We start today with a very, very short overview of what we've seen so far and where we are

going.

We started with an introduction lecture that was mixed of many different ideas, aspects,

things that need to be repeated.

And the basic introduction contents were looking at different building blocks and assumptions,

looking at different types of definitions, and looking at what type of proofs we are

considering.

And so we basically looked at public key encryption and key encapsulation mechanisms.

We looked at definitions of indistinguishability of ciphertexts under chosen ciphertext attacks

And we looked at reduction based proofs and game based definitions and all those things

are the things that we use here.

There are many alternatives to that, but for such an introduction or for such a cryptography

course I think it is very easy to use those types of definitions, consider those pretty

simple building blocks.

But as we will move through that course here we will see there are more complicated building

blocks, other types of definitions and those types of definitions we've seen already in

the second lecture.

And we might also see different types of proof techniques, but the most important ones that

we will see are reduction based proofs.

In the second lecture we have tried to understand what the system behind defining security is,

what the methodology is.

And the most important thing that you should take away from that lecture was that we can

proceed in five steps to come up with a good definition and those five steps are

First thing is syntax.

What is the syntax again?

Very good.

Second step?

Correctness.

So basically trying to understand what the functionality guarantees should be, but with

only honest execution environment, nothing is evil, nothing is malicious, we just look

at the functionality guarantees if we wouldn't need to care about any type of security, any

type of attacks.

The third step?

Which consists of?

Sorry?

Yeah.

So the capabilities of the adversary, exactly.

So we call this the adversary capabilities.

That means we try to understand if we place our adversary in the, this is what you basically

said, if we place an adversary in a malicious setting, what can the adversary control?

What can the adversary do?

How far can the adversary manipulate how the victims behave?

One thing that the adversary can for example do or what typically the victims can't do

by themselves is fully choose what the format of the messages look like.

So there is encoding that the victims can't choose and so we just give full power to the

adversary choosing what the messages look like.

Typically the adversary is sitting on a network, can see all the cyber attacks, can see all

the public keys, can see all public information but also can manipulate traffic which means

changing cyber attacks and seeing the reaction which means that we give the adversary typically

a decryption oracle.