LEADER 09776nam 2200589 450 001 9910831087403321 005 20230401163704.0 010 $a1-394-18836-6 010 $a1-394-18834-X 024 7 $a10.1002/9781394188369 035 $a(MiAaPQ)EBC7143505 035 $a(Au-PeEL)EBL7143505 035 $a(CKB)25401995200041 035 $a(OCoLC)1371441714 035 $a(OCoLC-P)1371441714 035 $a(CaSebORM)9781789450965 035 $a(OCoLC)1356854113 035 $a(OCoLC-P)1356854113 035 $a(EXLCZ)9925401995200041 100 $a20230401d2022 uy 0 101 0 $aeng 135 $aurcnu|||||||| 181 $ctxt$2rdacontent 182 $cc$2rdamedia 183 $acr$2rdacarrier 200 00$aAsymmetric cryptography $eprimitives and protocols /$fcoordinated by David Pointcheval 205 $a[First edition]. 210 1$aHoboken :$cISTE Ltd :$cJohn Wiley and Sons Inc,$d[2022] 210 4$d©2022 215 $a1 online resource (301 pages) 225 1 $aSciences. Computer science. Cryptography, data security 311 08$aPrint version: Pointcheval, David Asymmetric Cryptography Newark : John Wiley & Sons, Incorporated,c2022 9781789450965 320 $aIncludes bibliographical references and index. 327 $aCover -- Title Page -- Copyright Page -- Contents -- Foreword -- Chapter 1. Public-Key Encryption and Security Notions -- 1.1. Basic definitions for PKE -- 1.1.1. Basic notation -- 1.1.2. Public-key encryption -- 1.1.3. IND-CPA and IND-CCA security -- 1.1.4. Other basic security notions and relations -- 1.2. Basic PKE schemes -- 1.2.1. Game-based proofs -- 1.2.2. ElGamal encryption -- 1.2.3. Simplified CS encryption -- 1.2.4. Cramer-Shoup encryption -- 1.2.5. Other specific PKE schemes -- 1.3. Generic constructions for IND-CCA secure PKE -- 1.3.1. Hybrid encryption -- 1.3.2. Naor-Yung construction and extensions -- 1.3.3. Fujisaki-Okamoto and other transforms in the RO model -- 1.3.4. Other generic constructions for IND-CCA secure PKE -- 1.4. Advanced topics -- 1.4.1. Intermediate notions related to CCA -- 1.4.2. IND-CCA security in multi-user setting and tight security -- 1.4.3. Key-dependent message security -- 1.4.4. More topics on PKE -- 1.5. References -- Chapter 2. Signatures and Security Notions -- 2.1. Signature schemes -- 2.1.1. Definition -- 2.1.2. Examples of practical schemes -- 2.2. Unforgeability -- 2.2.1. Discussion -- 2.2.2. Existential unforgeability under chosen-message attacks -- 2.2.3. Unforgeability of practical schemes -- 2.3. Strong unforgeability -- 2.3.1. Discussion -- 2.3.2. Strong existential unforgeability under chosen-message attacks -- 2.3.3. Strong unforgeability of practical schemes -- 2.3.4. Building strongly unforgeable schemes -- 2.4. Summary -- 2.5. References -- Chapter 3. Zero-Knowledge Proofs -- 3.1. Introduction -- 3.2. Notation -- 3.3. Classical zero-knowledge proofs -- 3.3.1. Zero knowledge -- 3.4. How to build a zero-knowledge proof system -- 3.4.1. ZK proofs for all NP -- 3.4.2. Round complexity -- 3.5. Relaxed security in proof systems -- 3.5.1. Honest-verifier ZK. 327 $a3.5.2. Witness hiding/indistinguishability -- 3.5.3. Ó-Protocols -- 3.6. Non-black-box zero knowledge -- 3.7. Advanced notions -- 3.7.1. Publicly verifiable zero knowledge -- 3.7.2. Concurrent ZK and more -- 3.7.3. ZK with stateless players -- 3.7.4. Delayed-input proof systems -- 3.8. Conclusion -- 3.9. References -- Chapter 4. Secure Multiparty Computation -- 4.1. Introduction -- 4.1.1. A note on terminology -- 4.2. Security of MPC -- 4.2.1. The definitional paradigm -- 4.2.2. Additional definitional parameters -- 4.2.3. Adversarial power -- 4.2.4. Modular sequential and concurrent composition -- 4.2.5. Important definitional implications -- 4.2.6. The ideal model and using MPC in practice -- 4.2.7. Any inputs are allowed -- 4.2.8. MPC secures the process, but not the output -- 4.3. Feasibility of MPC -- 4.4. Techniques -- 4.4.1. Shamir secret sharing -- 4.4.2. Honest-majority MPC with secret sharing -- 4.4.3. Private set intersection -- 4.4.4. Threshold cryptography -- 4.4.5. Dishonest-majority MPC -- 4.4.6. Efficient and practical MPC -- 4.5. MPC use cases -- 4.5.1. Boston wage gap (Lapets et al. 2018) -- 4.5.2. Advertising conversion (Ion et al. 2017) -- 4.5.3. MPC for cryptographic key protection (Unbound Security -- Sepior -- Curv) -- 4.5.4. Government collaboration (Sharemind) -- 4.5.5. Privacy-preserving analytics (Duality) -- 4.6. Discussion -- 4.7. References -- Chapter 5. Pairing-Based Cryptography -- 5.1. Introduction -- 5.1.1. Notations -- 5.1.2. Generalities -- 5.2. One small step for man, one giant leap for cryptography -- 5.2.1. Opening Pandora's box, demystifying the magic -- 5.2.2. A new world of assumptions -- 5.3. A new world of cryptographic protocols at your fingertips -- 5.3.1. Identity-based encryption made easy -- 5.3.2. Efficient deterministic compact signature -- 5.4. References. 