|
Supersingular Isogeny Key Exchange
Supersingular isogeny Diffie–Hellman key exchange (SIDH or SIKE) is an insecure proposal for a post-quantum cryptographic algorithm to establish a secret key between two parties over an untrusted communications channel. It is analogous to the Diffie–Hellman key exchange, but is based on walks in a supersingular isogeny graph and was designed to resist cryptanalytic attack by an adversary in possession of a quantum computer. Before it was broken, SIDH boasted one of the smallest key sizes of all post-quantum key exchanges; with compression, SIDH used 2688-bit public keys at a 128-bit quantum security level. SIDH also distinguishes itself from similar systems such as NTRU and Ring-LWE by supporting perfect forward secrecy, a property that prevents compromised long-term keys from compromising the confidentiality of old communication sessions. These properties seemed to make SIDH a natural candidate to replace Diffie–Hellman (DHE) and elliptic curve Diffie–Hellman ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Post-quantum Cryptography
In cryptography, post-quantum cryptography (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
General Number Field Sieve
In number theory, the general number field sieve (GNFS) is the most efficient classical algorithm known for factoring integers larger than . Heuristically, its complexity for factoring an integer (consisting of bits) is of the form :\exp\left( \left(\sqrt + o(1)\right)(\ln n)^(\ln \ln n)^\right) =L_n\left .html"_;"title="frac,\sqrt[3">frac,\sqrt[3right/math> (in_L-notation.html" ;"title="">frac,\sqrt[3right.html" ;"title=".html" ;"title="frac,\sqrt[3">frac,\sqrt[3right">.html" ;"title="frac,\sqrt[3">frac,\sqrt[3right/math> (in L-notation">">frac,\sqrt[3right.html" ;"title=".html" ;"title="frac,\sqrt[3">frac,\sqrt[3right">.html" ;"title="frac,\sqrt[3">frac,\sqrt[3right/math> (in L-notation), where is the natural logarithm. It is a generalization of the special number field sieve: while the latter can only factor numbers of a certain special form, the general number field sieve can factor any number apart from prime powers (which are trivial to factor by taking roots). The p ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve Cryptography
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security.Commercial National Security Algorithm Suite and Quantum Computing FAQ U.S. National Security Agency, January 2016. Elliptic curves are applicable for , s, [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications. In technical writing you often you will see references to (D)TLS when it applies to both versions. TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ElGamal Signature Scheme
The ElGamal signature scheme is a digital signature scheme which is based on the difficulty of computing discrete logarithms. It was described by Taher Elgamal in 1985. (conference version appeared in CRYPTO'84, pp. 10–18) The ElGamal signature algorithm is rarely used in practice. A variant developed at the NSA and known as the Digital Signature Algorithm is much more widely used. There are several other variants. The ElGamal signature scheme must not be confused with ElGamal encryption which was also invented by Taher Elgamal. Overview The ElGamal signature scheme is a digital signature scheme based on the algebraic properties of modular exponentiation, together with the discrete logarithm problem. The algorithm uses a key pair consisting of a public key and a private key. The private key is used to generate a digital signature for a message, and such a signature can be verified by using the signer's corresponding public key. The digital signature provides message authenticatio ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ed25519
In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public domain software. Summary The following is a simplified description of EdDSA, ignoring details of encoding integers and curve points as bit strings; the full details are in the papers and RFC. An EdDSA signature scheme is a choice: * of finite field \mathbb_q over odd prime power q; * of elliptic curve E over \mathbb_q whose group E(\mathbb_q) of \mathbb_q-rational points has order \#E(\mathbb_q) = 2^c \ell, where \ell is a large prime and 2^c is called the cofactor; * of base point B \in E(\mathbb_q) with order \ell; and * of cryptographic hash function ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Curve25519
