[PUBLISHER] upload files #171

* PUSH NOTE : 9. Public Key Encryption.md

* PUSH NOTE : 3. Symmetric Key Encryption.md

* PUSH ATTACHMENT : is-03-ecb-encryption.png

* PUSH ATTACHMENT : is-03-cbc-encryption.png

* PUSH ATTACHMENT : is-03-ctr-encryption.png

* PUSH NOTE : 07. Public Key Cryptography.md

* PUSH NOTE : 7. Key Exchange.md

* PUSH NOTE : 03. Symmetric Key Cryptography (2).md

* PUSH NOTE : 5. CCA-Security and Authenticated Encryption.md

* PUSH NOTE : 6. Hash Functions.md

* DELETE FILE : _posts/lecture-notes/internet-security/2023-10-03-key-exchange.md

* DELETE FILE : _posts/lecture-notes/modern-cryptography/2023-09-18-symmetric-key-cryptography-2.md

* DELETE FILE : assets/img/posts/lecture-notes/modern-cryptography/is-03-cbc-encryption.png

* DELETE FILE : assets/img/posts/lecture-notes/modern-cryptography/is-03-ctr-encryption.png

* DELETE FILE : assets/img/posts/lecture-notes/modern-cryptography/is-03-ecb-encryption.png

_posts/lecture-notes/internet-security/2023-10-09-public-key-cryptography.md

@@ -15,7 +15,7 @@ date: 2023-10-09
 github_title: 2023-10-09-public-key-cryptography
 ---
 
-In symmetric key cryptography, we have a problem with key sharing and management. More info in the first few paragraphs of [Key Exchange (Modern Cryptography)](../../modern-cryptography/2023-10-03-key-exchange).
+In symmetric key cryptography, we have a problem with key sharing and management. More info in the first few paragraphs of [Key Exchange (Modern Cryptography)](../modern-cryptography/2023-10-03-key-exchange.md).
 
 ## Public Key Cryptography
 
@@ -32,7 +32,7 @@ These keys are created to be used in **trapdoor one-way functions**.
 
 A **one-way function** is a function that is easy to compute, but hard to compute the pre-image of any output. Here are some common examples.
 
-- *Cryptographic hash functions*: [Hash Functions (Modern Cryptography)](../../modern-cryptography/2023-09-28-hash-functions/#collision-resistance).
+- *Cryptographic hash functions*: [Hash Functions (Modern Cryptography)](../modern-cryptography/2023-09-28-hash-functions.md#collision-resistance).
 - *Factoring a large integer*: It is easy to multiply to integers even if they're large, but factoring is very hard.
 - *Discrete logarithm problem*: It is easy to exponentiate a number, but it is hard to find the discrete logarithm.
 
@@ -80,14 +80,14 @@ But a problem still remains. How does one verify that this key is indeed from th
 
 ## Diffie-Hellman Key Exchange
 
-Choose a large prime $p$ and a generator $g$ of $\mathbb{Z}_p^{ * }$. The description of $g$ and $p$ will be known to the public.
+Choose a large prime $p$ and a generator $g$ of $\mathbb{Z}_p^\ast$. The description of $g$ and $p$ will be known to the public.
 
-> 1. Alice chooses some $x \in \mathbb{Z}_p^{ * }$ and sends $g^x \bmod p$ to Bob.
-> 2. Bob chooses some $y \in \mathbb{Z}_p^{ * }$ and sends $g^y \bmod p$ to Alice.
+> 1. Alice chooses some $x \in \mathbb{Z}_p^\ast$ and sends $g^x \bmod p$ to Bob.
+> 2. Bob chooses some $y \in \mathbb{Z}_p^\ast$ and sends $g^y \bmod p$ to Alice.
 > 3. Alice and Bob calculate $g^{xy} \bmod p$ separately.
 > 4. Eve can see $g^x \bmod p$, $g^y \bmod p$ but cannot calculate $g^{xy} \bmod p$.
 
