Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

1.4 Security Definitions
1.5 The Model of Adversary
1.6 Road map to Encryption
One-way and trapdoor functions
2.1 One-Way Functions: Motivation
2.2 One-Way Functions: Definitions
2.2.1 (Strong) One Way Functions
2.2.2 Weak One-Way Functions
2.2.3 Non-Uniform One-Way Functions
2.2.4 Collections Of One Way Functions
2.3 In Search of Examples
2.3.1 The Discrete Logarithm Function
2.3.2 The RSA function
2.3.3 Connection Between The Factorization Problem And Inverting RSA
2.3.4 The Squaring Trapdoor Function Candidate by Rabin
2.3.5 A Squaring Permutation as Hard to Invert as Factoring
2.4 Hard-core Predicate of a One Way Function
2.4.1 Hard Core Predicates for General One-Way Functions
2.4.2 Bit Security Of The Discrete Logarithm Function
2.4.3 Bit Security of RSA and SQUARING functions
2.5 One-Way and Trapdoor Predicates
2.5.1 Examples of Sets of Trapdoor Predicates
3.2 The Existence Of A Pseudo-Random Generator
3.3 Next Bit Tests
3.4 Examples of Pseudo-Random Generators
3.4.1 Blum/Blum/Shub Pseudo-Random Generator
4.1 What is a block cipher?
4.2 Data Encryption Standard (DES)
4.2.1 A brief history
4.2.2 Construction
4.2.3 Speed
4.3 Key recovery attacks on block ciphers
4.4 Iterated-DES and DESX
4.4.1 Double-DES
4.4.2 Triple-DES
4.4.3 DESX
4.4.4 Why a new cipher?
4.5 Advanced Encryption Standard (AES)
4.6 Limitations of key-recovery based security
4.7 Problems
Pseudo-random functions
5.1 Function families
5.2 Random functions and permutations
5.2.1 Random functions
5.2.2 Random permutations
5.3 Pseudorandom functions
5.4 Pseudorandom permutations
5.4.1 PRP under CPA
5.4.2 PRP under CCA
5.4.3 Relations between the notions
5.5 Modeling block ciphers
5.6 Example Attacks
5.7 Security against key recovery
5.8 The birthday attack
5.9 The PRP/PRF switching lemma
5.10 Sequences of families of PRFs and PRPs
5.11 Some applications of PRFs
5.11.1 Cryptographically Strong Hashing
5.11.2 Prediction
5.11.3 Learning
5.11.4 Identify Friend or Foe
5.11.5 Private-Key Encryption
5.12 Historical notes
5.13 Problems
Private-key encryption
6.1 Symmetric encryption schemes
6.2 Some symmetric encryption schemes
6.2.1 The one-time-pad encryption scheme
6.2.2 Some modes of operation
6.3 Issues in privacy
6.4 Indistinguishability under chosen-plaintext attack
6.4.1 Definition
6.4.2 Alternative interpretation
6.4.3 Why is this a good definition?
6.5 Example chosen-plaintext attacks
6.5.1 Attack on ECB
6.5.2 Any deterministic, stateless schemes is insecure
6.5.3 Attack on CBC encryption with counter IV
6.6 IND-CPA implies PR-CPA
6.7 Security of CTR modes
6.7.1 Proof of Theorem 6.13
6.7.2 Proof of Theorem 6.14
6.8 Security of CBC with a random IV
6.9 Indistinguishability under chosen-ciphertext attack
6.10 Example chosen-ciphertext attacks
6.10.1 Attacks on the CTR schemes
6.10.2 Attack on CBC$
6.11 Other methods for symmetric encryption
6.11.1 Generic encryption with pseudorandom functions
6.11.2 Encryption with pseudorandom bit generators
6.11.3 Encryption with one-way functions
6.12 Historical notes
6.13 Problems
Public-key encryption
7.1 Definition of Public-Key Encryption
7.2 Simple Examples of PKC: The Trapdoor Function Model
7.2.1 Problems with the Trapdoor Function Model
7.2.2 Problems with Deterministic Encryption in General
7.2.3 The RSA Cryptosystem
7.2.4 Rabin’s Public key Cryptosystem
7.4.3 General Probabilistic Encryption
7.4.4 Efficient Probabilistic Encryption
7.4.5 An implementation of EPE with cost equal to the cost of RSA
