# Welcome back

## Find a book, put up your feet, stay awhile

Sign in with Facebook

Sorry, we are unable to log you in via Facebook at this time. Please try again later.

or

Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more

Download

Standard view

Full view

of .

Look up keyword or section

Like this

Share on social networks

9Activity

×

0 of .

Results for: No results containing your search query

P. 1

Lecture Notes on Cryptography by Shafi Goldwasser, Mihir BellareRatings:

5.0

(1)|Views: 937|Likes: 8Published by bagsta_contest

This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shaﬁ Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shaﬁ Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario

Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E.

Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate

students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science.

Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.

Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E.

Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate

students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science.

Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.

This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shaﬁ Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shaﬁ Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario

Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E.

Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate

students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science.

Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.

Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E.

Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate

students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science.

Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.

See more

See less

https://www.scribd.com/doc/2994510/Lecture-Notes-on-Cryptography-by-Shafi-Goldwasser-Mihir-Bellare

05/20/2013

text

original

Lecture Notes on Cryptography

Shafi Goldwasser

1

Mihir Bellare

2

August 2001

1

MIT Laboratory of Computer Science, 545 Technology Square, Cambridge, MA 02139, USA. E-mail:

shafi@theory.lcs.mit.edu

; Web page:

http://theory.lcs.mit.edu/ shafi

2

Department of Computer Science and Engineering, Mail Code 0114, University of Californiaat San Diego, 9500 Gilman Drive, La Jolla, CA 92093, USA. E-mail:

mihir@cs.ucsd.edu

; Webpage:

http://www-cse.ucsd.edu/users/mihir

Foreword

This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptographytaught at MIT by Shaﬁ Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes wereformed by merging notes written for Shaﬁ Goldwasser’s

Cryptography and Cryptanalysis

course at MIT withnotes written for Mihir Bellare’s

Cryptography and network security

course at UCSD. In addition, RosarioGennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5,and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E.Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain thenotion of provable security and its usage for the design of secure protocols.Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduatestudents who attended Professor Goldwasser’s

Cryptography and Cryptanalysis

course over the years, andlater edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributedmuch of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 isfrom the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science.Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his

Cryptography and network security

course at UCSD.All rights reserved.Shaﬁ Goldwasser and Mihir Bellare Cambridge, Massachusetts, August 2001.2

Table of Contents

1 Introduction to Modern Cryptography 11

1.1 Encryption: Historical Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111.2 Modern Encryption: A Computational Complexity Based Theory . . . . . . . . . . . . . . . . 121.3 A Short List of Candidate One Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . 131.4 Security Deﬁnitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141.5 The Model of Adversary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151.6 Road map to Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2 One-way and trapdoor functions 17

2.1 One-Way Functions: Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172.2 One-Way Functions: Deﬁnitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.2.1 (Strong) One Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.2.2 Weak One-Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202.2.3 Non-Uniform One-Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.2.4 Collections Of One Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.2.5 Trapdoor Functions and Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.3 In Search of Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.3.1 The Discrete Logarithm Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252.3.2 The RSA function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272.3.3 Connection Between The Factorization Problem And Inverting RSA . . . . . . . . . . 302.3.4 The Squaring Trapdoor Function Candidate by Rabin . . . . . . . . . . . . . . . . . . 302.3.5 A Squaring Permutation as Hard to Invert as Factoring . . . . . . . . . . . . . . . . . 342.4 Hard-core Predicate of a One Way Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352.4.1 Hard Core Predicates for General One-Way Functions . . . . . . . . . . . . . . . . . . 352.4.2 Bit Security Of The Discrete Logarithm Function . . . . . . . . . . . . . . . . . . . . . 362.4.3 Bit Security of RSA and SQUARING functions . . . . . . . . . . . . . . . . . . . . . . 382.5 One-Way and Trapdoor Predicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382.5.1 Examples of Sets of Trapdoor Predicates . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3 Pseudo-random bit generators 41

3.0.2 Generating Truly Random bit Sequences . . . . . . . . . . . . . . . . . . . . . . . . . 413

You've already reviewed this. Edit your review.

1 hundred reads

1 thousand reads

Duong Bui liked this

Duong Bui liked this

adddata liked this

مازن سيلمان liked this

neel1000g liked this

dave412562395 liked this

dave412562395 liked this

- Read and print without ads
- Download to keep your version
- Edit, email or read offline

© Copyright 2015 Scribd Inc.

Language

Choose the language in which you want to experience Scribd:

Sign in with Facebook

Sorry, we are unable to log you in via Facebook at this time. Please try again later.

or

Password Reset Email Sent

Join with Facebook

Sorry, we are unable to log you in via Facebook at this time. Please try again later.

or

By joining, you agree to our

read free for two weeks

Unlimited access to more than

one million books

one million books

Personalized recommendations

based on books you love

based on books you love

Syncing across all your devices

Join with Facebook

or Join with emailSorry, we are unable to log you in via Facebook at this time. Please try again later.

Already a member? Sign in.

By joining, you agree to our

to download

Unlimited access to more than

one million books

one million books

Personalized recommendations

based on books you love

based on books you love

Syncing across all your devices

Continue with Facebook

Sign inJoin with emailSorry, we are unable to log you in via Facebook at this time. Please try again later.

By joining, you agree to our

Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

CANCEL

OK

You've been reading!

NO, THANKS

OK

scribd