-Refer to [Diffie-Hellman Key Exchange (Modern Cryptography)](../../modern-cryptography/2023-10-03-key-exchange/#diffie-hellman-key-exchange-(dhke)).
+Refer to [Diffie-Hellman Key Exchange (Modern Cryptography)](../modern-cryptography/2023-10-03-key-exchange.md#diffie-hellman-key-exchange-(dhke)).
 
 ## Message Integrity
 

_posts/lecture-notes/modern-cryptography/2023-09-19-symmetric-key-encryption.md

@@ -128,11 +128,11 @@ We learned how to encrypt a single block. How do we encrypt longer messages with
 
 There are many ways of processing multiple blocks, this is called the **mode of operation**.
 
-Additional explanation available in [Modes of Operations (Internet Security)](../../internet-security/2023-09-18-symmetric-key-cryptography-2/#modes-of-operations).
+Additional explanation available in [Modes of Operations (Internet Security)](../internet-security/2023-09-18-symmetric-key-cryptography-2.md#modes-of-operations).
 
 ### Electronic Codebook Mode (ECB)
 
-![is-03-ecb-encryption.png](../../../assets/img/posts/lecture-notes/internet-security/is-03-ecb-encryption.png)
+![is-03-ecb-encryption.png](../../../assets/img/posts/lecture-notes/modern-cryptography/is-03-ecb-encryption.png)
 
 - ECB mode encrypts each block with the same key.
 - Blocks are independent of each other.
@@ -140,7 +140,7 @@ Additional explanation available in [Modes of Operations (Internet Security)](..
 
 ### Ciphertext Block Chain Mode (CBC)
 
-![is-03-cbc-encryption.png](../../../assets/img/posts/lecture-notes/internet-security/is-03-cbc-encryption.png)
+![is-03-cbc-encryption.png](../../../assets/img/posts/lecture-notes/modern-cryptography/is-03-cbc-encryption.png)
 
 Let $X = \left\lbrace 0, 1 \right\rbrace^n$ and $E : \mathcal{K} \times X \rightarrow X$ be a **PRP**.
 
@@ -191,7 +191,7 @@ Note that if $k_1$ is the same as the key used for encrypting messages, then thi
 
 ### Counter Mode (CTR)
 
-![is-03-ctr-encryption.png](../../../assets/img/posts/lecture-notes/internet-security/is-03-ctr-encryption.png)
+![is-03-ctr-encryption.png](../../../assets/img/posts/lecture-notes/modern-cryptography/is-03-ctr-encryption.png)
 
 Let $F : \mathcal{K} \times X \rightarrow X$ be a secure **PRF**.
 

_posts/lecture-notes/modern-cryptography/2023-10-19-public-key-encryption.md

@@ -14,9 +14,9 @@ title: 9. Public Key Encryption
 date: 2023-10-19
 github_title: 2023-10-19-public-key-encryption
 image:
-  path: assets/img/posts/Lecture Notes/Modern Cryptography/mc-09-ss-pke.png
+  path: assets/img/posts/lecture-notes/modern-cryptography/mc-09-ss-pke.png
 attachment:
-  folder: assets/img/posts/Lecture Notes/Modern Cryptography
+  folder: assets/img/posts/lecture-notes/modern-cryptography
 ---
 
 In symmetric encryption, we assumed that the two parties had a shared key in advance. If the two parties do not have a shared key, **public-key encryption** can be used to encrypt messages.
@@ -45,7 +45,7 @@ Public key $pk$ will be publicized. After Alice obtains $pk$, she can use it to
 
 The following notion of security is only for an eavesdropping adversary.
 
-![mc-09-ss-pke.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-09-ss-pke.png)
+![mc-09-ss-pke.png](../../../assets/img/posts/lecture-notes/modern-cryptography/mc-09-ss-pke.png)
 
 > **Definition.** Let $\mc{E} = (G, E, D)$ be a public key encryption scheme defined over $(\mc{M}, \mc{C})$. For an adversary $\mc{A}$, we define two experiments.
 >
@@ -69,7 +69,7 @@ Note that $pk$ is sent to the adversary, and adversary can encrypt any message!
 
