K — Advanced Topics in Cryptography February 5 , 2004 Lecture 4
نویسندگان
چکیده
The focus of this lecture is efficient public-key encryption. In the previous lecture, we discussed a public-key encryption scheme for 1-bit messages. However, to encrypt an `-bit message, we can simply encrypt ` one-bit messages and send these (and we proved last time that this remains secure in the case of public-key encryption). Here, we first describe (briefly) how to combine public and private key encryption to obtain a public-key encryption scheme with the efficiency of a private-key scheme (for long messages). Next, we describe an efficient public key encryption scheme called El Gamal encryption [2] which is based on a particular number-theoretic assumption rather than the general assumption of trapdoor permutations. In the course of introducing this scheme, we discuss how it relies on the Discrete Logarithm Problem and the Decisional Diffie-Hellman Assumption.
منابع مشابه
K — Advanced Topics in Cryptography March
In the last few lectures, we introduced the hidden-bits model for non-interactive zeroknowledge (NIZK) and showed a conversion from any NIZK proof system in the hidden bits model to one in the real model, using trapdoor permutations. In this lecture, we complete the construction (which we had begin last lecture) of an NIZK proof system in the hidden-bits model. Putting these results together, w...
متن کاملAdvanced Topics in Cryptography April 29 , 2004 Lecture 25 Lecturer : Jonathan
In this lecture, we discuss concrete applications of zero-knowledge proof systems to the task of constructing (public-key 1) identification schemes. We begin with an informal definition of what these are. Definition 1 A (public-key) identification scheme consists of a prover P who has generated some public-/private-key pair (P K, SK), and wants to prove his identity to a verifier V who knows P ...
متن کاملCmsc 858k — Advanced Topics in Cryptography
In a previous lecture, we saw how to construct a three-round zero-knowledge (ZK) proof system for graph 3-colorability with soundness error 1 − 1/ |E| on a common input G = (V,E). The soundness error can be made negligible, while maintaining zero knowledge, by repeating the protocol |E| · ω(log k) times sequentially (where k is the security parameter); unfortunately, this increases the round co...
متن کاملCmsc 858k — Advanced Topics in Cryptography
In a previous class (Lecture 25), we showed how to construct an identification scheme which is secure against a passive adversary using an Honest-Verifier Zero-Knowledge Proof of Knowledge (HVZK-PoK). We also showed that it is possible to construct an Identification Scheme secure against an active adversary using a Witness Indistinguishable Proof of Knowledge (WI-PoK). In this lecture, we will ...
متن کامل