It is indeed possible for $F(x)$ to leak a lot of information about $x$ even if $F$ is one-way.

The hardcore predicate $B(x)$ represent the specific piece of information about $x$ which is hard to compute given $F(x)$.

Topics Covered:

• Definition of one-way functions (OWF)
• Definition of hardcore bit/predicate (HCB)
• One-way permutations → PRG.
  (In fact, one-way functions → PRG, but that’s a much harder theorem.)
• Goldreich-Levin Theorem: every OWF has a HCB.
  (Proof for an important special case.)

Topics covered:

• Groups, Order of a group and the Order of an element, Cyclic Groups.
• The Multiplicative Group $\mathbb{Z}_N^*$ and $\mathbb{Z}_P^*$ for a prime $P$.
• Generators of $\mathbb{Z}_P^*$.
• Primes, Primality Testing.
• The Discrete Logarithm (DLOG) problem and a candidate OWF.
• Diffie-Hellman assumptions: DDH and CDH.

Topics covered:

• Applications of PRFs

Note: The second half of Lecture 5, Number Theory, is contained in Lecture 6.

Topics:

• Stateless Secret-key Encryption with PRF.
• The Goldreich-Goldwasser-Micali (GGM) PRF construction.

Topics:

• The Hybrid Argument.
• An application: PRG length extension.
• The notion of pseudorandom functions: Definition, motivation, discussion and comparison with PRGs.
• PRG implies (stateful) secret-key encryption.
• PRFs imply (stateless) secret-key encryption.

Science wins either way.

Topics:

• How to circumvent Shannon’s lower bound: the computational adversary
• Definition of computational security
• The definition of pseudorandom generators(PRG)

Everything you’ve ever wanted is on the other side of fear.

Topics:

• Introduction to cryptography
• Secure Communication and Shannon’s definitions of perfect secrecy
• Perfect Indistinguishability definitions.
• The One-time pad construction
• Shannon’s lower bound.

上一节介绍了基于PRFs的MAC构造和基于随机的MAC：

本节我们将介绍抗碰撞的MAC(MACs from collision resistance)。

第一部分介绍了什么是抗碰撞 (Collision Resistance)，以及基于C.R.的MAC的安全性。

第二部分介绍了生日悖论，如何用生日攻击寻找2-way collision 和3-way collision.

第三部分介绍了Merkle-Damgarg范式（如果压缩函数h是C.R.，那么构造出的哈希函数H就是C.R.）以及如何构建C.R.的压缩函数（Davies-Meyer压缩函数).

最后一部分介绍了HMAC (Hash MAC)和一种针对MAC验证的timing attack and defense.

在密码学中，有限域中的运算性能极大影响密码协议的实现。

如果有限域选择梅森素数，得益于它的优良性质，可以极大提高运算效率，特别是有限域下的模运算、乘法操作。

于是近日学习了梅森素数的相关性质，以及如何约减梅森素数域下模运算和乘法运算。

• [Mersenne Prime]

这篇文章主要介绍消息验证码，即MAC (Message Auth. Code)。

文章首先介绍了secure MAC的模型和安全定义，当攻击者能伪造出新的msg/tag对时，MAC就不再安全。

文章的第二部分介绍了基于PRF的MAC构造，根据相关定理，只要PRF的输出空间足够大，且这是一个安全的PRF，则基于PRF的MAC就是安全的。

但基于PRF的MAC只能计算固定消息大小的MAC，如何利用这个工具构造出更大消息空间的MAC？

文章后半部分给出了一些主流的MAC构造：

• 串行构造：CBC-MAC、NMAC、CMAC
• 并行构造：PMAC、HMAC（下一篇文章）
• 基于one-time MAC: CW MAC

此外，文章还介绍了MAC Padding技术。