tailieunhanh - Lecture Notes on Cryptography

Using shared secret keys, it is possible to calculate Integrity check values from a message to achieve integrity. The integrity check value should depend on all bits of the plaintext. Should any bits of the message be changed between the sender and recipient, the recipient would calculate a different integrity check value. An adversary modifying a message might as well modify the check value too, but without knowledge of the secret key she cannot duplicate the correct in- tegrity check value. If the receiver correctly verifies the integrity check value, she knows the message was generated by someone who knew the key. . | Lecture Notes on Cryptography Shafi Goldwasser1 Mihir Bellare2 August 2001 1 MIT Laboratory of Computer Science 545 Technology Square Cambridge MA 02139 USA. Email shafi@ Web page http shafi 2 Department of Computer Science and Engineering Mail Code 0114 University of California at San Diego 9500 Gilman Drive La Jolla CA 92093 USA. E-mail mihir@ Web page http users mihir Foreword This is a set of lecture notes on cryptography compiled for a one week long course on cryptography taught at MIT by Shah Goldwasser and Mihir Bellare in the summers of 1996-2001. The notes were formed by merging notes written for Shah Goldwasser s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare s Cryptography and network security course at UCSD. In addition Rosario Gennaro as Teaching Assistant for the course in 1996 contributed Section Section Section and Appendix D to the notes and also compiled from various sources some of the problems in Appendix E. Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2 3 and 7 is a result of scribe notes originally taken by MIT graduate students who attended Professor Goldwasser s Cryptography and Cryptanalysis course over the years and later edited by Frank D Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography by R. Rivest in the Handbook of Theoretical Computer Science. Chapters 4 5 6 8 and 10 and Sections and were written by Professor Bellare for his Cryptography and network security course at UCSD. All rights reserved. Shah Goldwasser and Mihir Bellare Cambridge Massachusetts August 2001. 2 .