7.4.6 Practical RSA based encryption
7.4.7 Enhancements
7.5 Exploring Active Adversaries
8.1 The hash function SHA1
8.2 Collision-resistant hash functions
8.3 Collision-finding attacks
8.4 One-wayness of collision-resistant hash functions
8.5 The MD transform
8.6 Collision-resistance under hidden-key attack
8.7 Problems
Message authentication
9.1 The setting
9.2 Privacy does not imply authenticity
9.3 Syntax of message-authentication schemes
9.4 A definition of security for MACs
9.4.1 Towards a definition of security
9.4.2 Definition of security
9.5 Examples
9.6 The PRF-as-a-MAC paradigm
9.7 The CBC MACs
9.7.1 The basic CBC MAC
9.7.2 Birthday attack on the CBC MAC
9.7.3 Length Variability
9.8 MACing with cryptographic hash functions
9.8.1 The HMAC construction
9.8.2 Security of HMAC
9.8.3 Resistance to known attacks
9.9 Universal hash based MACs
9.10 Minimizing assumptions for MACs
9.11 Problems
Digital signatures
10.1 The Ingredients of Digital Signatures
10.2 Digital Signatures: the Trapdoor Function Model
10.3 Defining and Proving Security for Signature Schemes
10.3.1 Attacks Against Digital Signatures
10.3.2 The RSA Digital Signature Scheme
10.3.3 El Gamal’s Scheme
10.3.4 Rabin’s Scheme
10.4 Probabilistic Signatures
10.4.1 Claw-free Trap-door Permutations
10.4.2 Example: Claw-free permutations exists if factoring is hard
10.4.3 How to sign one bit
10.4.4 How to sign a message
10.4.5 A secure signature scheme based on claw free permutations
10.4.6 A secure signature scheme based on trapdoor permutations
10.5.3 Generation of RSA parameters
10.5.4 One-wayness problems
10.5.5 Trapdoor signatures
10.5.6 The hash-then-invert paradigm
10.5.7 The PKCS #1 scheme
10.5.8 The FDH scheme
10.5.9 PSS0: A security improvement
10.5.10 The Probabilistic Signature Scheme – PSS
10.5.11 Signing with Message Recovery – PSS-R
10.5.12 How to implement the hash functions
10.5.13 Comparison with other schemes
10.6 Threshold Signature Schemes
10.6.1 Key Generation for a Threshold Scheme
10.6.2 The Signature Protocol
Key distribution
11.1 Diffie Hellman secret key exchange
11.1.1 The protocol
11.1.2 Security against eavesdropping: The DH problem
11.1.3 The DH cryptosystem
11.1.4 Bit security of the DH key
11.1.5 The lack of authenticity
11.2 Session key distribution
11.2.1 Trust models and key distribution problems
11.2.2 History of session key distribution
11.2.3 An informal description of the problem
11.2.4 Issues in security
11.2.5 Entity authentication versus key distribution
11.3 Three party session key distribution
11.4 Authenticated key exchanges
11.4.1 The symmetric case
11.4.2 The asymmetric case
11.5 Forward secrecy
12.1 Some two party protocols
12.1.1 Oblivious transfer
12.1.2 Simultaneous contract signing
12.1.3 Bit Commitment
12.1.4 Coin flipping in a well
12.1.5 Oblivious circuit evaluation
12.1.6 Simultaneous Secret Exchange Protocol
12.2 Zero-Knowledge Protocols
12.2.1 Interactive Proof-Systems(IP)
12.2.2 Examples
12.2.3 Zero-Knowledge
12.2.4 Definitions
12.2.5 If there exists one way functions, then NP is in KC[0]
12.2.6 Applications to User Identification
12.3 Multi Party protocols
12.3.1 Secret sharing
12.3.2 Verifiable Secret Sharing
12.3.3 Anonymous Transactions
12.3.4 Multiparty Ping-Pong Protocols
12.3.5 Multiparty Protocols When Most Parties are Honest
12.4 Electronic Elections
12.4.1 The Merritt Election Protocol
12.4.2 A fault-tolerant Election Protocol
12.4.3 The protocol
12.4.4 Uncoercibility
12.5 Digital Cash
12.5.1 Required properties for Digital Cash
