- Fundamentals of Crypto Theory:
- One-way functions: This is the fundamental concept of functions which are easy to compute but hard to invert. We will show how to construct them from number theoretical assumptions. We will see that one-wayness is necessary for many crypto objects, like encryption, signature, key agreement.
- Hard-core bits: Just because some value is hard to compute, it doesn't mean that all bits of that value are hard to compute. This is important, because if you encrypt something, you need to know not just that the message is hard to compute by the eavesdropper, but that every bit in the message is hard to compute (because maybe the attacker cares about this one bit, which encodes for example whether someone is depositing or withdrawing his money). We show a fundamental result of cryptography that one-wayness implies hard-core bits.
- Pseudorandom generators: the fundamental concept of pseudorandomness, its applications, and constructions (from hard-core bits).
- Pseudorandom functions: Constructions (from pseudorandom generators), applications.
- Symmetric cryptography: We will break from the above chain of increasingly more complex cryptographic objects, and we will map these concepts to the world of symmetric cryptography. We will substitute here a number-theoretical assumptions of hardness with various assumptions on the basic building blocks of symmetric crypto, but we will show that the same approach to the provably secure design applies here. The topics will include:
- Construction of one-way permutation from one-way function
- Accumulation of "hardness" in rounds of block ciphers
- Cascade construction of pseudorandom functions
- Collision-resistance, construction of secure message message authentication codes
- Construction of secure symmetric encryption
- Assymetric cryptography:
- Signature schemes: definitions, constructions from general assumptions (assuming one-way functions)
- Public key encryption: definitions, constructions
- The so-called "Random Oracle Model" model for analysis of security: Bridging the efficiency gap between assymetric and symmetric cryptography:
- constructions (pseudorandom generators, pseudorandom functions, signatures, encryption schemes)
- limitations (impossibility results)
- Time permitting, in the few last lectures we will review some advanced topics:
- more efficient constructions (signatures, encryption, pseudorandom functions), from stronger number theoretic assumptions (decisional assumptions, strong RSA)
- zero-knowledge protocols
- commitment schemes
- multi-party computation
- composable security
- homomorphic encryption schemes

Last modified: 01 Dec 2003