Strong RSA Assumption
   HOME
*





Strong RSA Assumption
In cryptography, the strong RSA assumption states that the RSA problem is intractable even when the solver is allowed to choose the public exponent ''e'' (for ''e'' ≥ 3). More specifically, given a modulus ''N'' of unknown factorization, and a ciphertext ''C'', it is infeasible to find any pair (''M'', ''e'') such that ''C'' ≡ ''M'' ''e'' mod ''N''. The strong RSA assumption was first used for constructing signature schemes provably secure against existential forgery without resorting to the random oracle model. See also * Quadratic residuosity problem * Decisional composite residuosity assumption References * Barić N., Pfitzmann B. (1997) Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees. In: Fumy W. (eds) Advances in Cryptology – EUROCRYPT ’97. EUROCRYPT 1997. Lecture Notes in Computer Science, vol 1233. Springer, Berlin, Heidelberg. * Fujisaki E., Okamoto T. (1997) Statistical zero knowledge prot ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security ( data confidentiality, data integrity, authentication, and non-repudiation) are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications. Cryptography prior to the modern age was effectively synonymo ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

RSA (algorithm)
RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. The acronym "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent system was developed secretly in 1973 at Government Communications Headquarters (GCHQ) (the British signals intelligence agency) by the English mathematician Clifford Cocks. That system was declassified in 1997. In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers. The security of RSA relies on the practical difficulty of factoring the product of two ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


RSA Problem
In cryptography, the RSA problem summarizes the task of performing an RSA private-key operation given only the public key. The RSA algorithm raises a ''message'' to an '' exponent'', modulo a composite number ''N'' whose factors are not known. Thus, the task can be neatly described as finding the ''e''th roots of an arbitrary number, modulo N. For large RSA key sizes (in excess of 1024 bits), no efficient method for solving this problem is known; if an efficient method is ever developed, it would threaten the current or eventual security of RSA-based cryptosystems—both for public-key encryption and digital signatures. More specifically, the RSA problem is to efficiently compute ''P'' given an RSA public key (''N'', ''e'') and a ciphertext ''C'' ≡ ''P'' ''e'' (mod ''N''). The structure of the RSA public key requires that ''N'' be a large semiprime (i.e., a product of two large prime numbers), that 2 < ''e'' < ''N'', that ''e'' be

picture info

Digital Signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created by a known sender (authenticity), and that the message was not altered in transit (integrity). Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering. Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures.

