The topics of the course will revolve around basing cryptography on
imperfect randomness. Indeed, in many situations we do not have
perfect randomness, and are forced to deal with weaker * imperfect*
random sources. The main question we address is whether it is possible
to do Cryptography from imperfect randomness. As we will see, there
are many types of imperfect sources, and also many application
scenarios which make the answer to this question somewhat
different. For example, in some case we have ``local randomness'' and
in other we don't, in some cases we must also deal with
error-correction (i.e., biometrics) or local computability (i.e.,
bounded storage model). In yet other cases, randomness extraction is
not needed to get good randomness, but only as a convenient tool to
argue privacy.

Tentative topics include:

- types of imperfect sources (Markov chains, bit-fixing, SV, weak, etc.)
- deterministic extraction: possibility and impossibility
- (probabilistic) randomness extractors
- leftover hash lemma and its variants
- extraction from multiple independent weak sources
- cryptography from biometrics and other noisy data (fuzzy extractor, secure sketches).
- entropic security and its applications
- exposure-resilient functions and all-or-nothing transforms
- perfect one-way hash functions
- bounded storage model
- cryptography without perfect randomness? possibility and impossibility
- ``cryptographic'' sources of randomness (for encryption, etc.)
- derandomization (if time permits)
- verifiable random functions and permutations (if time permits)
- random oracle model (if times permits)