 For symmetric ciphers, semantic security (one-time) did not guarantee CPA security (many-time). But in public key encryption, semantic security implies CPA security. This is because *the attacker can encrypt any message using the public key*.
 
-First, we check the definition of CPA security for public key encryption. It is similar to that of symmetric ciphers, compare with [CPA Security for symmetric key encryption (Modern Cryptography)](../2023-09-19-symmetric-key-encryption/#cpa-security).
+First, we check the definition of CPA security for public key encryption. It is similar to that of symmetric ciphers, compare with [CPA Security for symmetric key encryption (Modern Cryptography)](./2023-09-19-symmetric-key-encryption.md#cpa-security).
 
 > **Definition.** For a given public-key encryption scheme $\mc{E} = (G, E, D)$ defined over $(\mc{M}, \mc{C})$ and given an adversary $\mc{A}$, define experiments 0 and 1.
 >
@@ -141,7 +141,7 @@ $$
 
 ## CCA Security for Public Key Encryption
 
-We also define CCA security for public key encryption, which models a wide spectrum of real-world attacks. The definition is also very similar to that of symmetric ciphers, compare with [CCA security for symmetric ciphers (Modern Cryptography)](../2023-09-26-cca-security-authenticated-encryption/#cca-security).
+We also define CCA security for public key encryption, which models a wide spectrum of real-world attacks. The definition is also very similar to that of symmetric ciphers, compare with [CCA security for symmetric ciphers (Modern Cryptography)](./2023-09-26-cca-security-authenticated-encryption.md#cca-security).
 
 > **Definition.** Let $\mc{E} = (G, E, D)$ be a public-key encryption scheme over $(\mc{M}, \mc{C})$. Given an adversary $\mc{A}$, define experiments $0$ and $1$.
 >
@@ -151,9 +151,9 @@ We also define CCA security for public key encryption, which models a wide spect
 > 	- *Encryption*: Send $(m_{i_,0}, m_{i, 1})$ and receive $c'_i \la E(pk, m_{i, b})$.
 > 	- *Decryption*: Send $c_i$ and receive $m'_i \la D(sk, c_i)$.
 > 	- Note that $\mc{A}$ is not allowed to make a decryption query for any $c_i'$.
-> 3. $\mc{A}$ outputs a pair of messages $(m_0^ * , m_1^*)$.
-> 4. The challenger generates $c^* \la E(pk, m_b^*)$ and gives it to $\mc{A}$.
-> 5. $\mc{A}$ is allowed to keep making queries, but not allowed to make a decryption query for $c^*$.
+> 3. $\mc{A}$ outputs a pair of messages $(m_0^\ast , m_1^\ast)$.
+> 4. The challenger generates $c^\ast \la E(pk, m_b^\ast)$ and gives it to $\mc{A}$.
+> 5. $\mc{A}$ is allowed to keep making queries, but not allowed to make a decryption query for $c^\ast$.
 > 6. The adversary computes and outputs a bit $b' \in \left\lbrace 0, 1 \right\rbrace$.
 >
 > Let $W_b$ be the event that $\mc{A}$ outputs $1$ in experiment $b$. Then the **CCA advantage with respect to $\mc{E}$** is defined as
@@ -176,7 +176,7 @@ Similarly, 1CCA security implies CCA security, as in the above theorem. So to sh
 
 ### Active Adversaries in Symmetric vs Public Key
 
-In symmetric key encryption, we studied [authenticated encryption (AE)](../2023-09-26-cca-security-authenticated-encryption/#authenticated-encryption-(ae)), which required the scheme to be CPA secure and provide ciphertext integrity. In symmetric key settings, AE implied CCA.
+In symmetric key encryption, we studied [authenticated encryption (AE)](./2023-09-26-cca-security-authenticated-encryption.md#authenticated-encryption-(ae)), which required the scheme to be CPA secure and provide ciphertext integrity. In symmetric key settings, AE implied CCA.
 
 However in public-key schemes, adversaries can always create new ciphertexts using the public key, which makes the original definition of ciphertext integrity unusable. Thus we directly require CCA security.