In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security (256-bit key size) and designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software. The original Curve25519 paper defined it as a Diffie–Hellman (DH) function. Daniel J. Bernstein has since proposed that the name Curve25519 be used for the underlying curve, and the name X25519 for the DH function. Mathematical properties The curve used is y^2 = x^3 + 486662x^2 + x, a Montgomery curve, over the prime field defined by the prime number 2^ - 19, and it uses the base point x = 9. This point generates a cyclic subgroup whose order is the prime 2^ + 27742317777372353535851937790883648493, this subgroup has a co-factor of 8, meaning the number of elements in the subgroup is 1/8 that of the elliptic cu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve DSA
In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. Key and signature-size As with elliptic-curve cryptography in general, the bit size of the private key believed to be needed for ECDSA is about twice the size of the security level, in bits. For example, at a security level of 80 bits—meaning an attacker requires a maximum of about 2^ operations to find the private key—the size of an ECDSA private key would be 160 bits. On the other hand, the signature size is the same for both DSA and ECDSA: approximately 4 t bits, where t is the security level measured in bits, that is, about 320 bits for a security level of 80 bits. Signature generation algorithm Suppose Alice wants to send a signed message to Bob. Initially, they must agree on the curve parameters (\textrm, G, n). In addition to the field and equation of the curve, we need G, a base point of pri ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve Diffie–Hellman
In mathematics, an ellipse is a plane curve surrounding two focus (geometry), focal points, such that for all points on the curve, the sum of the two distances to the focal points is a constant. It generalizes a circle, which is the special type of ellipse in which the two focal points are the same. The elongation of an ellipse is measured by its eccentricity (mathematics), eccentricity e, a number ranging from e = 0 (the Limiting case (mathematics), limiting case of a circle) to e = 1 (the limiting case of infinite elongation, no longer an ellipse but a parabola). An ellipse has a simple algebraic solution for its area, but only approximations for its perimeter (also known as circumference), for which integration is required to obtain an exact solution. Analytic geometry, Analytically, the equation of a standard ellipse centered at the origin with width 2a and height 2b is: : \frac+\frac = 1 . Assuming a \ge b, the foci are (\pm c, 0) for c = \sqrt. The standard parametric e ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Discrete Logarithm Problem
In mathematics, for given real numbers ''a'' and ''b'', the logarithm log''b'' ''a'' is a number ''x'' such that . Analogously, in any group ''G'', powers ''b''''k'' can be defined for all integers ''k'', and the discrete logarithm log''b'' ''a'' is an integer ''k'' such that . In number theory, the more commonly used term is index: we can write ''x'' = ind''r'' ''a'' (mod ''m'') (read "the index of ''a'' to the base ''r'' modulo ''m''") for ''r''''x'' ≡ ''a'' (mod ''m'') if ''r'' is a primitive root of ''m'' and gcd(''a'',''m'') = 1. Discrete logarithms are quickly computable in a few special cases. However, no efficient method is known for computing them in general. Several important algorithms in public-key cryptography, such as ElGamal base their security on the assumption that the discrete logarithm problem over carefully chosen groups has no efficient solution. Definition Let ''G'' be any group. Denote its group operation by mult ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Integer Factorization Problem
In number theory, integer factorization is the decomposition of a composite number into a product of smaller integers. If these factors are further restricted to prime numbers, the process is called prime factorization. When the numbers are sufficiently large, no efficient non-quantum integer factorization algorithm is known. However, it has not been proven that such an algorithm does not exist. The presumed difficulty of this problem is important for the algorithms used in cryptography such as RSA public-key encryption and the RSA digital signature. Many areas of mathematics and computer science have been brought to bear on the problem, including elliptic curves, algebraic number theory, and quantum computing. In 2019, Fabrice Boudot, Pierrick Gaudry, Aurore Guillevic, Nadia Heninger, Emmanuel Thomé and Paul Zimmermann factored a 240-digit (795-bit) number (RSA-240) utilizing approximately 900 core-years of computing power. The researchers estimated that a 1024-bit RSA mo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
