|
Fiat–Shamir Heuristic
In cryptography, the Fiat–Shamir heuristic is a technique for taking an interactive proof of knowledge and creating a digital signature based on it. This way, some fact (for example, knowledge of a certain secret number) can be publicly proven without revealing underlying information. The technique is due to Amos Fiat and Adi Shamir (1986). For the method to work, the original interactive proof must have the property of being public-coin, i.e. verifier's random coins are made public throughout the proof protocol. The heuristic was originally presented without a proof of security; later, Pointcheval and Stern proved its security against chosen message attacks in the ''random oracle model'', that is, assuming random oracles exist. This result was generalized to the quantum-accessible random oracle (QROM) by Don, Fehr, Majenz and Schaffner, and concurrently by Liu and Zhandry. In the case that random oracles do not exist, the Fiat–Shamir heuristic has been proven insecure by Sh ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security ( data confidentiality, data integrity, authentication, and non-repudiation) are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications. Cryptography prior to the modern age was effectively synonymo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Shafi Goldwasser
en, Shafrira Goldwasser , name = Shafi Goldwasser , image = Shafi Goldwasser.JPG , caption = Shafi Goldwasser in 2010 , birth_place = New York City, New York, U.S. , birth_date = , death_date = , death_place = , nationality = Israeli American , field = Computer science, cryptography , work_institution = , alma_mater = , doctoral_advisor = Manuel Blum , thesis_title = Probabilistic Encryption: Theory and Applications , thesis_url = http://search.proquest.com/docview/303337869 , thesis_year = 1984 , doctoral_students = , known_for = , prizes = , website = Shafrira Goldwasser ( he, שפרירה גולדווסר; born 1959) is an Israeli-American computer scientist and winner of the Turing Award in 2012. She is the RSA Professor of Electrical Engineering and Computer Science at MIT, a professor of mathematical sciences at th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Anonymous Veto Network
In cryptography, the anonymous veto network (or AV-net) is a multi-party secure computation protocol to compute the boolean-OR function. It was first proposed by Feng Hao and Piotr Zieliński in 2006. This protocol presents an efficient solution to the Dining cryptographers problem. A related protocol that securely computes a boolean-count function is open vote network (or OV-net). Description All participants agree on a group \scriptstyle G with a generator \scriptstyle g of prime order \scriptstyle q in which the discrete logarithm problem is hard. For example, a Schnorr group can be used. For a group of \scriptstyle n participants, the protocol executes in two rounds. Round 1: each participant \scriptstyle i selects a random value \scriptstyle x_i \,\in_R\, \mathbb_q and publishes the ephemeral public key \scriptstyle g^ together with a zero-knowledge proof for the proof of the exponent \scriptstyle x_i. A detailed description of a method for such proofs is found in . After ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Random Oracle Model
In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted. Stated differently, a random oracle is a mathematical function chosen uniformly at random, that is, a function mapping each possible query to a (fixed) random response from its output domain. Random oracles as a mathematical abstraction were first used in rigorous cryptographic proofs in the 1993 publication by Mihir Bellare and Phillip Rogaway (1993). They are typically used when the proof cannot be carried out using weaker assumptions on the cryptographic hash function. A system that is proven secure when every hash function is replaced by a random oracle is described as being secure in the random oracle model, as opposed to secure in the standard model of cryptography. Applications Random oracles are typical ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptographic Hash Function
A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography: * the probability of a particular n-bit output result (hash value) for a random input string ("message") is 2^ (like for any good hash), so the hash value can be used as a representative of the message; * finding an input string that matches a given hash value (a ''pre-image'') is unfeasible, unless the value is selected from a known pre-calculated dictionary (" rainbow table"). The ''resistance'' to such search is quantified as security strength, a cryptographic hash with n bits of hash value is expected to have a ''preimage resistance'' strength of n bits. A ''second preimage'' resistance strength, with the same expectations, refers to a similar problem of finding a second message that matches the given hash value when one message is already known; * finding any pair of different messa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Multiplicative Group Of Integers Modulo N
In modular arithmetic, the integers coprime (relatively prime) to ''n'' from the set \ of ''n'' non-negative integers form a group under multiplication modulo ''n'', called the multiplicative group of integers modulo ''n''. Equivalently, the elements of this group can be thought of as the congruence classes, also known as ''residues'' modulo ''n'', that are coprime to ''n''. Hence another name is the group of primitive residue classes modulo ''n''. In the theory of rings, a branch of abstract algebra, it is described as the group of units of the ring of integers modulo ''n''. Here ''units'' refers to elements with a multiplicative inverse, which, in this ring, are exactly those coprime to ''n''. This quotient group, usually denoted (\mathbb/n\mathbb)^\times, is fundamental in number theory. It is used in cryptography, integer factorization, and primality testing. It is an abelian, finite group whose order is given by Euler's totient function: , (\mathbb/n\mathbb)^\times, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Modular Arithmetic
In mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" when reaching a certain value, called the modulus. The modern approach to modular arithmetic was developed by Carl Friedrich Gauss in his book ''Disquisitiones Arithmeticae'', published in 1801. A familiar use of modular arithmetic is in the 12-hour clock, in which the day is divided into two 12-hour periods. If the time is 7:00 now, then 8 hours later it will be 3:00. Simple addition would result in , but clocks "wrap around" every 12 hours. Because the hour number starts over at zero when it reaches 12, this is arithmetic ''modulo'' 12. In terms of the definition below, 15 is ''congruent'' to 3 modulo 12, so "15:00" on a 24-hour clock is displayed "3:00" on a 12-hour clock. Congruence Given an integer , called a modulus, two integers and are said to be congruent modulo , if is a divisor of their difference (that is, if there is an integer such that ). Congruence modulo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Non-interactive Zero-knowledge Proof
Non-interactive zero-knowledge proofs are zero-knowledge proofs where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the transaction itself. This function of encryption makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries. The core trustless cryptography "proofing" involves a hash function generation of a random number, constrained within mathematical parameters (primarily to modulate hashing difficulties) determined by the prover and verifier. With this cryptographic engine, the prover must demonstrate the validity of the transaction, by solving the hash of a random number. Finally, proof of the answer is returned to the verifier, without revealing its value. There are many different methods for establishing a cryptographic proof of hash validity. Perhaps the most notable method, proof of work, involves computing the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Yael Tauman Kalai
Yael Tauman Kalai is a cryptographer and theoretical computer scientist who works as a Senior Principal Researcher at Microsoft Research New England and as an adjunct professor at MIT in the Computer Science and Artificial Intelligence Lab. Education and career Kalai graduated from the Hebrew University of Jerusalem in 1997. She worked with Adi Shamir at the Weizmann Institute of Science, earning a master's degree there in 2001, and then moved to the Massachusetts Institute of Technology, where she completed her PhD in 2006 with Shafi Goldwasser as her doctoral advisor. She did postdoctoral study at Microsoft Research and the Weizmann Institute before becoming a faculty member at the Georgia Institute of Technology. She took a permanent position at Microsoft Research in 2008. She serves on the Scientific Advisory Board for the Institute for Computational and Experimental Research in Mathematics (ICERM). Contributions Kalai is known for co-inventing ring signatures, which has bec ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Random Oracle
In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted. Stated differently, a random oracle is a mathematical function chosen uniformly at random, that is, a function mapping each possible query to a (fixed) random response from its output domain. Random oracles as a mathematical abstraction were first used in rigorous cryptographic proofs in the 1993 publication by Mihir Bellare and Phillip Rogaway (1993). They are typically used when the proof cannot be carried out using weaker assumptions on the cryptographic hash function. A system that is proven secure when every hash function is replaced by a random oracle is described as being secure in the random oracle model, as opposed to secure in the standard model of cryptography. Applications Random oracles are typicall ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Proof Of Knowledge
In cryptography, a proof of knowledge is an interactive proof in which the prover succeeds in 'convincing' a verifier that the prover knows something. What it means for a machine to 'know something' is defined in terms of computation. A machine 'knows something', if this something can be computed, given the machine as an input. As the program of the prover does not necessarily spit out the knowledge itself (as is the case for zero-knowledge proofs) a machine with a different program, called the knowledge extractor is introduced to capture this idea. We are mostly interested in what can be proven by polynomial time bounded machines. In this case the set of knowledge elements is limited to a set of witnesses of some language in NP. Let x be a statement of language L in NP, and W(x) the set of witnesses for x that should be accepted in the proof. This allows us to define the following relation: R= \. A proof of knowledge for relation R with knowledge error \kappa is a two party prot ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Random Oracle
In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted. Stated differently, a random oracle is a mathematical function chosen uniformly at random, that is, a function mapping each possible query to a (fixed) random response from its output domain. Random oracles as a mathematical abstraction were first used in rigorous cryptographic proofs in the 1993 publication by Mihir Bellare and Phillip Rogaway (1993). They are typically used when the proof cannot be carried out using weaker assumptions on the cryptographic hash function. A system that is proven secure when every hash function is replaced by a random oracle is described as being secure in the random oracle model, as opposed to secure in the standard model of cryptography. Applications Random oracles are typicall ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
