|
Strong RSA Assumption
In cryptography, the strong RSA assumption states that the RSA problem is intractable even when the solver is allowed to choose the public exponent ''e'' (for ''e'' ≥ 3). More specifically, given a modulus ''N'' of unknown factorization, and a ciphertext ''C'', it is infeasible to find any pair (''M'', ''e'') such that ''C'' ≡ ''M'' ''e'' mod ''N''. The strong RSA assumption was first used for constructing signature schemes provably secure against existential forgery without resorting to the random oracle model. See also * Quadratic residuosity problem * Decisional composite residuosity assumption References * Barić N., Pfitzmann B. (1997) Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees. In: Fumy W. (eds) Advances in Cryptology – EUROCRYPT ’97. EUROCRYPT 1997. Lecture Notes in Computer Science, vol 1233. Springer, Berlin, Heidelberg. * Fujisaki E., Okamoto T. (1997) Statistical zero knowledge prot ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptography
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), adversarial behavior. More generally, cryptography is about constructing and analyzing Communication protocol, protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security (confidentiality, data confidentiality, data integrity, authentication, and non-repudiation) are also central to cryptography. Practical applications of cryptography include electronic commerce, Smart card#EMV, chip-based payment cards, digital currencies, password, computer passwords, and military communications. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
RSA (algorithm)
The RSA (Rivest–Shamir–Adleman) cryptosystem is a public-key cryptosystem, one of the oldest widely used for secure data transmission. The initialism "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent system was developed secretly in 1973 at Government Communications Headquarters (GCHQ), the British signals intelligence agency, by the English mathematician Clifford Cocks. That system was declassified in 1997. In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone via the public key, but can only be decrypted by someone who knows the private key. The security of RSA relies on the practical difficulty of factoring the product of two ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
RSA Problem
In cryptography, the RSA problem summarizes the task of performing an RSA private-key operation given only the public key. The RSA algorithm raises a ''message'' to an '' exponent'', modulo a composite number ''N'' whose factors are not known. Thus, the task can be neatly described as finding the ''e''th roots of an arbitrary number, modulo N. For large RSA key sizes (in excess of 1024 bits), no efficient method for solving this problem is known; if an efficient method is ever developed, it would threaten the current or eventual security of RSA-based cryptosystems—both for public-key encryption and digital signatures. More specifically, the RSA problem is to efficiently compute ''P'' given an RSA public key (''N'', ''e'') and a ciphertext ''C'' ≡ ''P'' ''e'' (mod ''N''). The structure of the RSA public key requires that ''N'' be a large semiprime (i.e., a product of two large prime numbers), that 2 < ''e'' < ''N'', that ''e'' be |
Provable Security
Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields. Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabilities of the attacker are defined by an adversarial model (also referred to as attacker model): the aim of the proof is to show that the attacker must solve the underlying hard problem in order to break the security of the modelled system. Such a proof generally does not consider side-channel attacks or other implementation-specific attacks, because they are usually impossible to model without implementing the system (and thus, the proof only applies to this implementation). Outside of cryptography, the term is often used in conjunction with secure coding and security by design, both of which can rely on proofs to show the security of a particular approach. As with the cryptographic setting, this involves an attacker model and a model o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Existential Forgery
In a cryptographic digital signature or MAC system, digital signature forgery is the ability to create a pair consisting of a message, m, and a signature (or MAC), \sigma, that is valid for m, but has not been created in the past by the legitimate signer. There are different types of forgery. To each of these types, security definitions can be associated. A signature scheme is secure by a specific definition if no forgery of the associated type is possible. Types The following definitions are ordered from lowest to highest achieved security, in other words, from most powerful to the weakest attack. The definitions form a hierarchy, meaning that an attacker able to mount a specific attack can execute all the attacks further down the list. Likewise, a scheme that reaches a certain security goal also reaches all prior ones. Total break More general than the following attacks, there is also a ''total break'': when an adversary can recover the private information and keys used by t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Random Oracle Model
