|
Paillier Cryptosystem
The Paillier cryptosystem, invented by and named after Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. The problem of computing ''n''-th residue classes is believed to be computationally difficult. The decisional composite residuosity assumption is the intractability hypothesis upon which this cryptosystem is based. The scheme is an additive homomorphic cryptosystem; this means that, given only the public key and the encryption of m_1 and m_2, one can compute the encryption of m_1+m_2. Algorithm The scheme works as follows: Key generation #Choose two large prime numbers p and q randomly and independently of each other such that \gcd(pq, (p-1)(q-1))=1. This property is assured if both primes are of equal length.Jonathan Katz, Yehuda Lindell, "Introduction to Modern Cryptography: Principles and Protocols," Chapman & Hall/CRC, 2007 #Compute n=pq and \lambda=\operatorname(p-1,q-1). lcm means Least Common Multiple. #Select random inte ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Asymmetric Algorithm
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security. In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message. For example, a journalist can publish the public key of an encryption key pair on a web site so that sources can send secret messages to the news organization in ciphertext. Only the journalist who knows the corresponding private key can decrypt the ciphertexts to obtain the sources' messages—an eavesdrop ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Malleability (cryptography)
Malleability is a property of some cryptographic algorithms. An encryption algorithm is "malleable" if it is possible to transform a ciphertext into another ciphertext which decrypts to a related plaintext. That is, given an encryption of a plaintext m, it is possible to generate another ciphertext which decrypts to f(m), for a known function f, without necessarily knowing or learning m. Malleability is often an undesirable property in a general-purpose cryptosystem, since it allows an attacker to modify the contents of a message. For example, suppose that a bank uses a stream cipher to hide its financial information, and a user sends an encrypted message containing, say, "." If an attacker can modify the message on the wire, and can guess the format of the unencrypted message, the attacker could change the amount of the transaction, or the recipient of the funds, e.g. "". Malleability does not refer to the attacker's ability to read the encrypted message. Both before and after ta ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Okamoto–Uchiyama Cryptosystem
The Okamoto–Uchiyama cryptosystem is a public key cryptosystem proposed in 1998 by Tatsuaki Okamoto and Shigenori Uchiyama. The system works in the multiplicative group of integers modulo n, (\mathbb/n\mathbb)^*, where ''n'' is of the form ''p''2''q'' and ''p'' and ''q'' are large primes. Operation Like many public key cryptosystems, this scheme works in the group (\mathbb/n\mathbb)^*. This scheme is homomorphic and hence malleable. Key generation A public/private key pair is generated as follows: # Generate two large primes p and q. # Compute n = p^2 q. # Choose a random integer g \in \ such that g^ \not\equiv 1 \mod p^2. # Compute h = g^n \bmod n. The public key is then (n,g,h) and the private key is (p,q). Encryption A message m < p can be encrypted with the public key as follows. # Choose a random integer . # Compute . The value is the encryption of .
|
Naccache–Stern Cryptosystem
The Naccache–Stern cryptosystem is a homomorphic public-key cryptosystem whose security rests on the higher residuosity problem. The Naccache–Stern cryptosystem was discovered by David Naccache and Jacques Stern in 1998. Scheme Definition Like many public key cryptosystems, this scheme works in the group (\mathbb/n\mathbb)^* where ''n'' is a product of two large primes. This scheme is homomorphic and hence malleable. Key Generation *Pick a family of ''k'' small distinct primes ''p''1,...,''p''k. *Divide the set in half and set u = \prod_^ p_i and v = \prod_^k p_i. *Set \sigma = uv = \prod_^k p_i *Choose large primes ''a'' and ''b'' such that both ''p'' = 2''au''+1 and ''q''=2''bv''+1 are prime. *Set ''n''=''pq''. *Choose a random ''g'' mod ''n'' such that ''g'' has order φ(''n'')/4. The public key is the numbers σ,''n'',''g'' and the private key is the pair ''p'',''q''. When ''k''=1 this is essentially the Benaloh cryptosystem. Message Encryption This system allows e ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
David Chaum
David Lee Chaum (born 1955) is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol. Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoin whitepaper. He has been referred to as "the father of online anonymity", and "the godfather of cryptocurrency". He is also known for developing ecash, an electronic cash application that aims to preserve a user's anonymity, and inventing many cryptographic protocols like the blind signature, mix networks and the Dining cryptographers protocol. In 1995 his company DigiCash created the first digital currency with eCash.Greenberg, Andy (2012). ''This M ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ecash
Ecash was conceived by David Chaum as an anonymous cryptographic electronic money or electronic cash system in 1983. It was realized through his corporation Digicash and used as micropayment system at one US bank from 1995 to 1998. Design Chaum published the idea of anonymous electronic money in a 1983 paper; eCash software on the user's local computer stored money in a digital format, cryptographically signed by a bank. The user could spend the digital money at any shop accepting eCash, without having to open an account with the vendor first, or transmitting credit card numbers. Security was ensured by public key digital signature schemes. The RSA blind signatures achieved unlinkability between withdrawal and spend transactions. Depending on the payment transactions, one distinguishes between on-line and off-line electronic cash: If the payee has to contact a third party (e.g., the bank or the credit-card company acting as an acquirer) before accepting a payment, the system is cal ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Blinding (cryptography)
