|
Decisional Diffie–Hellman Assumption
The decisional Diffie–Hellman (DDH) assumption is a computational hardness assumption about a certain problem involving discrete logarithms in cyclic groups. It is used as the basis to prove the security of many cryptographic protocols, most notably the ElGamal and Cramer–Shoup cryptosystems. Definition Consider a (multiplicative) cyclic group G of order q, and with generator g. The DDH assumption states that, given g^a and g^b for uniformly and independently chosen a,b \in \mathbb_q, the value g^ "looks like" a random element in G. This intuitive notion can be formally stated by saying that the following two probability distributions are computationally indistinguishable (in the security parameter, n=\log(q)): * (g^a,g^b,g^), where a and b are randomly and independently chosen from \mathbb_q. * (g^a,g^b,g^c), where a,b,c are randomly and independently chosen from \mathbb_q. Triples of the first kind are often called DDH triplet or DDH tuples. Relation to other assumptions ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computational Hardness Assumption
In computational complexity theory, a computational hardness assumption is the hypothesis that a particular problem cannot be solved efficiently (where ''efficiently'' typically means "in polynomial time"). It is not known how to prove (unconditional) hardness for essentially any useful problem. Instead, computer scientists rely on reductions to formally relate the hardness of a new or complicated problem to a computational hardness assumption about a problem that is better-understood. Computational hardness assumptions are of particular importance in cryptography. A major goal in cryptography is to create cryptographic primitives with provable security. In some cases, cryptographic protocols are found to have information theoretic security; the one-time pad is a common example. However, information theoretic security cannot always be achieved; in such cases, cryptographers fall back to computational security. Roughly speaking, this means that these systems are secure ''assuming th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve
In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a plane algebraic curve which consists of solutions for: :y^2 = x^3 + ax + b for some coefficients and in . The curve is required to be non-singular, which means that the curve has no cusps or self-intersections. (This is equivalent to the condition , that is, being square-free in .) It is always understood that the curve is really sitting in the projective plane, with the point being the unique point at infinity. Many sources define an elliptic curve to be simply a curve given by an equation of this form. (When the coefficient field has characteristic 2 or 3, the above equation is not quite general enough to include all non-singular cubic cu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
XDH Assumption
The external Diffie–Hellman (XDH) assumption is a computational hardness assumption used in elliptic curve cryptography. The XDH assumption holds that there exist certain subgroups of elliptic curves which have useful properties for cryptography. Specifically, XDH implies the existence of two distinct groups \langle_1, _2\rangle with the following properties: # The discrete logarithm problem (DLP), the computational Diffie–Hellman problem (CDH), and the computational co-Diffie–Hellman problem are all intractable in _1 and _2. # There exists an efficiently computable bilinear map (pairing) e(\cdot, \cdot) : _1 \times _2 \rightarrow _T. # The decisional Diffie–Hellman problem (DDH) is intractable in _1. The above formulation is referred to as asymmetric XDH. A stronger version of the assumption (symmetric XDH, or SXDH) holds if DDH is ''also'' intractable in _2. The XDH assumption is used in some pairing-based cryptographic protocols. In certain elli ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computational Hardness Assumptions
In computational complexity theory, a computational hardness assumption is the hypothesis that a particular problem cannot be solved efficiently (where ''efficiently'' typically means "in polynomial time"). It is not known how to prove (unconditional) hardness for essentially any useful problem. Instead, computer scientists rely on reductions to formally relate the hardness of a new or complicated problem to a computational hardness assumption about a problem that is better-understood. Computational hardness assumptions are of particular importance in cryptography. A major goal in cryptography is to create cryptographic primitives with provable security. In some cases, cryptographic protocols are found to have information theoretic security; the one-time pad is a common example. However, information theoretic security cannot always be achieved; in such cases, cryptographers fall back to computational security. Roughly speaking, this means that these systems are secure ''assuming th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Diffie–Hellman Key Exchange
Diffie–Hellman key exchangeSynonyms of Diffie–Hellman key exchange include: * Diffie–Hellman–Merkle key exchange * Diffie–Hellman key agreement * Diffie–Hellman key establishment * Diffie–Hellman key negotiation * Exponential key exchange * Diffie–Hellman protocol * Diffie–Hellman handshake is a mathematical method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical means, such as paper key lists transported by a trusted courier. The Di ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Diffie–Hellman Problem
The Diffie–Hellman problem (DHP) is a mathematical problem first proposed by Whitfield Diffie and Martin Hellman in the context of cryptography. The motivation for this problem is that many security systems use one-way functions: mathematical operations that are fast to compute, but hard to reverse. For example, they enable encrypting a message, but reversing the encryption is difficult. If solving the DHP were easy, these systems would be easily broken. Problem description The Diffie–Hellman problem is stated informally as follows: : Given an element ''g'' and the values of ''gx'' and ''gy'', what is the value of ''gxy''? Formally, ''g'' is a generator of some group (typically the multiplicative group of a finite field or an elliptic curve group) and ''x'' and ''y'' are randomly chosen integers. For example, in the Diffie–Hellman key exchange, an eavesdropper observes ''gx'' and ''gy'' exchanged as part of the protocol, and the two parties both compute the shared key ' ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Tate Pairing
