HOME
*





Zero-knowledge Proof
In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information apart from the fact that the statement is indeed true. The essence of zero-knowledge proofs is that it is trivial to prove that one possesses knowledge of certain information by simply revealing it; the challenge is to prove such possession without revealing the information itself or any additional information. If proving a statement requires that the prover possess some secret information, then the verifier will not be able to prove the statement to anyone else without possessing the secret information. The statement being proved must include the assertion that the prover has such knowledge, but without including or transmitting the knowledge itself in the assertion. Otherwise, the statement would not be proved in zero-knowledge because it ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security ( data confidentiality, data integrity, authentication, and non-repudiation) are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications. Cryptography prior to the modern age was effectively synonymo ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Manuel Blum
Manuel Blum (born 26 April 1938) is a Venezuelan-American computer scientist who received the Turing Award in 1995 "In recognition of his contributions to the foundations of computational complexity theory and its application to cryptography and program checking". Education Blum was born to a Jewish family in Venezuela. Blum was educated at MIT, where he received his bachelor's degree and his master's degree in electrical engineering in 1959 and 1961 respectively, and his Ph.D. in mathematics in 1964 supervised by Marvin Minsky.. Career Blum worked as a professor of computer science at the University of California, Berkeley until 2001. From 2001 to 2018, he was the Bruce Nelson Professor of Computer Science at Carnegie Mellon University, where his wife, Lenore Blum, was also a professor of Computer Science. In 2002, he was elected to the United States National Academy of Sciences. In 2006, he was elected a member of the National Academy of Engineering for contributions to abstr ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Ring Signature
In cryptography, a ring signature is a type of digital signature that can be performed by any member of a set of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular set of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine ''which'' of the set's members' keys was used to produce the signature. Ring signatures are similar to group signatures but differ in two key ways: first, there is no way to revoke the anonymity of an individual signature; and second, any set of users can be used as a signing set without additional setup. Ring signatures were invented by Ron Rivest, Adi Shamir, and Yael Tauman Kalai, and introduced at ASIACRYPT in 2001. The name, ''ring signature'', comes from the ring-like structure of the signature algorithm. Definition Suppose that a set of entities each have public/private key pairs, (''P''1, ''S''1), (''P''2, ''S''2), ... ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Multi-party Computation
Secure multi-party computation (also known as secure computation, multi-party computation (MPC) or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Unlike traditional cryptographic tasks, where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants (an eavesdropper on the sender and receiver), the cryptography in this model protects participants' privacy from each other. The foundation for secure multi-party computation started in the late 1970s with the work on mental poker, cryptographic work that simulates game playing/computational tasks over distances without requiring a trusted third party. Note that traditionally, cryptography was about concealing content, while this new type of computation and protocol is about concealing partial information about data while comp ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Witness Indistinguishable Proof
A witness-indistinguishable proof (WIP) is a variant of a zero-knowledge proof In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information a ... for languages in NP. In a typical zero-knowledge proof of a statement, the prover will use a witness for the statement as input to the protocol, and the verifier will learn nothing other than the truth of the statement. In a WIP, this zero-knowledge condition is weakened, and the only guarantee is that the verifier will not be able to distinguish between provers that use different witnesses. In particular, the protocol may leak information about the set of all witnesses, or even leak the witness that was used when there is only one possible witness. Witness-indistinguishable proof systems were first introduced by Feige and Shamir. Unlike zero-knowledge pr ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Pairing-based Cryptography
Pairing-based cryptography is the use of a pairing between elements of two cryptographic groups to a third group with a mapping e :G_1 \times G_2 \to G_T to construct or analyze cryptographic systems. Definition The following definition is commonly used in most academic papers. Let F_q be a Finite field over prime q, G_1, G_2 two additive cyclic groups of prime order q and G_T another cyclic group of order q written multiplicatively. A pairing is a map: e: G_1 \times G_2 \rightarrow G_T , which satisfies the following properties: ; Bilinearity: \forall a,b \in F_q^*, P\in G_1, Q\in G_2:\ e\left(aP, bQ\right) = e\left(P, Q\right)^ ; Non-degeneracy: e \neq 1 ; Computability: There exists an efficient algorithm to compute e. Classification If the same group is used for the first two groups (i.e. G_1 = G_2), the pairing is called ''symmetric'' and is a mapping from two elements of one group to an element from a second group. Some researchers classify pairing instantiations int ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Proof Of Knowledge