In cryptography, blinding is a technique by which an agent can provide a service to (i.e., compute a function for) a client in an encoded form without knowing either the real input or the real output. Blinding techniques also have applications to preventing side-channel attacks on encryption devices. More precisely, Alice has an input ''x'' and Oscar has a function ''f''. Alice would like Oscar to compute for her without revealing either ''x'' or ''y'' to him. The reason for her wanting this might be that she doesn't know the function ''f'' or that she does not have the resources to compute it. Alice "blinds" the message by encoding it into some other input ''E''(''x''); the encoding ''E'' must be a bijection on the input space of ''f'', ideally a random permutation. Oscar gives her ''f''(''E''(''x'')), to which she applies a decoding ''D'' to obtain . Not all functions allow for blind computation. At other times, blinding must be applied with care. An example of the latter is ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Random Oracle Model
In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted. Stated differently, a random oracle is a mathematical function chosen uniformly at random, that is, a function mapping each possible query to a (fixed) random response from its output domain. Random oracles as a mathematical abstraction were first used in rigorous cryptographic proofs in the 1993 publication by Mihir Bellare and Phillip Rogaway (1993). They are typically used when the proof cannot be carried out using weaker assumptions on the cryptographic hash function. A system that is proven secure when every hash function is replaced by a random oracle is described as being secure in the random oracle model, as opposed to secure in the standard model of cryptography. Applications Random oracles are typical ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cramer–Shoup Cryptosystem
The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the ElGamal cryptosystem. In contrast to ElGamal, which is extremely malleable, Cramer–Shoup adds other elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a universal one-way hash function and additional computations, resulting in a ciphertext which is twice as large as in ElGamal. Adaptive chosen ciphertext attacks The definition of security achieved by Cramer–Shoup is formally termed " indistinguishability under adaptive chosen ciphertext attack" (IND-CCA2). This security definition is ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Threshold Cryptosystem
A threshold cryptosystem, the basis for the field of threshold cryptography, is a cryptosystem that protects information by encrypting it and distributing it among a cluster of fault-tolerant computers. The message is encrypted using a public key, and the corresponding private key is shared among the participating parties. With a threshold cryptosystem, in order to decrypt an encrypted message or to sign a message, several parties (more than some threshold number) must cooperate in the decryption or signature protocol. History Perhaps the first system with complete threshold properties for a trapdoor function (such as RSA) and a proof of security was published in 1994 by Alfredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung. Historically, only organizations with very valuable secrets, such as certificate authorities, the military, and governments made use of this technology. One of the earliest implementations was done in the 1990s by Certco for the planned deployment o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
IND-CCA2
Ciphertext indistinguishability is a property of many encryption schemes. Intuitively, if a cryptosystem possesses the property of indistinguishability, then an adversary will be unable to distinguish pairs of ciphertexts based on the message they encrypt. The property of indistinguishability under chosen plaintext attack is considered a basic requirement for most provably secure public key cryptosystems, though some schemes also provide indistinguishability under chosen ciphertext attack and adaptive chosen ciphertext attack. Indistinguishability under chosen plaintext attack is equivalent to the property of semantic security, and many cryptographic proofs use these definitions interchangeably. A cryptosystem is considered ''secure in terms of indistinguishability'' if no adversary, given an encryption of a message randomly chosen from a two-element message space determined by the adversary, can identify the message choice with probability significantly better than that of rand ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
IND-CPA
Ciphertext indistinguishability is a property of many encryption schemes. Intuitively, if a cryptosystem possesses the property of indistinguishability, then an adversary will be unable to distinguish pairs of ciphertexts based on the message they encrypt. The property of indistinguishability under chosen plaintext attack is considered a basic requirement for most provably secure public key cryptosystems, though some schemes also provide indistinguishability under chosen ciphertext attack and adaptive chosen ciphertext attack. Indistinguishability under chosen plaintext attack is equivalent to the property of semantic security, and many cryptographic proofs use these definitions interchangeably. A cryptosystem is considered ''secure in terms of indistinguishability'' if no adversary, given an encryption of a message randomly chosen from a two-element message space determined by the adversary, can identify the message choice with probability significantly better than that of rand ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
