Errata: A Computational Introduction to Number Theory and
Algebra (Version 2)
Last updated: 1/22/2012
p. 45: last line of Exercise 2.41. 2pf should be 2pf /2 . [Chihong Joo, 9/9/2010]
p. 45: Exercise 2.44. First line, replace 0 (mod n) with = n; last line

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
The Factoring Problem
The Factoring Problem
We would like to understand the success of polynomial time
algorithms in factoring integers. We formally define this in
terms of an exper

CSL 759: Cryptography
Instructor: Ragesh Jaiswal
Course Information
Description: Cryptography has a very long history and there are evidences to suggest its existence
even around 4000 years back. Classical cryptography deals mainly with secret communicati

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Minor-1 Exam
Problem 1
Let : 0,1 128 0,1 128 0,1 128 be a (, , )-
secure PRF. Consider the function family : 0,1 128
0,1 128 0,1 128 defined as () = (). Is
a secure PRF? Discuss.

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Key Distribution
Diffie Hellman Key Exchange
^
^
Both parties share ^cfw_ which is the secret key for the session.
Authentication
Diffie Hellman Key Exchange
^
^cfw_
^
^
The adversar

DIGITAL SIGNATURES
1 / 74
Signing by hand
COSMO
ALICE
Cosmo
ALICE
Pay Bob $100
Alice
Alice
Bank
=?
no
Dont
yes
pay Bob
2 / 74
Signing electronically
SIGFILE
scan
Alice
101 1
Bank
Internet
ALICE
Pay Bob $100
3 / 74
Signing electronically
SIGFILE
scan
Alice

Supplementary Material: A Computational Introduction to Number
Theory and Algebra (Version 1)
Last updated: 10/15/2006.
This document contains supplementary exercises, examples, and a few alternative proofs
of theorems that would make nice additions to th

ASYMMETRIC ENCRYPTION
1 / 135
Recommended Book
Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved.
2 / 135
Recall Symmetric Cryptography
Before Alice and Bob ca

AUTHENTICATED ENCRYPTION
1 / 55
So Far .
We have looked at methods to provide privacy and integrity/authenticity separately:
Goal Data privacy Data integrity/authenticity Primitive symmetric encryption MA scheme/MAC Security notions IND-CPA, IND-CCA UF-CM

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Message Authentication
PRF as MAC
Suppose we have a secure PRF : 0,1 0,1
0,1 and suppose we only need to authenticate messages
of size , then consider the MAC associated with :

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Course Project
Course Project
Let me know your team (at most 2 students per project) and
your project topic by tomorrow (12th Mar.).
We will set up meetings this Wed-Fri and early

Errata: A Computational Introduction to Number Theory and Algebra
(Version 1)
Last updated: 11/10/2007.
Preface
p. xiii: Line 1. Insert a after also. [VS, 11/1/05]
Preliminaries
p. xv: Line 5. Replace (We shall reserve . . . ) by (We shall reserve the not

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Stream Ciphers: Indistinguishability Vs Unpredictability
Definition (, )-indistinguishable PRG): A function : 0,1 0,1 is
said to be (, )-secure Pseudorandom Generator if for all alg

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Administrative information
Course webpage:
www.cse.iitd.ac.in/~rjaiswal/2013/csl759
Evaluation components:
Minor 1 and 2 exams: 15% each
Homework (2 - 3): 20%
Project: 20%
Major e

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
CPA Security
Until now, we have seen encryption schemes that are secure in
some limited sense:
One-time encryption
Ciphertext-only adversary.
We would now like to transition to s

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Message Authentication
Message Integrity/Authenticity
Accept/Reject
,
Key exchange protocol
Cryptographic goals:
was sent by Alice and no one else.
was not modified during transi

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Block Ciphers
Block Ciphers: Introduction
Block ciphers work on blocks of message bits rather than a
stream of message bits.
Main Idea:
Suppose we encrypt in blocks of size .
Let

CSL759: Cryptography and Computer
Security
Ragesh Jaiswal
CSE, IIT Delhi
Hash Functions
Hash Functions: Introduction
A hash function is a map : 0,1 that is compressing,
i.e., > 2 .
Usually 2 and is small.
Example:
64
= 0,1 2 i.e., all binary strings o

Course Information
CSE 207 Modern Cryptography
Instructor: Mihir Bellare
Website: http:/cseweb.ucsd.edu/ mihir/cse207
1 / 56
Cryptography usage
Did you use any cryptography
today?
2 / 56
Cryptography usage
Did you use any cryptography
today?
over the l