密码学外文文献及译文

密码学外文文献及译文内容摘要：

gnature scheme,and we assume that Alice has a key ),( skpkk for this ,Alice can prove her identity to Bob in the following way. randomly chooses a“ challenge” c and sends it to Alice. signs c with her secret key, ),(: cskSigns  ,and sends the“ response” s to Bob. accepts Alice’ s proof of identity,if Verify okcspk ),( Only Alice can return a valid signature of the challenge c,because only she knows the secret key sk . Thus, Alice proves her identity,without showing her one can observe Alice’ s secret key,not even the verifier Bob. Suppose that an eavesdropper Eve observed the exchanged ,she wants to impersonate Alice. Since Bob selects his challenge c at random(from a huge set),the probability that he uses the same challenge twice is very ,Eve cannot gain any advantage by her observations. 山东建筑大学 毕业设计 7 The parties in a protocol can be friends or can be attacks may be directed against the underlying cryptographic algorithms or against the implementation of the algorithms and may also be attacks against a protocol may be passive attacks performed by an eavesdropper,where the only purpose is to obtain adversary may also try to gain an advantage by actively manipulating the might pretend to be someone else,substitute messages or replay old messages. Important protocols for key exchange,electronic elections,digital cash and interactive proofs of identity are discussed in Chapter 4. Provable Security It is desirable to design cryptosystems that are provably secure means that mathematical proofs show that the cryptosystem resists certain types of work in this field was done by his information theory,he developed measures for the amount of information associated with a message and the notion of perfect perfectly secret cipher perfectly resists all ciphertextonly adversary gets no information at all about the plaintext,even if his resources in puting power and time are ’s onetime pad(see Section ),which encrypts a message m by XORing it bitwise with a truly random bit string,is the most famous perfectly secret even resists all the passive attacks can be mathematically proven by Shannon’s informationtheoretic security is discussed in Section。 an introduction to Shannon’s information theory may be found in Appendix ,Vernam’ s onetime pad and all perfectly secret ciphers are usually is not practical in most situations to generate and handle truly random bit sequences of sufficient length as required for perfect secrecy. More recent approaches to provable security therefore abandon the ideal of perfect secrecy and the(unrealistic) assumption of unbounded puting putational plexity of algorithms is taken into attacks that might be feasible in practice are means that the attack can be performed by an efficient course,here the question about the right notion of efficiency ,algorithms with nonpolynomial running time are versa algorithms with polynomial running time are often considered as the efficient this book,we also adopt this notion of efficiency. The way a cryptographic scheme is attacked might be influenced by random 山东建筑大学 毕业设计 8 Eve might toss a coin to decide which case she tries ,probabilistic algorithms are used to model attackers. Breaking an encryption system,for example by a ciphertextonly attack,means that a probabilistic algorithm with polynomial running time manages to derive information about the plaintext from the ciphertext,with some nonnegligible algorithms can toss coins,and their control flow may be at least partially directed by these random using random sources,they can be implemented in must not be confused with nondeterministic notion of probabilistic(polynomial) algorithms and the underlying probabilistic model are discussed in Chapter 5. The security of a publickey cryptosystem is based on the hardness of some putational problem(there is no efficient algorithm for solving the problem).For example,the secret keys of an RSA scheme could be easily figured out if puting the prime factors of a large integer were ,it is believed that factoring large integers is are no mathematical proofs for the hardness of the putational problems used in publickey ,security proofs for publickey methods are always conditional: they depend on the validity of the underlying assumption. The assumption usually states that a certain function f is one way。 .,f can be puted efficiently,but it is infeasible to pute x from )(xf .The assumptions,as well as the notion of a oneway function,can be made very precise by the use of probabilistic polynomial probability of successfully inverting the function by a probabilistic polynomial algorithm is negligibly small,and negligibly small means that it is asymptotically less than any given polynomial bound(see Chapter 6,Definition ).Important examples,like the factoring,discrete logarithm and quadratic residuosity assumptions,are included in this book(see Chapter 6). There are analogies to the classical notions of ’s perfect secrecy has a putational analogy:ciphertext indistinguishability(or semantic security).An encryption is perfectly secret if and only if an adversary cannot distinguish between two plaintexts,even if her puting resources are unlimited:if adversary Eve knows that a ciphertext c is the encryption of either m or 39。 m ,she has no better chance than 21 of choosing the right 山东建筑大学 毕业设计 9 indistinguishability– also called polynomialtime indistinguishability– means that Eve’ s chance of successfully applying a probabilistic polynomial algorithm is at most negligibly greater than1/2(Chapter 9,Definition ). As a typical result,it is proven in Section that publickey onetime pads are ciphertextindistinguishable. This means,for example,that the RSA publickey onetime pad is ciphertextindistinguishable under the sole assump。