In mathematics, Tate pairing is any of several closely related bilinear pairings involving elliptic curves or abelian varieties, usually over local or finite fields, based on the Tate duality pairings introduced by and extended by . applied the Tate pairing over finite fields to cryptography. See also * Weil pairing Weil may refer to: Places in Germany *Weil, Bavaria *Weil am Rhein, Baden-Württemberg * Weil der Stadt, Baden-Württemberg *Weil im Schönbuch, Baden-Württemberg Other uses * Weil (river), Hesse, Germany * Weil (surname), including people with ... References * * * * Pairing-based cryptography Elliptic curve cryptography Elliptic curves {{Crypto-stub ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Weil Pairing
Weil may refer to: Places in Germany *Weil, Bavaria *Weil am Rhein, Baden-Württemberg *Weil der Stadt, Baden-Württemberg *Weil im Schönbuch, Baden-Württemberg Other uses * Weil (river), Hesse, Germany * Weil (surname), including people with the surname Weill, Weyl * Doctor Weil (Mega Man Zero), a fictional character from the ''Mega Man'' Zero video game series * Weil-Marbach, now the Marbach Stud in Baden-Württemberg See also * Weill (other) * Weil, Gotshal & Manges Weil, Gotshal & Manges LLP is an American international law firm with approximately 1,100 attorneys, headquartered in New York City. With a gross annual revenue in excess of $1.8 billion, it is among the world's largest law firms according to ..., law firm founded in the United States * Weil's disease {{disambiguation, geo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Supersingular Elliptic Curve
In algebraic geometry, supersingular elliptic curves form a certain class of elliptic curves over a field of characteristic ''p'' > 0 with unusually large endomorphism rings. Elliptic curves over such fields which are not supersingular are called ''ordinary'' and these two classes of elliptic curves behave fundamentally differently in many aspects. discovered supersingular elliptic curves during his work on the Riemann hypothesis for elliptic curves by observing that positive characteristic elliptic curves could have endomorphism rings of unusually large rank 4, and developed their basic theory. The term "supersingular" has nothing to do with singular points of curves, and all supersingular elliptic curves are non-singular. It comes from the phrase "singular values of the j-invariant" used for values of the j-invariant for which a complex elliptic curve has complex multiplication. The complex elliptic curves with complex multiplication are those for which the endomorp ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Legendre Symbol
In number theory, the Legendre symbol is a multiplicative function with values 1, −1, 0 that is a quadratic character modulo an odd prime number ''p'': its value at a (nonzero) quadratic residue mod ''p'' is 1 and at a non-quadratic residue (''non-residue'') is −1. Its value at zero is 0. The Legendre symbol was introduced by Adrien-Marie Legendre in 1798 in the course of his attempts at proving the law of quadratic reciprocity. Generalizations of the symbol include the Jacobi symbol and Dirichlet characters of higher order. The notational convenience of the Legendre symbol inspired introduction of several other "symbols" used in algebraic number theory, such as the Hilbert symbol and the Artin symbol. Definition Let p be an odd prime number. An integer a is a quadratic residue modulo p if it is congruent to a perfect square modulo p and is a quadratic nonresidue modulo p otherwise. The Legendre symbol is a function of a and p defined as :\left(\frac\right) = \begi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hyper-elliptic Curve
In algebraic geometry, a hyperelliptic curve is an algebraic curve of genus ''g'' > 1, given by an equation of the form y^2 + h(x)y = f(x) where ''f''(''x'') is a polynomial of degree ''n'' = 2''g'' + 1 > 4 or ''n'' = 2''g'' + 2 > 4 with ''n'' distinct roots, and ''h''(''x'') is a polynomial of degree 3. Therefore, in giving such an equation to specify a non-singular curve, it is almost always assumed that a non-singular model (also called a smooth completion), equivalent in the sense of birational geometry, is meant. To be more precise, the equation defines a quadratic extension of C(''x''), and it is that function field that is meant. The singular point at infinity can be removed (since this is a curve) by the normalization (integral closure) process. It turns out that after doing this, there is an open cover of the curve by two affine charts: the one already given by y^2 = f(x) and another one given by w^2 = v^f(1/v) . The glueing maps between the two charts are given by (x,y ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Jacobian Variety
In mathematics, the Jacobian variety ''J''(''C'') of a non-singular algebraic curve ''C'' of genus ''g'' is the moduli space of degree 0 line bundles. It is the connected component of the identity in the Picard group of ''C'', hence an abelian variety. Introduction The Jacobian variety is named after Carl Gustav Jacobi, who proved the complete version of the Abel–Jacobi theorem, making the injectivity statement of Niels Abel into an isomorphism. It is a principally polarized abelian variety, of dimension ''g'', and hence, over the complex numbers, it is a complex torus. If ''p'' is a point of ''C'', then the curve ''C'' can be mapped to a subvariety of ''J'' with the given point ''p'' mapping to the identity of ''J'', and ''C'' generates ''J'' as a group. Construction for complex curves Over the complex numbers, the Jacobian variety can be realized as the quotient space ''V''/''L'', where ''V'' is the dual of the vector space of all global holomorphic differentials on ''C'' ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
