CS 276 &mdash Projects
A final project involves the study of a paper or series of papers on
an advanced subject not covered in class. You will write
a short report (510 pages), and give a 25minute presentation
in class. Twopeople collaborations are possible, in which case the subject/papers should be more ambitious, and the presentation will be 40 minutes.
A project may be planned with a research problem in mind.
Here are some suggested topics.
Hardcore predicates
 Every bit of RSA and exponentiation is hardcore
 Johan Hastad, Mats Naslund: The security of all RSA and discrete log bits. J. ACM 51(2): 187230 (2004)
 The unified framework of Akavia, Goldwasser and Safra
 Adi Akavia, Shafi Goldwasser, Shmuel Safra: Proving HardCore Predicates Using List Decoding. FOCS 2003
Oneway Functions and Pseudorandom Generators
 Efficient "hardness amplification" for oneway permutations
 Oded Goldreich, Russell Impagliazzo, Leonid A. Levin, Ramarathnam Venkatesan, David Zuckerman: Security Preserving Amplification of Hardness FOCS 1990: 318326
 See also Goldreich's book
 A longstanding research question is whether one can do the
same for general oneway functions. It's possible that the answer
is negative for "blackbox reductions."

Pseudorandom generators from "regular" oneway functions. ("Regular
is a technical term, it means all elements of the range have the
same number of preimages.)
 Oded Goldreich, Hugo Krawczyk, Michael Luby: On the Existence of Pseudorandom Generators. SIAM J. Comput. 22(6): 11631175 (1993)
 See also Oded Goldreich's textbook

The full HILL construction (with Holenstein's simplification). Note
that this might be too much to tackle in one month.
 Johan Hastad, Russell Impagliazzo, Leonid A. Levin, Michael Luby: A Pseudorandom Generator from any Oneway Function. SIAM J. Comput. 28(4): 13641396 (1999)
 Thomas Holenstein: Pseudorandom Generators from OneWay Functions: A Simple Construction for Any Hardness. TCC 2006: 443461
 Again, it's a longstanding open question whether
a more efficient construction (one in which the seed is nearly linear
in the input length of the original oneway function) is possible.
Maybe no such "blackbox" construction is possible. Although, if you are
still reading, there is a sort of "doblenegative" result showing
that a certain style of "blakbox impossibility" argument will not work
here
 Omer Reingold, Luca Trevisan, Salil P. Vadhan: Notions of Reducibility between Cryptographic Primitives. TCC 2004: 120
Impossibility Results
 Key agreement from oneway functions. The work that
started it all
 Russell Impagliazzo, Steven Rudich: Limits on the Provable Consequences of OneWay Permutations STOC 1989: 4461
 It might be helpful to read about uniform generation with
an NP oracle, for example from
The nature of the impossibility result is clarified in
 Omer Reingold, Luca Trevisan, Salil P. Vadhan: Notions of Reducibility between Cryptographic Primitives. TCC 2004: 120
 Oneway permutations from oneway functions
 Steven Rudich's PhD Thesis
 Jeff Kahn, Michael E. Saks, Clifford D. Smyth: A Dual Version of Reimer's Inequality and a Proof of Rudich's Conjecture. IEEE Conference on Computational Complexity 2000: 98103
 Oblivious transfer versus publickey encryption
 Yael Gertner, Sampath Kannan, Tal Malkin, Omer Reingold, Mahesh Viswanathan: The Relationship between Public Key Encryption and Oblivious Transfer. FOCS 2000: 325335
 Trapdoor functions from public key encryption
 Yael Gertner, Tal Malkin, Omer Reingold: On the Impossibility of Basing Trapdoor Functions on Trapdoor Predicates. FOCS 2001: 126135
 A major open question is whether CCAsecure publickey encryption
can be derived in a blackbox way (or in any way) from CPAsecure
publickey encryption. Currently, the partial evidence is unclear
 Yael Gertner, Tal Malkin, Steven Myers: Towards a Separation of Semantic and CCA Security for Public Key Encryption. TCC 2007: 434455
 Seung Geol Choi, Dana DachmanSoled, Tal Malkin, Hoeteck Wee: BlackBox Construction of a Nonmalleable Encryption Scheme from Any Semantically Secure One. TCC 2008: 427444
 Collisionresistant hash functions from oneway functions
 Daniel R. Simon: Finding Collisions on a OneWay Street: Can Secure Hash Functions Be Based on General Assumptions? EUROCRYPT 1998: 334345
Candidate OneWay Functions and Trapdoor Functions
 Algorithms for Discrete Logarithm
 Discrete Logarithm on Elliptic Curves
 Lattice Problems
Public Key Encryption
 Nonmalleable encryption
 The full DNS construction
 CramerShoup
 The unifying framework of Sahai
Obfuscation
 The Barak et al. paper
 Point functions
The Random Oracle Model
 Unimplementable protocols
 Extractable functions
Commitment Schemes
 Stat binding, comp hiding, round lower bound
 Stat binding, comp hiding, construction
Zero Knowledge
 Blackbox impossibility results
 Barak's protocols
 Magic functions
 Notions of resettable and concurrent zero knowledge
 Noninteractive zero knowledge