[...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Provable Security
Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields. Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabilities of the attacker are defined by an adversarial model (also referred to as attacker model): the aim of the proof is to show that the attacker must solve the underlying hard problem in order to break the security of the modelled system. Such a proof generally does not consider side-channel attacks or other implementation-specific attacks, because they are usually impossible to model without implementing the system (and thus, the proof only applies to this implementation). Outside of cryptography, the term is often used in conjunction with secure coding and security by design, both of which can rely on proofs to show the security of a particular approach. As with the cryptographic setting, this involves an attacker model and a model of th ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Existential Forgery
In a cryptographic digital signature or MAC system, digital signature forgery is the ability to create a pair consisting of a message, m, and a signature (or MAC), \sigma, that is valid for m, but has not been created in the past by the legitimate signer. There are different types of forgery. To each of these types, security definitions can be associated. A signature scheme is secure by a specific definition if no forgery of the associated type is possible. Types The following definitions are ordered from lowest to highest achieved security, in other words, from most powerful to the weakest attack. The definitions form a hierarchy, meaning that an attacker able to do mount a specific attack can execute all the attacks further down the list. Likewise, a scheme that reaches a certain security goal also reaches all prior ones. Total break More general than the following attacks, there is also a ''total break'': when adversary can recover the private information and keys used by t ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Random Oracle Model
In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted. Stated differently, a random oracle is a mathematical function chosen uniformly at random, that is, a function mapping each possible query to a (fixed) random response from its output domain. Random oracles as a mathematical abstraction were first used in rigorous cryptographic proofs in the 1993 publication by Mihir Bellare and Phillip Rogaway (1993). They are typically used when the proof cannot be carried out using weaker assumptions on the cryptographic hash function. A system that is proven secure when every hash function is replaced by a random oracle is described as being secure in the random oracle model, as opposed to secure in the standard model of cryptography. Applications Random oracles are typical ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Quadratic Residuosity Problem
The quadratic residuosity problem (QRP) in computational number theory is to decide, given integers a and N, whether a is a quadratic residue modulo N or not. Here N = p_1 p_2 for two unknown primes p_1 and p_2, and a is among the numbers which are not obviously quadratic non-residues (see below). The problem was first described by Gauss in his ''Disquisitiones Arithmeticae'' in 1801. This problem is believed to be computationally difficult. Several cryptographic methods rely on its hardness, see . An efficient algorithm for the quadratic residuosity problem immediately implies efficient algorithms for other number theoretic problems, such as deciding whether a composite N of unknown factorization is the product of 2 or 3 primes. Precise formulation Given integers a and T, a is said to be a ''quadratic residue modulo T'' if there exists an integer b such that :a \equiv b^2 \pmod T. Otherwise we say it is a quadratic non-residue. When T = p is a prime, it is customary to us ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Decisional Composite Residuosity Assumption
The decisional composite residuosity assumption (DCRA) is a mathematical assumption used in cryptography. In particular, the assumption is used in the proof of the Paillier cryptosystem. Informally, the DCRA states that given a composite n and an integer z, it is hard to decide whether z is an n-residue modulo n^2. ''I.e.'' whether there exists a y such that : z \equiv y^n \pmod. \, See also * Quadratic residuosity problem * Higher residuosity problem In cryptography, most public key cryptosystems are founded on problems that are believed to be intractable. The higher residuosity problem (also called the n th-residuosity problem) is one such problem. This problem is ''easier'' to solve than ... References * P. Paillier, ''Public-Key Cryptosystems Based on Composite Degree Residuosity Classes'', Eurocrypt 1999. {{DEFAULTSORT:Decisional Composite Residuosity Assumption Computational hardness assumptions ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Ronald Cramer
Ronald John Fitzgerald Cramer (born 3 February 1968 in Haarlem) is a professor at the Centrum Wiskunde & Informatica (CWI) in Amsterdam and the University of Leiden. He obtained his PhD from the University of Amsterdam in 1997. Prior to returning to the Netherlands he was at the University of Aarhus. He is best known for his work with Victor Shoup on chosen ciphertext secure encryption in the standard model, in particular the Cramer–Shoup encryption scheme. Cramer became a member of the Royal Netherlands Academy of Arts and Sciences The Royal Netherlands Academy of Arts and Sciences ( nl, Koninklijke Nederlandse Akademie van Wetenschappen, abbreviated: KNAW) is an organization dedicated to the advancement of science and literature in the Netherlands. The academy is housed ... in 2013. He is member of the advisory board of the German Center for Advanced Security Research Darmstadt CASED. References External links * * * {{DEFAULTSORT:Cramer, Ronald 1968 births Living ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Victor Shoup
Victor Shoup is a computer scientist and mathematician. He obtained a PhD in computer science from the University of Wisconsin–Madison in 1989, and he did his undergraduate work at the University of Wisconsin-Eau Claire. He is a professor at the Courant Institute of Mathematical Sciences at New York University, focusing on algorithm and cryptography courses. He is currently a Principal Research Scientist at DFINITY and has held positions at AT&T Bell Labs, the University of Toronto, Saarland University, and the IBM Zurich Research Laboratory. Shoup's main research interests and contributions are computer algorithms relating to number theory, algebra, and cryptography. His contributions to these fields include: * The Cramer–Shoup cryptosystem asymmetric encryption algorithm bears his name. * His freely available (under the terms of the GNU GNU General Public License, GPL) C++ library of number theory algorithms, NTL, is widely used and well regarded for its high performance. ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Ronald L
Ronald is a masculine given name derived from the Old Norse ''Rögnvaldr'', Hanks; Hardcastle; Hodges (2006) p. 234; Hanks; Hodges (2003) § Ronald. or possibly from Old English '' Regenweald''. In some cases ''Ronald'' is an Anglicised form of the Gaelic ''Raghnall'', a name likewise derived from ''Rögnvaldr''. The latter name is composed of the Old Norse elements ''regin'' ("advice", "decision") and ''valdr'' ("ruler"). ''Ronald'' was originally used in England and Scotland, where Scandinavian influences were once substantial, although now the name is common throughout the English-speaking world. A short form of ''Ronald'' is ''Ron''. Pet forms of ''Ronald'' include ''Roni'' and ''Ronnie''. ''Ronalda'' and ''Rhonda'' are feminine forms of ''Ronald''. '' Rhona'', a modern name apparently only dating back to the late nineteenth century, may have originated as a feminine form of ''Ronald''. Hanks; Hardcastle; Hodges (2006) pp. 230, 408; Hanks; Hodges (2003) § Rhona. The names ' ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]