



Cryptography WS 2016/2017





Expected previous knowledge
You should have a rough idea of the definition of the following terms:
 group, field, modular arithmetic
 discrete probability space, uniform distribution, random variable, stochastic independence, event, conditional probability,
 Turing machine, nondeterminism, polynomial time, P, NP
Preliminary outline
 Theoretical foundations of cryptography
 Perfect secrecy
 Computational security (w.r.t. probabilistic polynomialtime adversaries)
 Attacks: eavesdropping, chosenplaintext (CPA), chosenciphertext (CCA1/2)
 Cryptographic primitives:
 Pseudorandomness: Generators (PRG), functions (PRF), (strong) permutations (PRP) as abstractions of secure blockciphers
 Oneway functions (OWF) and permutations (OWP) (with trapdoor information (TDP))
 Cryptographic hash functions: collision resistance, MerkleDamgård construction, Sponge construction (Keccak/SHA3), birthday paradox
 Relations between cryptographic primitives
 Relation to complexity theory (P vs NP)
 Privatekey encryption and messageauthentication codes (MACs)
 Blockciphers (''practical PRFs/PRPs'')
 DES, AES
 Construction principles underlying blockciphers: Feistel networks, substitutionpermutation networks
 Construction of secure encryption schemes from PRFs/PRPs
 Modes of operation: randomizedcounter (rCTR) mode, outputfeedback (OFB) mode, cipherblockchaining (CBC) mode
 Tweakable blockciphers: XEXmode
 Construction of secure MACs from PRFs
 Domainextension of PRFs, NMAC, HMAC
 Publickey encryption and signatures
 Algebraic and number theoretical foundations
 Factoring and the RSA problem, trapdoor oneway permutations
 Discrete logarithm and the computational and decisional DiffieHellman (CDH/DDH) problems, elliptic curves
 DiffieHellman key exchange
 Publickey encryption schemes:
 Based on the RSA problem: RSA PKCS #1 v1.5, RSAOAEP
 Based on the DDH problem: El Gamal, hashed DiffieHellman
 Hybrid encryption: DiffieHellman key exchange as keyencapsulating mechanism (KEM)
 (Lattice based)
 Digital signature schemes:
 Related to the RSA problem: RSAFDH, RSAPSS
 Related to the discrete logarithm: El Gamal's signature scheme, DSA
