|
Decisional Linear Assumption
The Decision Linear (DLIN) assumption is a computational hardness assumption used in elliptic curve cryptography. In particular, the DLIN assumption is useful in settings where the decisional Diffie–Hellman assumption does not hold (as is often the case in pairing-based cryptography). The Decision Linear assumption was introduced by Boneh, Boyen, and Shacham.Dan Boneh, Xavier Boyen, Hovav ShachamShort Group Signatures CRYPTO 2004: 41–55 Informally the DLIN assumption states that given (u, \, v, \, h, \, u^x, \, v^y), with u, \, v, \, h random group elements and x, \, y random exponents, it is hard to distinguish h^ from an independent random group element \eta. Motivation In symmetric pairing-based cryptography the group G is equipped with a pairing e :G \times G \to T which is bilinear. This map gives an efficient algorithm to solve the decisional Diffie-Hellman problem. Given input (g, \, g^a, \, g^b, \, h), it is easy to check if h is equal to g^. This follows by ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computational Hardness Assumption
In computational complexity theory, a computational hardness assumption is the hypothesis that a particular problem cannot be solved efficiently (where ''efficiently'' typically means "in polynomial time"). It is not known how to prove (unconditional) hardness for essentially any useful problem. Instead, computer scientists rely on reductions to formally relate the hardness of a new or complicated problem to a computational hardness assumption about a problem that is better-understood. Computational hardness assumptions are of particular importance in cryptography. A major goal in cryptography is to create cryptographic primitives with provable security. In some cases, cryptographic protocols are found to have information theoretic security; the one-time pad is a common example. However, information theoretic security cannot always be achieved; in such cases, cryptographers fall back to computational security. Roughly speaking, this means that these systems are secure ''assuming th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Provable Security
Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields. Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabilities of the attacker are defined by an adversarial model (also referred to as attacker model): the aim of the proof is to show that the attacker must solve the underlying hard problem in order to break the security of the modelled system. Such a proof generally does not consider side-channel attacks or other implementation-specific attacks, because they are usually impossible to model without implementing the system (and thus, the proof only applies to this implementation). Outside of cryptography, the term is often used in conjunction with secure coding and security by design, both of which can rely on proofs to show the security of a particular approach. As with the cryptographic setting, this involves an attacker model and a model of th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Non-interactive Zero-knowledge Proof
Non-interactive zero-knowledge proofs are zero-knowledge proofs where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the transaction itself. This function of encryption makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries. The core trustless cryptography "proofing" involves a hash function generation of a random number, constrained within mathematical parameters (primarily to modulate hashing difficulties) determined by the prover and verifier. With this cryptographic engine, the prover must demonstrate the validity of the transaction, by solving the hash of a random number. Finally, proof of the answer is returned to the verifier, without revealing its value. There are many different methods for establishing a cryptographic proof of hash validity. Perhaps the most notable method, proof of work, involves computing the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Attribute-based Encryption
Attribute-based encryption is a type of public-key encryption in which the secret key of a user and the ciphertext are dependent upon attributes (e.g. the country in which they live, or the kind of subscription they have). In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext. A crucial security aspect of attribute-based encryption is collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access. History The concept of attribute-based encryption was first proposed by Amit Sahai and Brent Waters and later by Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters.Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data ACM CCS (2006)' Recently, several researchers have further proposed attribute-based encryption with multiple authorities w ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Brent Waters
Brent R. Waters is an American computer scientist, specializing in cryptography and computer security. He is currently a professor of Computer Science at the University of Texas at Austin. Career Waters attended the University of California, Los Angeles, where he graduated in 2000 with a BS in computer science. He earned a PhD in computer science from Princeton University in 2004. Waters completed his post-doctoral work at Stanford University from 2004 to 2005, hosted by Dan Boneh, and then worked at SRI International as a computer scientist until 2008. In 2008, he joined the University of Texas at Austin, where he currently holds the title of Professor in the Department of Computer Science. In July 2019, he joined NTT Research to work in their Cryptography and Information Security (CIS) Laboratory. In 2005, Waters first proposed the concepts of attribute-based encryption and functional encryption with Amit Sahai. Awards Waters was awarded the Sloan Research Fellowship in 2010 ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Naor–Reingold Pseudorandom Function
