Boston University CAS CS 538: Fundamentals of Cryptography


The place to ask questions and collaborate: Piazza (hit "Q&A" button at the top if you can't see the Q&A)
Problem Set 1 Solutions
Problem Set 2 Solutions
Problem Set 3 Solutions
Problem Set 4 Solutions
Problem Set 5 Solutions
Problem Set 6 Solutions
Problem Set 7 Solutions
Problem Set 8 Solutions
Problem Set 9 Solutions
Final exam announcement and sample problems.

My Lecture Notes

The subject of Thu 10/25 lecture was key agreement, which is not in the lecture notes. A good introduction is in this paper by Krawczyk (read section 1, notation at the end of end section 2, and then sections 3 and 4).

Careful reductions between different notions of security for symmetric encryption and authentication are contained here.

Micali's Optimistic Fair Exchange paper, which shows how chosen ciphertext attack and chosen message attack are very realistic attack scenarios in a larger protocol

Good scribe notes on Zero-Knowledge are here.

Good scribe notes on Two-Party Computation are here.

Shamir's secret sharing is here A. Shamir, "How to Share a Secret," CACM 22(11), 1979 (to access the paper, you need to be coming from a BU IP address, so VPN to BU if you are not); a decent description is here; more details are here.

The lecture on delegation was based on this paper by Kilian and this paper by Micali.