The Joy of Cryptography - Max Fang's Notes

# The Joy of Cryptography Free undergraduate crypto textbook by [[Mike Rosulek]] Links: [[Cryptography]] **[[The Joy of Cryptography rev-2021-01-03.pdf]]** https://joyofcryptography.com/ https://joyofcryptography.com/pdf/book.pdf ## See also [[The Joy of Cryptography Exercises]] ## Table of Contents 0. [Review of Concepts & Notation](https://joyofcryptography.com/pdf/chap0.pdf) 1. [One-Time Pad](https://joyofcryptography.com/pdf/chap1.pdf) 2. [The Basics of Provable Security](https://joyofcryptography.com/pdf/chap2.pdf) 3. [Secret Sharing](https://joyofcryptography.com/pdf/chap3.pdf) 4. [Basing Cryptography on Intractable Computations](https://joyofcryptography.com/pdf/chap4.pdf) 5. [Pseudorandom Generators](https://joyofcryptography.com/pdf/chap5.pdf) 6. [Pseudorandom Functions & Block Ciphers](https://joyofcryptography.com/pdf/chap6.pdf) 7. [Security against Chosen Plaintext Attacks](https://joyofcryptography.com/pdf/chap7.pdf) 8. [Block Cipher Modes of Operation](https://joyofcryptography.com/pdf/chap8.pdf) 9. [Chosen Ciphertext Attacks](https://joyofcryptography.com/pdf/chap9.pdf) 10. [Message Authentication Codes](https://joyofcryptography.com/pdf/chap10.pdf) 11. [Hash Functions](https://joyofcryptography.com/pdf/chap11.pdf) 12. [Authenticated Encryption & AEAD](https://joyofcryptography.com/pdf/chap12.pdf) ☆ 13. [RSA & Digital Signatures](https://joyofcryptography.com/pdf/chap13.pdf) 14. [Diffie-Hellman Key Agreement](https://joyofcryptography.com/pdf/chap14.pdf) 15. [Public-Key Encryption](https://joyofcryptography.com/pdf/chap15.pdf) 16. [Index of security definitions](https://joyofcryptography.com/pdf/sec-defs.pdf) ## Sections to skim 0. [x] Review of Concepts & Notation 5. [ ] Pseudorandom Generators 6. [ ] Pseudorandom Functions & Block Ciphers 7. [ ] Security against Chosen Plaintext Attacks 8. [ ] Block Cipher Modes of Operation 9. [ ] Chosen Ciphertext Attacks 10. [ ] Message Authentication Codes 12. [ ] Authenticated Encryption & AEAD 13. [ ] RSA & Digital Signatures 15. [ ] Public-Key Encryption # Skim Notes ## 0. Review of Concepts & Notation ### 0.1 Logs and Exponents ![[Screen Shot 2022-02-06 at 12.43.08 AM.png]] ### 0.3 Strings ![[Screen Shot 2022-02-06 at 12.45.34 AM.png]] ### 0.4 Functions ![[Screen Shot 2022-02-06 at 12.47.24 AM.png]] ### 0.5 Probability #### Tips & Tricks Another trick is one I like to call setting breakpoints on the universe. Imagine stopping the universe at a point where some random choices have happened, and others have not yet happened. This is best illustrated by example: **Example** ![[Screen Shot 2022-02-06 at 12.58.44 AM.png]] ![[Screen Shot 2022-02-06 at 1.02.05 AM.png]] This technique of setting breakpoints is simple but powerful and frequently useful. Some other closely related tricks are: (1) postponing a random choice until the last possible moment, just before its result is used for the first time, and (2) switching the relative order of independent random choices. #### Precise Terminology ![[Screen Shot 2022-02-06 at 12.56.52 AM.png]] ### 0.6 Notation in Pseudocode ![[Screen Shot 2022-02-06 at 1.03.34 AM.png]] ## 1. One-Time Pad ### Kerckhoffs’ principle “Il faut qu’il n’exige pas le secret, et qu’il puisse sans inconvénient tomber entre les mains de l’ennemi.” **Literal translation**: "[The method] must not be required to be secret, and it must be able to fall into the enemy’s hands without causing inconvenience." **Bottom line**: Design your system to be secure even if the attacker has complete knowledge of all its algorithms. ### Construction ![[Screen Shot 2022-02-06 at 1.16.22 AM.png]] $c = k \oplus m$ ## 2. The Basics of Provable Security ### "Real vs Random" style of security definition ![[Screenshot_20220206-033744_Drive.jpg]] ![[Screenshot_20220206-034611_Drive.jpg]] ### "Left vs Right" style of security definition ![[Screenshot_20220206-035006_Drive.jpg]] Formalization: ![[Screenshot_20220206-035119_Drive.jpg]] ![[Screenshot_20220206-035302_Drive.jpg]] Example: ![[Screen Shot 2022-02-06 at 11.14.26 PM.png]] Recurring theme: > If these two implementations have the same effect on all calling programs, then we would say that the protocol satisfies this security property ### Def 2.3: Library ![[Screen Shot 2022-02-06 at 11.15.52 PM.png]] ### Def 2.4: Interchangeable ![[Screen Shot 2022-02-06 at 11.17.58 PM.png]] ![[Screen Shot 2022-02-07 at 12.11.51 AM.png]]