12.5.2 A First-Try Protocol
12.5.3 Blind signatures
12.5.4 RSA blind signatures
12.5.5 Fixing the dollar amount
12.5.6 On-line digital cash
12.5.7 Off-line digital cash
The birthday problem
A.1 The birthday problem
Some complexity theory background
B.1 Complexity Classes and Standard Definitions
B.1.1 Complexity Class P
B.1.2 Complexity Class NP
B.1.3 Complexity Class BPP
B.2 Probabilistic Algorithms
B.2.1 Notation For Probabilistic Turing Machines
B.2.2 Different Types of Probabilistic Algorithms
B.2.3 Non-Uniform Polynomial Time
B.3 Adversaries
B.3.1 Assumptions To Be Made
B.4 Some Inequalities From Probability Theory
Some number theory background
C.1 Groups: Basics
C.2 Arithmatic of numbers: +, *, GCD
C.3 Modular operations and groups
C.3.1 Simple operations
C.3.2 The main groups: Zn and Z∗n
C.3.3 Exponentiation
C.4 Chinese remainders
C.5 Primitive elements and Z∗p
C.5.1 Definitions
C.5.2 The group Z∗p
C.5.3 Finding generators
C.6 Quadratic residues
C.7 Jacobi Symbol
C.9 Primality Testing
C.9.2 Pratt’s Primality Test
C.9.3 Probabilistic Primality Tests
C.9.4 Solovay-Strassen Primality Test
C.9.5 Miller-Rabin Primality Test
C.9.6 Polynomial Time Proofs Of Primality
C.9.7 An Algorithm Which Works For Some Primes
C.9.8 Goldwasser-Kilian Primality Test
C.9.9 Correctness Of The Goldwasser-Kilian Algorithm
C.9.10 Expected Running Time Of Goldwasser-Kilian
C.9.11 Expected Running Time On Nearly All Primes
C.10 Factoring Algorithms
C.11 Elliptic Curves
C.11.1 Elliptic Curves Over Zn
C.11.2 Factoring Using Elliptic Curves
C.11.3 Correctness of Lenstra’s Algorithm
C.11.4 Running Time Analysis
D.1 Authentication
D.2 Privacy
D.3 Key Size
D.4 E-mail compatibility
D.5 One-time IDEA keys generation
D.6 Public-Key Management
E.1 Secret Key Encryption
E.1.1 DES
E.1.2 Error Correction in DES ciphertexts
E.1.3 Brute force search in CBC mode
E.1.4 E-mail
E.2 Passwords
E.3 Number Theory
E.3.1 Number Theory Facts
E.3.2 Relationship between problems
E.3.3 Probabilistic Primality Test
E.4 Public Key Encryption
E.4.1 Simple RSA question
E.4.2 Another simple RSA question
E.4.3 Protocol Failure involving RSA
E.4.4 RSA for paranoids
E.4.5 Hardness of Diffie-Hellman
E.4.6 Bit commitment
E.4.7 Perfect Forward Secrecy
E.4.8 Plaintext-awareness and non-malleability
E.4.9 Probabilistic Encryption
E.5 Secret Key Systems
E.5.1 Simultaneous encryption and authentication
E.6 Hash Functions
E.6.1 Birthday Paradox
E.6.2 Hash functions from DES
E.6.3 Hash functions from RSA
E.7 Pseudo-randomness
E.7.1 Extending PRGs
E.7.2 From PRG to PRF
E.8 Digital Signatures
E.8.1 Table of Forgery
E.8.2 ElGamal
E.8.3 Suggested signature scheme
E.8.4 Ong-Schnorr-Shamir
E.9 Protocols
E.9.1 Unconditionally Secure Secret Sharing
E.9.2 Secret Sharing with cheaters
E.9.3 Zero–Knowledge proof for discrete logarithms
E.9.4 Oblivious Transfer
E.9.5 Electronic Cash
E.9.6 Atomicity of withdrawal protocol
E.9.7 Blinding with ElGamal/DSS
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 15|Likes:
Published by supernova_gal

More info:

Published by: supernova_gal on Apr 15, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 6 to 9 are not shown in this preview.
You're Reading a Free Preview
Pages 15 to 38 are not shown in this preview.
You're Reading a Free Preview
Pages 44 to 124 are not shown in this preview.
You're Reading a Free Preview
Pages 130 to 180 are not shown in this preview.
You're Reading a Free Preview
Pages 186 to 289 are not shown in this preview.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->