In cryptography, a proof of knowledge is an interactive proof in which the prover succeeds in 'convincing' a verifier that the prover knows something. What it means for a machine to 'know something' is defined in terms of computation. A machine 'knows something', if this something can be computed, given the machine as an input. As the program of the prover does not necessarily spit out the knowledge itself (as is the case for zero-knowledge proofs) a machine with a different program, called the knowledge extractor is introduced to capture this idea. We are mostly interested in what can be proven by polynomial time bounded machines. In this case the set of knowledge elements is limited to a set of witnesses of some language in NP. Let x be a statement of language L in NP, and W(x) the set of witnesses for x that should be accepted in the proof. This allows us to define the following relation: R= \. A proof of knowledge for relation R with knowledge error \kappa is a two party prot ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Negligible Function
In mathematics, a negligible function is a function \mu:\mathbb\to\mathbb such that for every positive integer ''c'' there exists an integer ''N''''c'' such that for all ''x'' > ''N''''c'', :, \mu(x),  0 such that for all ''x'' > ''N''poly : , \mu(x), 0, there exists a positive number \delta>0 such that , x-x_0, N_\varepsilon ::, \mu(x), 0 by the functions 1/x^c where c>0 or by 1/\operatorname(x) where \operatorname(x) is a positive polynomial. This leads to the definitions of negligible functions given at the top of this article. Since the constants \varepsilon>0 can be expressed as 1/\operatorname(x) with a constant polynomial this shows that negligible functions are a subset of the infinitesimal functions. Use in cryptography In complexity-based modern cryptography, a security scheme is ''provably secure'' if the probability of security failure (e.g., inverting a one-way function, distinguishing cryptographically strong pseudorandom bits from truly ran ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Statistically Close
The variation distance of two distributions X and Y over a finite domain D, (often referred to as ''statistical difference'' or ''statistical distance'' Reyzin, Leo. (Lecture NotesExtractors and the Leftover Hash Lemma in cryptography) is defined as \Delta(X,Y)=\frac \sum _ , \Pr =\alpha- \Pr =\alpha, . We say that two probability ensembles \_ and \_ are statistically close if \Delta(X_k,Y_k) is a negligible function in k. References See also * Zero-knowledge proof * Randomness extractor A randomness extractor, often simply called an "extractor", is a function, which being applied to output from a weakly random information entropy, entropy source, together with a short, uniformly random seed, generates a highly random output that ap ... Cryptography {{crypto-stub ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Graph Isomorphism Problem
The graph isomorphism problem is the computational problem of determining whether two finite graphs are isomorphic. The problem is not known to be solvable in polynomial time nor to be NP-complete, and therefore may be in the computational complexity class NP-intermediate. It is known that the graph isomorphism problem is in the low hierarchy of class NP, which implies that it is not NP-complete unless the polynomial time hierarchy collapses to its second level. At the same time, isomorphism for many special classes of graphs can be solved in polynomial time, and in practice graph isomorphism can often be solved efficiently. This problem is a special case of the subgraph isomorphism problem, which asks whether a given graph ''G'' contains a subgraph that is isomorphic to another given graph ''H''; this problem is known to be NP-complete. It is also known to be a special case of the non-abelian hidden subgroup problem over the symmetric group. In the area of image recognition ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Commitment Scheme
A commitment scheme is a cryptographic primitive that allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later.Oded Goldreich (2001). Foundations of Cryptography: Volume 1, Basic Tools,draft availablefrom author's site). Cambridge University Press. . (see also http://www.wisdom.weizmann.ac.il/~oded/foc-book.html) Commitment schemes are designed so that a party cannot change the value or statement after they have committed to it: that is, commitment schemes are ''binding''. Commitment schemes have important applications in a number of cryptographic protocols including secure coin flipping, zero-knowledge proofs, and secure computation. A way to visualize a commitment scheme is to think of a sender as putting a message in a locked box, and giving the box to a receiver. The message in the box is hidden from the receiver, who cannot open the lock themselves. Since the receiver has the box, th ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Graph Isomorphism
In graph theory, an isomorphism of graphs ''G'' and ''H'' is a bijection between the vertex sets of ''G'' and ''H'' : f \colon V(G) \to V(H) such that any two vertices ''u'' and ''v'' of ''G'' are adjacent in ''G'' if and only if f(u) and f(v) are adjacent in ''H''. This kind of bijection is commonly described as "edge-preserving bijection", in accordance with the general notion of isomorphism being a structure-preserving bijection. If an isomorphism exists between two graphs, then the graphs are called isomorphic and denoted as G\simeq H. In the case when the bijection is a mapping of a graph onto itself, i.e., when ''G'' and ''H'' are one and the same graph, the bijection is called an automorphism of ''G''. If a graph is finite, we can prove it to be bijective by showing it is one-one/onto; no need to show both. Graph isomorphism is an equivalence relation on graphs and as such it partitions the class of all graphs into equivalence classes. A set of graphs isomorphic to each ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]