Modern Public Key Cryptography – 705016 – Sommersemester 2026
Table of Content
Content
• Advanced Cryptographic Primitives • Public Key Cryptography (public key encryption schemes, signature schemes, commitment schemes, zero knowledge, ...) • Provable Security (security models, basic ideas of reductionist security proofs)Material
| Date | Lecturer | Lecture title | Exercise |
|---|---|---|---|
| 04/03/2026 | Lena | Course Information Introduction to reductions | Handout warmup exercise |
| 11/03/2026 | Shibam | Commitment Schemes | Correct warmup |
| 18/03/2026 | Shibam | Zero-Knowledge Proofs | Handout ZKP exercises |
| 25/03/2026 | Fabian | Game-based and simulation-based proofs | Correct ZKP exercises |
| 15/04/2026 | Lena | Lattices, SIS, R-SIS and LWE | Talk about Seminar Topics |
| cancelled | cancelled | Choose Project Topics | |
| 29/04/2026 | Daniel Escudero | MPC Crash course | |
| 06/05/2026 | Lena | Lattices and (Oblivious) Pseudorandom Functions | |
| 13/05/2026 | Fabian | Zero-Knowledge friendly cipher design | |
| 20/05/2026 | Christian | Collusion assumptions | |
| 27/05/2026 | tbd | Invited Talk II | |
| 03/06/2026 | You! | Seminar Talks I | |
| 10/06/2026 | You! | Seminar Talks I |
Seminar topics (choose until the 22nd of April!)
- Choose your topic by e-mailing your chosen supervisor and forwarding the email with the date suggestion to Lena.
- Presentation can be done alone (20 minutes) or in pairs (40 minutes)
- After, we will discuss the topic in class. Students get bonus points for good questions.
- Hand in the slide draft for feedback three days before your presentation
- Overall, you get 60 points for the presentation:
- 20 for the slide draft
- 20 for the presentation delivery
- 20 for discussion
Timelock encryption: Timelocks can send a message "to the future" where it can only be decrypted at a later date. https://people.seas.harvard.edu/~salil/research/timelock.pdf- Bulletproofs: https://eprint.iacr.org/2017/1066.pdf, also explain bulletproofs (shortened sigma proofs).
- Anonymous Credit Tokens: How can a credential keep a balance private? See: https://datatracker.ietf.org/doc/draft-schlesinger-privacypass-act/
- Proving a range in zero-knowledge: https://crypto.stanford.edu/~dabo/cryptobook/BonehShoup_0_6.pdf#subsection.20.4.1
anonymous group messaging: How to use systems like Clarion to hide who is a member of a group: https://www.ndss-symposium.org/wp-content/uploads/2022-141-paper.pdf
Lookup arguments in cryptographic proofs (https://eprint.iacr.org/2025/1876) explore the landscape of proving non-trivial relations.The BFV scheme (https://eprint.iacr.org/2012/144.pdf) explain one of the foundational arithmetic homomorphic encryption schemes.- Function Secret Sharing (https://www.iacr.org/archive/eurocrypt2015/90560300/90560300.pdf) computing on shared data is much easier with a helper.
- Arithmetic-Binary-Yao (https://eprint.iacr.org/2018/403.pdf) 3 MPC schemes, 3 parties, and blazingly fast performance.
- ColliderScript (https://eprint.iacr.org/2024/1802.pdf) How Hash functions in weird settings enable arbitrary computation in constrained blockchains.
ZK in Anonymous credentials, helps you prove ID without revealing more info https://eprint.iacr.org/2026/330.pdf- Plonk constraints, Allows to write constraints for zkSNARKS https://www.mit.edu/~linust/files/zkSNARK_PlonK.pdf
Threshold and Ring Signatures (both classic and PQ), https://arxiv.org/html/2311.05514v2, https://www.cs.umd.edu/~jkatz/papers/ring_sigs.pdf- ZK/MPC friendly OWFs and Hashes, allows to write efficient ZK circuits, https://core.taceo.io/articles/how-to-choose-your-zk-friendly-hash-function/, https://eprint.iacr.org/2016/542
- VOLE(ith) applications, https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/FAEST-spec-web.pdf, https://eprint.iacr.org/2025/113.pdf, https://eprint.iacr.org/2026/109, https://csrc.nist.gov/csrc/media/Projects/threshold-cryptography/documents/TCall-1/Schmivitz-PW01.pdf, https://eprint.iacr.org/2024/1431
Administrative Information
Previous Knowledge
We recommend Information Security and Cryptography. Mathematical Foundations of Cryptography or Privacy Enhancing Technologies are also a plus.Prerequisites Curriculum
A course in cryptography (e.g. Information Security, Cryptography, Privacy Enhancing Technologies or equivalent).Objective
“In this course you will get to know the details of many public-key cryptosystems; … be able to show the security of common cryptographic schemes by constructing a security proof; … learn more about advanced aspects of cryptography and cryptographic research.”Language
EnglishTeaching Method
* Lectures * Exercises * Final presentation at the end of the lecture.How to get a grade
Participation in class, exercises, and a final presentation.Registration
https://online.tugraz.at/tug_online/ee/rest/pages/slc.tm.cp/course-registration/592116Lecture Dates
| Date | Begin | End | Location | Event | Type | Comment |
|---|---|---|---|---|---|---|
| 2026/05/13 | 13:00 | 15:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/05/20 | 13:00 | 15:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/05/27 | 13:00 | 15:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/06/03 | 13:00 | 15:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/06/10 | 13:00 | 15:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/06/17 | 13:00 | 15:00 | HS i3 "LENZING Hörsaal" | Abhaltung | VU | fix/ |
| 2026/06/24 | 13:00 | 15:00 | Seminarraum | Abhaltung | VU | fix/ |
