|
Threshold Cryptosystem
A threshold cryptosystem, the basis for the field of threshold cryptography, is a cryptosystem that protects information by encrypting it and distributing it among a cluster of fault-tolerant computers. The message is encrypted using a public key, and the corresponding private key is shared among the participating parties. With a threshold cryptosystem, in order to decrypt an encrypted message or to sign a message, several parties (more than some threshold number) must cooperate in the decryption or signature protocol. History Perhaps the first system with complete threshold properties for a trapdoor function (such as RSA) and a proof of security was published in 1994 by Alfredo De Santis, Yvo Desmedt, Yair Frankel, and Moti Yung. Historically, only organizations with very valuable secrets, such as certificate authorities, the military, and governments made use of this technology. One of the earliest implementations was done in the 1990s by Certco for the planned deployment o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptosystem
In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one for encryption, and one for decryption. The term '' cipher'' (sometimes ''cypher'') is often used to refer to a pair of algorithms, one for encryption and one for decryption. Therefore, the term ''cryptosystem'' is most often used when the key generation algorithm is important. For this reason, the term ''cryptosystem'' is commonly used to refer to public key techniques; however both "cipher" and "cryptosystem" are used for symmetric key techniques. Formal definition Mathematically, a cryptosystem or encryption scheme can be defined as a tuple In mathematics, a tuple is a finite ordered list (sequence) of elements. An -tuple is a sequence (or ordered list) of elements, where is a non-negative integer. There is only one 0-tuple, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Damgård–Jurik Cryptosystem
The Damgård–Jurik cryptosystemIvan Damgård, Mads JurikA Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System Public Key Cryptography 2001: 119-136 is a generalization of the Paillier cryptosystem. It uses computations modulo n^ where n is an RSA modulus and s a (positive) natural number. Paillier's scheme is the special case with s=1. The order \varphi(n^) ( Euler's totient function) of Z^*_ can be divided by n^s. Moreover, Z^*_ can be written as the direct product of G \times H. G is cyclic and of order n^s, while H is isomorphic to Z^*_n. For encryption, the message is transformed into the corresponding coset of the factor group G\times H/H and the security of the scheme relies on the difficulty of distinguishing random elements in different cosets of H. It is semantically secure if it is hard to decide if two given elements are in the same coset. Like Paillier, the security of Damgård–Jurik can be proven under the decisional ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Shamir's Secret Sharing
Shamir's Secret Sharing (SSS) is an efficient secret sharing algorithm for distributing private information (the "secret") in such a way that no individual holds intelligible information about the secret. To achieve this, the secret is converted into parts (the "shares") from which the secret can be reassembled when a sufficient number of shares are combined but not otherwise. SSS has the unusual property of information theoretic security, meaning an adversary without enough shares cannot reconstruct the secret even with infinite time and computing capacity. A standard SSS specification for cryptocurrency wallets has been widely implemented. High-level explanation SSS is used to secure a secret in a distributed way, most often to secure other encryption keys. The secret is split into multiple shares, which individually do not give any information about the secret. To unlock a secret secured by SSS a minimum number of shares are needed, called the ''threshold''. No additional i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Secure Multi-party Computation
Secure multi-party computation (also known as secure computation, multi-party computation (MPC) or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Unlike traditional cryptographic tasks, where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants (an eavesdropper on the sender and receiver), the cryptography in this model protects participants' privacy from each other. The foundation for secure multi-party computation started in the late 1970s with the work on mental poker, cryptographic work that simulates game playing/computational tasks over distances without requiring a trusted third party. Note that traditionally, cryptography was about concealing content, while this new type of computation and protocol is about concealing partial information about data while com ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Secret Sharing
Secret sharing (also called secret splitting) refers to methods for distributing a secret among a group, in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals combine their 'shares', the secret may be reconstructed. Whereas ''insecure'' secret sharing allows an attacker to gain more information with each share, ''secure'' secret sharing is 'all or nothing' (where 'all' means the necessary number of shares). In one type of secret sharing scheme there is one ''dealer'' and ''n'' ''players''. The dealer gives a share of the secret to the players, but only when specific conditions are fulfilled will the players be able to reconstruct the secret from their shares. The dealer accomplishes this by giving each player a share in such a way that any group of ''t'' (for ''threshold'') or more players can together reconstruct the secret but no group of fewer than ''t'' players can. Such a system is called a -thresho ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Distributed Key Generation
