April 29, 2004
Lecture 23: Chaums Election Scheme
Scribed by: Yoav Yerushalmi
1
Lecture Overview
In the previous lecture, we discussed a Rivestdevised variation on Chaums election scheme.
We also introduced the notio

6.897: Advanced Topics in Cryptography
Apr 23, 2004
Lecture 22: Voter Verication in Mix-net Voting Systems
Scribed by: Yael Tauman Kalai
1
Introduction
Any voting system is required to be veriable. Namely, it is required that each voter can
verify that hi

6.897: Advanced Topics in Cryptography
Apr 22, 2004
Lecture 21: Ne (VoteHere) Voting Scheme
Scribed by: Chris Peikert
Topics for this lecture:
A comment on Ne s mixnet
Batch verication
The BonehGolle scheme
Randomized partial checking (RPC) of mixnets

6.879 Special Topics in Cryptography
Instructor : Ran Canetti
Lecture 20: Veriable MixNets
April 16, 2004
1
Scribe: Matt Lepinski
TwoByTwo Veriable Mixes
Before solving the general case of veriably mixing n ciphertexts, we rst consider the case
of a veria

6.879 Special Topics in Cryptography
Instructors: Ran Canetti
Lecture 19: Veriable Mix-Net Voting
April 15, 2004
Scribe: Susan Hohenberger
In the last lecture, we described two types of mix-net voting protocols: decryption mixnets and re-encryption mix-ne

6.897: Advanced Topics in Cryptography
Apr 9, 2004
Lecture 18: Mixnet Voting Systems
Scribed by: Yael Tauman Kalai
1
Introduction
In the previous lecture, we dened the notion of an electronic voting system, and specied
the requirements from such a system.

6.897 Special Topics in Cryptography
Instructor : Ran Canetti
Lecture 17: Introduction to Electronic Voting
April 8, 2004
Scribe: Ben Adida
Electronic Voting: Why?
Of all possible cryptographic applications to study, why choose electronic voting? Both th

V d V` I
SQs%PV
R H G P R P F D T A ` H P
cuD$cHc$srcnDEDsgnCDcH FD$sR Dc cwc
H R R H T P T T A R P
cD$nsDD5$)cYcsg nD8Y QDn2Y%IUDqqnI B$srcnD
H T ` P T R H P H P H
ccBDgg$DnYcnDnFc'urwscSn QncD%QH
nxw@8
9 $
6 4 2 0
75DD31
(
)
&
Sg'S
$
%#
"
R

6.897: Selected Topics in Cryptography
March 13, 2004
Lecture 12
Lecturer: Ran Canetti
1
Scribe: Dah-Yoh Lim
Recap
Last lecture we started to look at how we could realize any two-party functionality for any number
of faults in the FCRS -hybrid model. In t

Todays topics:
UC ZK from UC commitments (this is information theoretic and unconditional; no crypto needed)
MPC, under any number of faults (using the paradigm of [GMW87])
MPC in the plain model with an honest majority (using elements of [BOGW88] and

6.897: Selected Topics in Cryptography
27 February 2004
Lecture 8: The Dummy Adversary
Instructor: Ran Canetti
1
Scribed by: Jonathan Herzog
Previous Lecture
Motivation for the Universally Composable (UC) framework
Denition of an interactive Turing

6.897: Advanced Topics in Cryptography
Feb 5, 2004
Lecture 3,4: Universal Composability
Lecturer: Ran Canetti
1
Scribed by: Yael Kalai and abhi shelat
Introduction
Our goal in these two lectures is to prove the Composition Theorem that was presented at th

6.897 Spring 2004
Homework 4
Handed out: 5/6/2004
Due: 5/12/2004 (last day of class!)
This homework problem relates to pairing-based cryptography;
see the readings available on the server.
Problem.
-Part A:
Give a careful definition of a "trapdoor pairing

6.897 Spring 2004
Homework 3
Handed out: 4/16/2004
Due: 4/29/2004
The homework is to write a "referee's report" on the
paper "Verifiable Mixing (Shuffling) of El-Gamal Pairs"
by Andrew Neff, written four months ago (dated 12/31/2004).
This paper more-or-l

6.897: Selected Topics In Cryptography
Canetti
Problem Set 2
Apri 2, 2004
1 Question 1:
Due: April 16, 2004
from .
Show how to realize for any polytime-decidable relation , in the -hybrid model, without computational assumptions. (Here provides 1 out of

6.897: Selected Topics In Cryptography
Canetti
Problem Set 1
February 27, 2004
Due: March 12, 2004
1 Question 1: Equivalence of Zero-Knowledge arguments of knowl
edge and protocols for realizing
Recall the denition of Zero-Knowledge Proofs of Knowledge (