Lecture Notes on Cryptography
Shafi Goldwasser
1
Mihir Bellare
2
July 2008
1
MIT Computer Science and Artificial Intelligence Laboratory, The Stata Center, Building 32, 32 Vassar Street,Cambridge, MA 02139, USA. E-mail:
shafi@theory.lcs.mit.edu
; Web page:
http://theory.lcs.mit.edu/ shafi
2
Department of Computer Science and Engineering, Mail Code 0404, University of Californiaat San Diego, 9500 Gilman Drive, La Jolla, CA 92093, USA. E-mail:
mihir@cs.ucsd.edu
; Webpage:
http://www-cse.ucsd.edu/users/mihir
Foreword
This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taughtat MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2002, 2004, 2005 and 2008.Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain thenotion of provable security and its usage for the design of secure protocols.Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduatestudents who attended Professor Goldwasser’s
Cryptography and Cryptanalysis
course over the years, and lateredited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed muchof the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from thechapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science. Chapters 4, 5, 6,8, 9 and 11, and Sections 10.5 and 7.4.6, are from the
Introduction to Modern Cryptography
notes by Bellareand Rogaway [23], and we thank Phillip Rogaway for permission to include this material. Rosario Gennaro (asTeaching Assistant for the course in 1996) contributed Section 10.6, Section 12.4, Section 12.5, and Appendix Dto the notes, and also compiled, from various sources, some of the problems in Appendix E.All rights reserved.Shafi Goldwasser and Mihir Bellare Cambridge, Massachusetts, July 2008.2
Table of Contents
1 Introduction to Modern Cryptography 11
1.1 Encryption: Historical Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111.2 Modern Encryption: A Computational Complexity Based Theory . . . . . . . . . . . . . . . . . . 121.3 A Short List of Candidate One Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131.4 Security Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141.5 The Model of Adversary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151.6 Road map to Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2 One-way and trapdoor functions 16
2.1 One-Way Functions: Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162.2 One-Way Functions: Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172.2.1 (Strong) One Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172.2.2 Weak One-Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.2.3 Non-Uniform One-Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192.2.4 Collections Of One Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202.2.5 Trapdoor Functions and Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.3 In Search of Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.3.1 The Discrete Logarithm Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.3.2 The RSA function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262.3.3 Connection Between The Factorization Problem And Inverting RSA . . . . . . . . . . . . 282.3.4 The Squaring Trapdoor Function Candidate by Rabin . . . . . . . . . . . . . . . . . . . . 292.3.5 A Squaring Permutation as Hard to Invert as Factoring . . . . . . . . . . . . . . . . . . . 322.4 Hard-core Predicate of a One Way Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332.4.1 Hard Core Predicates for General One-Way Functions . . . . . . . . . . . . . . . . . . . . 342.4.2 Bit Security Of The Discrete Logarithm Function . . . . . . . . . . . . . . . . . . . . . . . 352.4.3 Bit Security of RSA and SQUARING functions . . . . . . . . . . . . . . . . . . . . . . . . 362.5 One-Way and Trapdoor Predicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362.5.1 Examples of Sets of Trapdoor Predicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3 Pseudo-random bit generators 39
3.0.2 Generating Truly Random bit Sequences . . . . . . . . . . . . . . . . . . . . . . . . . . . 393.0.3 Generating Pseudo-Random Bit or Number Sequences . . . . . . . . . . . . . . . . . . . . 403
Search History:
Result 00 of 00
00 results for result for
p.
More From This User
Notes
Load more
