Leo Reyzin. Notes for BU CAS CS 538.
1
1
Information-Theoretic Encryption: Perfect Secrecy and the One-Time Pad
Consider the following scenario: Alice is sending Bob off on an important mission. Prior to Bob's leaving, Alice gives him secret instructions
Leo Reyzin. Notes for BU CAS CS 538.
1
10
10.1
More on Signatures and the Public-Key Infrastructure
Random Oracle Model and Full-Domain-Hash
Very efficient stateless signatures seem to come from the so-called random oracle model, formally introduced by Be
Leo Reyzin. Notes for BU CAS CS 538.
1
9
9.1
Digital Signatures: Definition and First Constructions. Hashing.
Definition
First note that encryption provides no guarantee that a message is authentic. For example, if a message is encrypted with the one-time
Leo Reyzin. Notes for BU CAS CS 538.
1
8
8.1
Encryption: Semantic Security and Practical Issues
Semantic Security
Recall that for information-theoretic encryption, we had two definitions of security. Shannon secrecy focused on just two messages (much like
Leo Reyzin. Notes for BU CAS CS 538.
1
7
7.1
Diffie-Hellman, ElGamal, and a Bit of History
Diffie-Hellman Key Exchange
A great surge of academic interest in modern cryptography started with the work of Diffie, Hellman, and Merkle, and the publication of "
Leo Reyzin. Notes for BU CAS CS 538.
1
6
General One-Way and Trapdoor Functions
In this section, we will try to generalize what we've seen so far. For example, we know how to build a secure encryption out of RSA, but what exactly is RSA itself? In modern
Leo Reyzin. Notes for BU CAS CS 538.
1
5
5.1
Public-Key Encryption: Rabin, Blum-Goldwasser, RSA
Public Key vs. Symmetric Encryption
In the encryption we've been doing so far, the sender and the recipient needed to preagree on a key. This is traditionally
Leo Reyzin. Notes for BU CAS CS 538.
1
4
4.1
Working with composite moduli and the Blum-Blum-Shub generator
Chinese Remainder Theorem
Let p = q be two primes. The Chinese Remainder Theorem (CRT) says that working modulo n = pq is essentially the same as w
Leo Reyzin. Notes for BU CAS CS 538.
1
3
3.1
Pseudorandom Generators: Indistinguishability
Definition
We have seen how to build generators whose next bit is unpredictable from the previous bits. This clearly has applications: e.g., if you want to run a lo
Leo Reyzin. Notes for BU CAS CS 538.
1
2
2.1
Pseudorandom Generators: Unpredictability and First Example
Definition of next-bit-unpredictability
As we have seen, information-theoretic security requires long random strings. This brings up the following que
Leo Reyzin. Notes for BU CAS CS 538.
1
1
1.1
Symmetric Cryptography
Stream Ciphers and Block Ciphers
Cryptographers have long been designing things called "stream ciphers" and "block ciphers." A stream cipher (e.g., RC4 [Riv87]) takes an input key (also k