In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted. Stated differently, a random oracle is a mathematical function chosen uniformly at random, that is, a function mapping each possible query to a (fixed) random response from its output domain. Random oracles first appeared in the context of complexity theory, in which they were used to argue that complexity class separations may face relativization barriers, with the most prominent case being the P vs NP problem, two classes shown in 1981 to be distinct relative to a random oracle almost surely. They made their way into cryptography by the publication of Mihir Bellare and Phillip Rogaway in 1993, which introduced them as a formal cryptographic model to be used in reduction proofs. They are typically used whe ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Quadratic Residuosity Problem
The quadratic residuosity problem (QRP) in computational number theory is to decide, given integers a and N, whether a is a quadratic residue modulo N or not. Here N = p_1 p_2 for two unknown primes p_1 and p_2, and a is among the numbers which are not obviously quadratic non-residues (see below). The problem was first described by Gauss in his '' Disquisitiones Arithmeticae'' in 1801. This problem is believed to be computationally difficult. Several cryptographic methods rely on its hardness, see . An efficient algorithm for the quadratic residuosity problem immediately implies efficient algorithms for other number theoretic problems, such as deciding whether a composite N of unknown factorization is the product of 2 or 3 primes. Precise formulation Given integers a and T, a is said to be a ''quadratic residue modulo T'' if there exists an integer b such that :a \equiv b^2 \pmod T. Otherwise we say it is a quadratic non-residue. When T = p is a prime, it is customary t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Decisional Composite Residuosity Assumption
The decisional composite residuosity assumption (DCRA) is a mathematical assumption used in cryptography. In particular, the assumption is used in the proof of the Paillier cryptosystem. Informally, the DCRA states that given a composite n and an integer z, it is hard to decide whether z is an n-residue modulo n^2. ''I.e.'' whether there exists a y such that : z \equiv y^n \pmod. \, See also * Quadratic residuosity problem The quadratic residuosity problem (QRP) in computational number theory is to decide, given integers a and N, whether a is a quadratic residue modulo N or not. Here N = p_1 p_2 for two unknown primes p_1 and p_2, and a is among the numbers which a ... * Higher residuosity problem References * P. Paillier, ''Public-Key Cryptosystems Based on Composite Degree Residuosity Classes'', Eurocrypt 1999. {{DEFAULTSORT:Decisional Composite Residuosity Assumption Computational hardness assumptions ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ronald Cramer
Ronald John Fitzgerald Cramer (born 3 February 1968 in Haarlem) is a professor at the Centrum Wiskunde & Informatica (CWI) in Amsterdam and the University of Leiden. He obtained his PhD from the University of Amsterdam in 1997. Prior to returning to the Netherlands he was at the University of Aarhus. He is best known for his work with Victor Shoup on chosen ciphertext secure encryption in the standard model, in particular the Cramer–Shoup encryption scheme. Cramer became a member of the Royal Netherlands Academy of Arts and Sciences The Royal Netherlands Academy of Arts and Sciences (, KNAW) is an organization dedicated to the advancement of science and literature in the Netherlands. The academy is housed in the Trippenhuis in Amsterdam. In addition to various advisory a ... in 2013. He is member of the advisory board of the German Center for Advanced Security Research Darmstadt CASED. References External links * * * {{DEFAULTSORT:Cramer, Ronald 1968 births Livi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Victor Shoup
Victor Shoup is a computer scientist and mathematician. He obtained a PhD in computer science from the University of Wisconsin–Madison in 1989, and he did his undergraduate work at the University of Wisconsin-Eau Claire. He is a professor at the Courant Institute of Mathematical Sciences at New York University, focusing on algorithm and cryptography courses. He is currently a Principal Research Scientist at Offchain Labs and has held positions at AT&T Bell Labs, the University of Toronto, Saarland University, and the IBM Zurich Research Laboratory. Shoup's main research interests and contributions are computer algorithms relating to number theory, algebra, and cryptography. His contributions to these fields include: * The Cramer–Shoup cryptosystem asymmetric encryption algorithm bears his name. * His freely available (under the terms of the GNU GNU General Public License, GPL) C++ library of number theory algorithms, NTL, is widely used and well regarded for its high perfor ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ronald L
Ronald is a masculine given name derived from the Old Norse ''Rögnvaldr'', Hanks; Hardcastle; Hodges (2006) p. 234; Hanks; Hodges (2003) § Ronald. or possibly from Old English '' Regenweald''. In some cases ''Ronald'' is an Anglicised form of the Gaelic '' Raghnall'', a name likewise derived from ''Rögnvaldr''. The latter name is composed of the Old Norse elements ''regin'' ("advice", "decision") and ''valdr'' ("ruler"). ''Ronald'' was originally used in England and Scotland, where Scandinavian influences were once substantial, although now the name is common throughout the English-speaking world. A short form of ''Ronald'' is ''Ron''. Pet forms of ''Ronald'' include ''Roni'' and '' Ronnie''. ''Ronalda'' and ''Rhonda'' are feminine forms of ''Ronald''. ''Rhona'', a modern name apparently only dating back to the late nineteenth century, may have originated as a feminine form of ''Ronald''. Hanks; Hardcastle; Hodges (2006) pp. 230, 408; Hanks; Hodges (2003) § Rhona. The names ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
