August 28th, 2007.

Introduction to cryptography. The coin flipping protocol
based on a commitment scheme. How Alice  and Bob can cheat if the
hiding or binding property of the commitment fails. The
protocol produces an unbiased coin if one player is honestly 
following the protocol specification. Provable security.
Relation to computational complexity. The importance
of the notion of reduction in cryptography. Math overview:
number theory and algebra. The birthday paradox.
The Chinese remainder theorem.

September 4th, 2007.

Math overview: probability. Bounds for probability
distributions. Chernoff bounds. The majority argument
to decide a faulty oracle. Statistical Distance. 
Distinguishers and the optimal distinguisher for a given
pair of probability distributions. Symmetric key
cryptography and key-exchange. The Diffie Hellman key
exchange. The discrete logarithm problem. 

September 11th, 2007.

The Diffie Hellman Key-Exchange. How to define
security in key-exchange protocols against passive
adversaries (eavesdroppers). The Diffie-Hellman Assumption
(Decisional version - aka DDH). Choosing good parameters: how
to solve the discrete logarithm problem in a subgroup
with ``smooth'' order. Proving the DH key-exchange secure
against passive adversaries under the DDH.

September 18, 2007

Revisiting the security model for passive adversaries in the
Diffie-Hellman Key exchange. Key-agreement and the issue of
key-uniformity. Are all bits of the exchanged value suitable for
defining a uniformly distributed key? how to extract the randomness
from the exchanged value. We showed that under the DDH, an adversary
can guess no predicate with probability better than its ``gamma value.''
How an active adversary can break the key-exchange by performing a
man-in-the middle attack.

September 25, 2007

Digital signatures. Requirements: defining adaptive chosen message
forgery attacks. The RSA digital signature with a full-domain hash.
 The Random oracle model. We proved that the RSA digital signature is secure
in the random oracle model under the assumption that finding e-th roots
is hard over Z*n.  We observed the loss of tightness in the reduction.

October 2.
Zero-knowledge proofs. Physical real-world examples. Modeling the
primitive : copmleteness, soundness and the zero-knowledge property.
Schnorr identification proof of knowledge of the discrete logarithm.
The Schnorr protocol satisfies soundness. Good and Super-good elements
and rewinding arguments for soundness. The honest verifier zero-knowledge
case.

October 9
Achieving zero-knowledge against malicious verifiers.
Non-interactive zero-knowledge proofs. And and OR composition
of zero-knowledge protocols. Zero-knowledge proof for any
NP language. Public-key encryption and IND-CPA security.