Welcome back.

So now you probably have already seen the first lecture of the class Privacy Preserving

Cryptocurrencies.

In the first class, we started with the introduction of the underlying mathematical properties

that we require.

In particular, we discussed about groups and groups that have a specific structure.

So now we are ready to start with crypto.

What are we doing in this class?

Well, we're reviewing the basic stuff in crypto that you might have already heard about.

So first of all, we will discuss basic primitives such as pseudorandom functions and public

encryption schemes and digital hash functions.

We will also recall the underlying hardness assumptions that we're using quite often

in the case or in the area of public key crypto.

In particular, we will discuss the discrete logarithm assumption, the computational Defeat

Admin Assumption, and the decision Admin Assumption.

Furthermore, we will recall the factoring assumption and the RSA assumption.

So these are really the foundation or the basics that we require in this class.

In the upcoming lectures, we will continue building up our foundations that we need.

So this is just the very beginning.

So thanks for watching.

So the first thing we're going to discuss and recall from prior lectures is essentially

or are essentially the principles of modern cryptography.

One of the main things when crypto moved from the art to the science was the introduction

of a certain formalization and the understanding of what the principles of modern crypto actually

are.

So this is just a brief recall and introduction.

In case you want to hear a little bit more about it, I encourage you to take a look at

the introduction to modern cryptography class.

So at the very beginning, the principles consist of three points.

And the first one, of course, are formal definitions.

And formal definitions are actually very important to formally understand the security guarantees.

And this is important to make sure that everybody understands, well, has the same understanding.

Therefore, it's important to formally define what are the capabilities of the adversary,

what are the interfaces the adversary can interact with, and also what are the formal

security guarantees that are given.

So two things, the security guarantees and also the precise formalization of the threat

model.

And building these threat models in general is something that is extremely challenging.

When you start working on it, you think, well, that's not that hard.

If you think, for example, of the case of an encryption scheme, you say, well, the cipher

text should not reveal any information.

But once you start thinking about what this actually means, then you realize this is way

more hard than you expect.

Is the adversary allowed to see cipher texts?

Is he allowed to see them adaptively?

Can he choose the messages in the learning stage?

Yes or no?

Can you also ask for the decryption of messages?

So you see that with a relatively simple cryptographic primitive such as encryption, understanding

such a model is extremely difficult.