Distributed key generation (DKG) is a cryptographic process in which multiple parties contribute to the calculation of a shared public and private key set. Unlike most public key encryption models, distributed key generation does not rely on Trusted Third Parties. Instead, the participation of a threshold of honest parties determines whether a key pair can be computed successfully. Distributed key generation prevents single parties from having access to a private key. The involvement of many parties requires Distributed key generation to ensure secrecy in the presence of malicious contributions to the key calculation. Distributed Key Generation is commonly used to decrypt shared ciphertexts or create group digital signatures. History Distributed key generation protocol was first specified by Torben Pedersen in 1991. This first model depended on the security of the Joint-Feldman Protocol for verifiable secret sharing during the secret sharing process. In 1999, Rosario Genna ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Broadcast Encryption
Broadcast encryption is the cryptographic problem of delivering encrypted content (e.g. TV programs or data on DVDs) over a broadcast channel in such a way that only qualified users (e.g. subscribers who have paid their fees or DVD players conforming to a specification) can decrypt the content. The challenge arises from the requirement that the set of qualified users can change in each broadcast emission, and therefore revocation of individual users or user groups should be possible using broadcast transmissions, only, and without affecting any remaining users. As efficient revocation is the primary objective of broadcast encryption, solutions are also referred to as revocation schemes. Rather than directly encrypting the content for qualified users, broadcast encryption schemes distribute keying information that allows qualified users to reconstruct the content encryption key whereas revoked users find insufficient information to recover the key. The typical setting considered is t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
RSA (algorithm)
RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. The acronym "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent system was developed secretly in 1973 at Government Communications Headquarters (GCHQ) (the British signals intelligence agency) by the English mathematician Clifford Cocks. That system was declassified in 1997. In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers. The security of RSA relies on the practical difficulty of factoring the product of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Paillier Cryptosystem
The Paillier cryptosystem, invented by and named after Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. The problem of computing ''n''-th residue classes is believed to be computationally difficult. The decisional composite residuosity assumption is the intractability hypothesis upon which this cryptosystem is based. The scheme is an additive homomorphic cryptosystem; this means that, given only the public key and the encryption of m_1 and m_2, one can compute the encryption of m_1+m_2. Algorithm The scheme works as follows: Key generation #Choose two large prime numbers p and q randomly and independently of each other such that \gcd(pq, (p-1)(q-1))=1. This property is assured if both primes are of equal length.Jonathan Katz, Yehuda Lindell, "Introduction to Modern Cryptography: Principles and Protocols," Chapman & Hall/CRC, 2007 #Compute n=pq and \lambda=\operatorname(p-1,q-1). lcm means Least Common Multiple. #Select random int ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bitcoin
Bitcoin (abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. The cryptocurrency was invented in 2008 by an unknown person or group of people using the name Satoshi Nakamoto. The currency began use in 2009, when its implementation was released as open-source software. The word "''bitcoin''" was defined in a white paper published on October 31, 2008. It is a compound of the words ''bit'' and ''coin''. The legality of bitcoin varies by region. Nine countries have fully banned bitcoin use, while a further fifteen have implicitly banned it. A few governments have used bitcoin in some capacity. El Salvador has adopted Bitcoin as legal tender, although use by merchants remains low. Ukraine has accepted cryptocurrency donations to fund the resistance to the 2022 Rus ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve Digital Signature Algorithm
In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. Key and signature-size As with elliptic-curve cryptography in general, the bit size of the private key believed to be needed for ECDSA is about twice the size of the security level, in bits. For example, at a security level of 80 bits—meaning an attacker requires a maximum of about 2^ operations to find the private key—the size of an ECDSA private key would be 160 bits. On the other hand, the signature size is the same for both DSA and ECDSA: approximately 4 t bits, where t is the security level measured in bits, that is, about 320 bits for a security level of 80 bits. Signature generation algorithm Suppose Alice wants to send a signed message to Bob. Initially, they must agree on the curve parameters (\textrm, G, n). In addition to the field and equation of the curve, we need G, a base point of pri ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ElGamal
In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange. It was described by Taher Elgamal in 1985. ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm (DSA) is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption. ElGamal encryption can be defined over any cyclic group G, like multiplicative group of integers modulo ''n''. Its security depends upon the difficulty of a certain problem in G related to computing discrete logarithms. The algorithm ElGamal encryption consists of three components: the key generator, the encryption algorithm, and the decryption algorithm. Key generation The first party, Alice, generates a key pair as follows: * Generate an efficient description of a cyclic group G\, of order q\, with g ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
