The Foundations of Cryptography - Volume 1

Oded Goldreich


Cryptography is concerned with the construction of schemes that should maintain a desired functionality, even under malicious attempts aimed at making them deviate from it. The design of cryptographic systems has to be based on firm foundations; whereas ad-hoc approaches and heuristics are a very dangerous way to go. This work is aimed at presenting firm foundations for cryptography. The foundations of cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural ``security concerns''. The emphasis of the work is on the clarification of fundamental concepts and on demonstrating the feasibility of solving several central cryptographic problems. The current book is the first volume of this work, and it focuses on the main tools of Modern Cryptography: computational difficulty (one-way functions), pseudorandomness and zero-knowledge proofs. The next volume will focus on the main applications of Cryptography: encryption schemes, signature schemes and secure protocols.

ISBN 0-521-79172-3
Published in US in June 2001.
See purchase information.
Publisher: Cambridge University Press
(see the publisher's page for this volume).

This volume is part of the two-volume work Foundations of Cryptography (see Volume 2).
For a brief introduction to the Foundations of Cryptography, see surveys.
For further suggestions regarding teaching, see notes. A preliminary draft is available here.

This page includes the volume's preface, Teaching Tips, Table of Contents, answers to Frequently Asked Questions, and List of Corrections.


See preface to the entire work Foundations of Cryptography. We highlight the following points:

Preface to the current volume

The current (first) volume consists of an introductory chapter (Chapter 1), followed by chapters on computational difficulty (one-way functions), pseudorandomness and zero-knowledge proofs (Chapters 2-4, respectively). Also included are two appendices: one of them providing a brief summary of Volume 2. The high-level structure of the current volume is as follows:

Historical notes, suggestions for further reading, some open problems and some exercises are provided at the end of each chapter. The exercises are mostly designed to help and test the basic understanding of the main text, not to test or inspire creativity. The open problems are fairly well-known, still we recommend to check their current status (e.g., in this website).

Using this work

The work is aimed to serve both as a textbook and a reference text. That is, it is aimed at serving both the beginner and the expert. In order to achieve this aim, the presentation of the basic material is very detailed so to allow a typical CS-undergraduate to follow it. An advanced student (and certainly an expert) will find the pace (in these parts) way too slow. However, an attempt was made to allow the latter reader to easily skip details obvious to him/her. In particular, proofs are typically presented in a modular way. We start with a high-level sketch of the main ideas, and only later pass to the technical details. Passage from high-level descriptions to lower level details is typically marked by phrases such as details follow. More advanced material is typically presented at a faster pace and with less details. Thus, we hope that the attempt to satisfy a wide range of readers will not harm any of them.


(See also Teaching Notes.)

The material presented in this work is, on one hand, way beyond what one may want to cover in a course, and on the other hand falls very short of what one may want to know about Cryptography in general. To assist these conflicting needs we make a distinction between basic and advanced material, and provide suggestions for further reading (in the last section of each chapter). In particular, sections, subsections, and subsubsections marked by an asterisk (*) are intended for advanced reading.

Volumes 1 and 2 of this work are supposed to provide all material for a course on Foundations of Cryptography. For a one-semester course, the teacher will definitely need to skip all advanced material (marked by an asterisk) and maybe even some basic material: see suggestion below. This should allow, depending on the class, to cover the basic material at a reasonable level (i.e., cover all material marked as ``main'' and some of the ``optional''). Volumes 1 and 2 can also serve as textbook for a two-semester course. Either way, the current volume only covers the first half of the aforementioned material. The second half is covered in Volume 2.

Following is our suggestion for a one-semester course on Foundations of Cryptography. Each lecture consists of one hour. Lectures 1-15 are covered by the current volume. Lectures 16-28 will be covered by the second volume.

Giving a course solely based on the material that appears in the current volume is indeed possible, but such a course cannot be considered a stand-alone course in Cryptography (for the reason that the current volume does not consider at all the basic tasks of encryption and signatures).

Table of Contents


Chapter 1: Introduction

Chapter 2: Computational Difficulty Chapter 3: Pseudorandom Generators Chapter 4: Zero-Knowledge Proof Systems Appendix A: Background in Computational Number Theory Appendix B: Brief Outline of Volume 2 Bibliography (approximately 200 entries)

Index (approximately 500 entries)

Frequently Asked Questions

Is there a solution manual of this book? Unfortunately, the answer is negative, but we believe that the guidelines for the exercises provide sufficient clues.

When will Volume 2 appear? It has appeared, in Spring 2004.

Can Volume 1 (alone) be used for teaching? Yes, see teaching tips above. But this question seems less relevant today, since Volume 2 is available.

How does this volume relate to the book Modern Cryptography, Probabilistic Proofs and Pseudorandomness? The current volume is only remotely related to the former book, published in 1999 as part (i.e., Vol. 17) of the Algorithms and Combinatorics series of Springer: Chapter 1 of the Springer book provides a 30-page overview (or summary) to the entire work, which holds 350 pages in its current (first) volume only. Chapters 2 and 3 of the Springer book provide a wider perspective on Probabilistic Proof systems and Pseudorandomness, respectively. An extensive treatment of the Cryptographically-related aspects of these areas is provided in the current volume, but the interested reader may benefit from the wider perspective offered in the Springer book.

See also answers to other frequently asked questions.

List of Corrections

The following errors were corrected in Volume 2; for further details see Appendix C (of Volume 2) as well as a draft of the said appendix, Feb. 2003. The foregoing errors were corrected in Volume 2. More recent corrections and additions follow

Back to the top or to Oded Goldreich's homepage.