6.875/18.425 Cryptography and Cryptanalysis
April 12, 2007
Lecture 14 Notes
Blum-Goldwasser Public-Key-Cryptosystem
This is a cryptosystem that relies on a trapdoor function, uses the function to generate a
random one-time pad, and then exploits the secre

6.875/18.425 Cryptography and Cryptanalysis
March 22, 2007
Lecture 11
Megumi Ando
1
Public-Key Encryption (on hold)
So far, we have explored dierent notions of security and have proven that these notions
are equivalent. Last lecture, we discussed how we m

6.875/18.425 Cryptography and Cryptanalysis
Scribe Notes
March 22, 2007
Last Class
2
Last class we dened a pseudorandom number generator, GDP T : cfw_0, 1k cfw_0, 1k , such that
AP P T i [1, k 2 ] c > 0 kc k > kc
Pr s cfw_0, 1k ; bs bs bs 2 G(s) : A(bs bs

6.875/18.425 Cryptography and Cryptanalysis
February 8, 2007
Lecture 2
Lecturer: Silvio Micali
Scribe: Shyamnath Gollakota
Review
One Way Function (OWF) formal denition
Examples/candidates for OWFs.
Geometry.
Comp. Number Theory. (We explore this)
De

6.875 Lecture, 5/10/2007
Commitment
Lecturer: Silvio Micali. Scribe: Alex Poliakov
Catchphrases: Commit today, reveal tomorrow, Store a value in a safe.
Alice picks some value and puts it in a digital safe, to which only she has a key. She does not want
B

6.875 Scribe Notes
April 26, 2007
Scribe Notes
Scribe: Mike Spindel
1
1.1
Pseudorandom Functions
Learnability
Pseudorandom functions represent our rst success about unlearnability. What does that
mean? They are functions in which you cant nd structure or

May 1, 2007
Scribe Notes
Scribe: Chris Wilkens
Digital Signatures
Intuitively, we wan to verify the source of a message. The possibility of a signature was
introduced by Die and Hellman, but the rst implementation was with RSA.
Consider the following syst

6.875 Notes; Spring 2007 Micali
February 9, 2007
1
1.1
Tue, 2/6/2007
Administrivia
This course is Cryptography and Cryptanalysis. Taught by Professor Silvio
Micali; the TAs are Alice Reyzin and Yinmeng Zhang. Recitations are optional
and will be on Friday

6.875/18.425 Cryptography and Cryptanalysis
April 24, 2007
Lecture Notes
Pseudorandom Functions
Todays goal is to construct a family of pseudorandom functions.
Consider the entire space of length preserving functions given by f : cfw_0, 1k cfw_0, 1k
The s

6.875/18.425 Cryptography and Cryptanalysis
March 13, 2007
Lecture notes
King Yeung Yick
The Intuitive idea behind Semantic security is that Whatever you can compute with
the ciphertext, you can also compute without the ciphertext. Before we dene Semantic

6.875/18.425 Cryptography and Cryptanalysis
March 11, 2007
Lecture 8
Megumi Ando
1
Polynomial Security
The rst half of todays agenda is to prove that Polynomial Security is equivalent to GMsecurity. That is, a cryptosystem which is provably Polynomially S

6.875/18.425 Cryptography and Cryptanalysis
February 13, 2007
Scribe Notes 3
Scribe: Raluca Ada Popa
Number Theory
Let us dene k, the security parameter. Intuitively, it controls the probability that
something goes wrong in the work you put in a scheme. I

6.875/18.425 Cryptography and Cryptanalysis
May 15, 2007
Notes on Lecture 25 (5/15/2007)
David Nawi
Commitment (contd)
We have already covered examples of the two cases of commitment. The rst case is
perfect hiding and computational binding, but the examp

6.875/18.425 Cryptography and Cryptanalysis
February 27, 2007
Scribe Notes for Lecture 7
By Jayashree Subramanian
1
Lecture by Yinmeng N. Zhang
Scribe Notes
Remember denition of 1-bit crypto system that we saw discussed in last class? We want
to know how

6.875/18.425 Cryptography and Cryptanalysis
April 5, 2007
Lecture Notes
Review of previous lectures
1) Theorem: unpredictable generator indistinguishable generator
2) We showed a construction for the f one-way permutation and B-heart predicate
3) Theorem:

6.875
3, May, 2007
Lecture (3, May, 2007)
Lecturer: Silvio Micali
Scribe: Favonius Kuen-Bang Hou
Today we want to generalize our scheme to multiple bits from the last lecture.
Digital Signature is a triple (G, S, V ) and we hope it satises the following t

6.875/18.875 Cryptography and Cryptanalysis
February 2, 2004
Handout 3: Useful Notation
Instructor: Silvio Micali
Teaching Assistant: Matt Lepinski
[Portions of this handout were created by Anna Lysyanskaya in Fall 1999]
Notation
Outputs: Say A is an Algo

6.875/18.875 Cryptography and Cryptanalysis
February 23, 2005
Handout 6: Equivalence of GM and Semantic Security
Instructor: Silvio Micali
Teaching Assistant: Matt Lepinski
This handout is due to Yevgeniy Dodis who was the TA for 6.875 in 1998, and Matthi

6.875/18.425 Cryptography and Cryptanalysis
February 22, 2007
Scribe Notes 5
Scribe: Chris Crutcheld
1
RSA Cryptosystem
Last time we talked about the RSA cryptosystem. In RSA, the public key is a pair (n, e)
and the private key is (p1 , p2 ), the factoriz

6.875/18.425 Cryptography and Cryptanalysis
March 6, 2005
Lecture 7
Jongmin Baek
1
Multi-bit Secure Cryptosystem
Last week, we examined the notion of 1-bit secure cryptosystems. In particular, we
looked at:
Denition of 1-bit secure cryptosystems
Impleme