**Lecture 1 (9/3)**We started with an introduction to class and to the setting of physical attacks in cryptography. We studied two concrete physical attacks on the RSA cryptosystem: A timing attack and a fault induction attack, both exploiting the implementation of modular exponentiation in the RSA decryption algorithm. Then we switched gears to an introduction to modern cryptography and computational security. We discussed two relaxations of computational over perfect security: Security is only preserved against efficient adversaries and adversaries are allowed to succeed with very small probability. We discussed the "reduction" proof technique, pseudorandomness and pseudorandom generators. Notes for Lecture 1.

References:- Dan Boneh. "Twenty years of attacks on the RSA cryptosystem." NOTICES OF THE AMS, 46:203-213, 1999.
- Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. "On the importance of eliminating errors in cryptographic computations." J. Cryptology, 14(2):101-119, 2001.
- Paul C. Kocher. "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems." In CRYPTO, pages 104-113, 1996.
- Introduction to Modern Cryptography, Chapter 3.

**Lecture 2 (9/10)**In this lecture we covered various aspects of symmetric key encryption. We first discussed the most basic symmetric key encryption scheme---the "one-time pad." Then, we gave a formal definition of symmetric key encryption and studied several levels of security: security against a single-message eavesdropping attack, security against multiple-message eavesdropping attacks and security against chosen plaintext attacks (CPA). We discussed pseudorandom generators (PRGs) and pseudorandom functions (PRFs) and we showed how to construct symmetric key encryption schemes with security against eavesdropping and CPA adversaries from pseudorandom generators and pseudorandom functions, respectively. We discussed stream ciphers and their relationship to constructing symmetric key encryption secure against eavesdropping attacks. Notes for Lecture 2.

References:- Introduction to Modern Cryptography, Chapter 3.

**Lecture 3 (9/17)**We first finished the proof of security for the construction of CPA-secure symmetric key encryption from PRF and briefly discussed block-ciphers. Then we introduced the primitive of public key encryption and discussed CPA security for public key encryption schemes. We compared and contrasted public and secret key encryption and their corresponding notions of security. Next, we introduced the primitive of digital signatures and discussed the standard notion of security for digital signatures, known as existential unforgeability under adaptive chosen-message attacks. We discussed Lamports construction of one-time signatures from one-way functions and a construction of many-time signature schemes from one-time signature schemes and collision-resisistant hash functions (CRHF). Notes for Lecture 3.

References:- Introduction to Modern Cryptography, Chapter 3, 10, 12.
- Lecture notes from Rafael Pass's Crypto class.