327 $aChapter 6. Broadcast Encryption and Traitor Tracing -- 6.1. Introduction -- 6.2. Security notions for broadcast encryption and TT -- 6.3. Overview of broadcast encryption and TT -- 6.4. Tree-based methods -- 6.5. Code-based TT -- 6.6. Algebraic schemes -- 6.7. Lattice-based approach with post-quantum security -- 6.8. References -- Chapter 7. Attribute-Based Encryption -- 7.1. Introduction -- 7.2. Pairing groups -- 7.2.1. Cyclic groups -- 7.2.2. Pairing groups -- 7.3. Predicate encodings -- 7.3.1. Definition -- 7.3.2. Constructions -- 7.4. Attribute-based encryption -- 7.4.1. Definition -- 7.4.2. A modular construction -- 7.5. References -- Chapter 8. Advanced Signatures -- 8.1. Introduction -- 8.2. Some constructions -- 8.2.1. The case of scalar messages -- 8.2.2. The case of non-scalar messages -- 8.3. Applications -- 8.3.1. Anonymous credentials -- 8.3.2. Group signatures -- 8.3.3. Direct anonymous attestations -- 8.4. References -- Chapter 9. Key Exchange -- 9.1. Key exchange fundamentals -- 9.1.1. Key exchange parties -- 9.1.2. Key exchange messages -- 9.1.3. Key derivation functions -- 9.2. Unauthenticated key exchange -- 9.2.1. Formal definitions and security models -- 9.2.2. Constructions and examples -- 9.3. Authenticated key exchange -- 9.3.1. Non-interactive key exchange -- 9.3.2. AKE security models -- 9.3.3. Constructions and examples -- 9.4. Conclusion -- 9.5. References -- Chapter 10. Password Authenticated Key Exchange: Protocols and Security Models -- 10.1. Introduction -- 10.2. First PAKE: EKE -- 10.3. Game-based model of PAKE security -- 10.3.1. The BPR security model -- 10.3.2. Implicit versus explicit authentication -- 10.3.3. Limitations of the BPR model -- 10.3.4. EKE instantiated with Diffie-Hellman KE -- 10.3.5. Implementing ideal cipher on arbitrary groups -- 10.4. Simulation-based model of PAKE security. 327 $a10.4.1. The BMP security model -- 10.4.2. Advantages of BMP definition: arbitrary passwords, tight security -- 10.4.3. EKE using RO-derived one-time pad encryption -- 10.4.4. BMP model for PAKE with explicit authentication (PAKE-EA) -- 10.5. Universally composable model of PAKE security -- 10.6. PAKE protocols in the standard model -- 10.7. PAKE efficiency optimizations -- 10.8. Asymmetric PAKE: PAKE for the client-server setting -- 10.9. Threshold PAKE -- 10.10. References -- Chapter 11. Verifiable Computation and Succinct Arguments for NP -- 11.1. Introduction -- 11.1.1. Background -- 11.2. Preliminaries -- 11.3. Verifiable computation -- 11.4. Constructing VC -- 11.4.1. VC for circuits in three steps -- 11.4.2. Succinct non-interactive arguments for non-deterministic computation -- 11.4.3. Verifiable computation from SNARG -- 11.5. A modular construction of SNARGs -- 11.5.1. Algebraic non-interactive linear proofs -- 11.5.2. Bilinear groups -- 11.5.3. SNARGs from algebraic NILPs with degree-2 verifiers using bilinear groups -- 11.6. Constructing algebraic NILPs for arithmetic circuits -- 11.6.1. Arithmetic circuits -- 11.6.2. Quadratic arithmetic programs -- 11.6.3. Algebraic NILP for QAPs -- 11.7. Conclusion -- 11.8. References -- List of Authors -- Index -- EULA. 330 $aPublic key cryptography was introduced by Diffie and Hellman in 1976, and it was soon followed by concrete instantiations of public-key encryption and signatures; these led to an entirely new field of research with formal definitions and security models. Since then, impressive tools have been developed with seemingly magical properties, including those that exploit the rich structure of pairings on elliptic curves. Asymmetric Cryptography starts by presenting encryption and signatures, the basic primitives in public-key cryptography. It goes on to explain the notion of provable security, which formally defines what "secure" means in terms of a cryptographic scheme. A selection of famous families of protocols are then described, including zero-knowledge proofs, multi-party computation and key exchange. After a general introduction to pairing-based cryptography, this book presents advanced cryptographic schemes for confidentiality and authentication with additional properties such as anonymous signatures and multi-recipient encryption schemes. Finally, it details the more recent topic of verifiable computation. 410 0$aSciences.$pComputer science: Cryptography, data security. 606 $aCryptography 606 $aData encryption (Computer science) 615 0$aCryptography. 615 0$aData encryption (Computer science) 676 $a652.8 702 $aPointcheval$b David 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910831087403321 996 $aAsymmetric cryptography$94029777 997 $aUNINA