In 1997, Moni Naor and Omer Reingold described efficient constructions for various cryptographic primitives in private key as well as public-key cryptography. Their result is the construction of an efficient pseudorandom function. Let ''p'' and ''l'' be prime numbers with ''l'' , ''p''−1. Select an element ''g'' ∈ ^* of multiplicative order ''l''. Then for each ''(n+1)''-dimensional vector ''a'' = (''a''''0'''',a''''1'', ..., ''a''''n'')∈ (\mathbb F_)^ they define the function :f_(x) = g^ \in \mathbb F_p where ''x'' = ''x''''1'' ... ''x''''n'' is the bit representation of integer ''x'', 0 ≤ ''x'' ≤ 2''n''−1, with some extra leading zeros if necessary. Example Let ''p'' = 7 and ''l'' = 3; so ''l'' , ''p''−1. Select ''g'' = 4 ∈ ^* of multiplicative order 3 (since 43 = 64 ≡ 1 mod 7). For ''n'' = 3, ''a'' = (1, 1, 2, 1) and ''x'' = 5 (the bit representation of 5 is 101), we can compute f_(5) as follows: :f_(x) = g ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pseudorandom Function Family
In cryptography, a pseudorandom function family, abbreviated PRF, is a collection of efficiently-computable functions which emulate a random oracle in the following way: no efficient algorithm can distinguish (with significant advantage) between a function chosen randomly from the PRF family and a random oracle (a function whose outputs are fixed completely at random). Pseudorandom functions are vital tools in the construction of cryptographic primitives, especially secure encryption schemes. Pseudorandom functions are not to be confused with pseudorandom generators (PRGs). The guarantee of a PRG is that a ''single'' output appears random if the input was chosen at random. On the other hand, the guarantee of a PRF is that ''all its outputs'' appear random, regardless of how the corresponding inputs were chosen, as long as the ''function'' was drawn at random from the PRF family. A pseudorandom function family can be constructed from any pseudorandom generator, using, for exam ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Random Oracle
In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted. Stated differently, a random oracle is a mathematical function chosen uniformly at random, that is, a function mapping each possible query to a (fixed) random response from its output domain. Random oracles as a mathematical abstraction were first used in rigorous cryptographic proofs in the 1993 publication by Mihir Bellare and Phillip Rogaway (1993). They are typically used when the proof cannot be carried out using weaker assumptions on the cryptographic hash function. A system that is proven secure when every hash function is replaced by a random oracle is described as being secure in the random oracle model, as opposed to secure in the standard model of cryptography. Applications Random oracles are typicall ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Strong Diffie-Hellman Assumption
Strong may refer to: Education * The Strong, an educational institution in Rochester, New York, United States * Strong Hall (Lawrence, Kansas), an administrative hall of the University of Kansas * Strong School, New Haven, Connecticut, United States, an overflow school for district kindergartners and first graders Music Albums * ''Strong'' (Anette Olzon album), 2021 * ''Strong'' (Arrested Development album), 2010 * ''Strong'' (Michelle Wright album), 2013 * ''Strong'' (Thomas Anders album), 2010 * ''Strong'' (Tracy Lawrence album), 2004 * ''Strong'', a 2000 album by Clare Quilty Songs * "Strong" (London Grammar song), 2013 * "Strong" (One Direction song), 2013 * "Strong" (Robbie Williams song), 1998 * "Strong", a song by After Forever from '' Remagine'' * "Strong", a song by Audio Adrenaline from ''Worldwide'' * "Strong", a song by LeAnn Rimes from ''Whatever We Wanna'' * "Strong", a song by London Grammar from ''If You Wait'' * "Strong", a song by Will Hoge from '' Nev ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Digital Signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created by a known sender (authenticity), and that the message was not altered in transit (integrity). Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering. Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Fiat–Shamir Heuristic
In cryptography, the Fiat–Shamir heuristic is a technique for taking an interactive proof of knowledge and creating a digital signature based on it. This way, some fact (for example, knowledge of a certain secret number) can be publicly proven without revealing underlying information. The technique is due to Amos Fiat and Adi Shamir (1986). For the method to work, the original interactive proof must have the property of being public-coin, i.e. verifier's random coins are made public throughout the proof protocol. The heuristic was originally presented without a proof of security; later, Pointcheval and Stern proved its security against chosen message attacks in the ''random oracle model'', that is, assuming random oracles exist. This result was generalized to the quantum-accessible random oracle (QROM) by Don, Fehr, Majenz and Schaffner, and concurrently by Liu and Zhandry. In the case that random oracles do not exist, the Fiat–Shamir heuristic has been proven insecure by Sh ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Zero-knowledge Proof
In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information apart from the fact that the statement is indeed true. The essence of zero-knowledge proofs is that it is trivial to prove that one possesses knowledge of certain information by simply revealing it; the challenge is to prove such possession without revealing the information itself or any additional information. If proving a statement requires that the prover possess some secret information, then the verifier will not be able to prove the statement to anyone else without possessing the secret information. The statement being proved must include the assertion that the prover has such knowledge, but without including or transmitting the knowledge itself in the assertion. Otherwise, the statement would not be proved in zero-knowledge because it ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
