O. Goldreich, A Uniform Complexity Encryption and Zero-knowledge, Technion CS-TR 570, June 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....a notion that is easier to prove is indistinguishability of encryptions (a.k.a. polynomial security) These two notions were shown to be equivalent by Goldwasser and Micali [19] indistinguishability ) semantic) Micali, Rackoff and Sloan [28] semantic ) indistinguishability) and Goldreich [14] (the uniform case) Under the notion of indistinguishability of encryptions, the cryptosystem is considered to have been broken if the adversary can find two messages m 0 and m 1 in the message space such that it can distinguish between encryptions of m 0 and m 1 . This requirement implies that ....

....(R; x) fpjV accepts on input R; x; pg, and let REJECT (R; x) fpjV rejects on input R; x; pg: The following is the definition of non interactive proof systems of [4] which is modified to incorporate the tractability of P . The uniformity conditions of the system are adopted from Goldreich [14]. Definition 3.1 A triple (P ; V ; U) where P is a probabilistic machine, V is a polynomial time machine and U is a polynomial time sampleable probability distribution is a noninteractive zero knowledge proof system for the language L 2 NP if: 1. Completeness: if x 2 L then P generates a proof ....

O. Goldreich, A Uniform Complexity Encryption and Zero-knowledge, Technion CS-TR 570, June 1989.

....to the ciphertext gives A a polynomial advantage at succeeding with respect to R over any A 0 that does not have access to the ciphertext. 2 6 Thus, a scheme is semantically secure with respect to relations if and only if it has the indistinguishability property. It follows from the results in [17, 13, 23] that the notions of of semantic security, indistinguishability and semantically secure with respect to relations are all equivalent. String Commitment A string commitment protocol between sender A and receiver B consists of two stages: ffl The commit stage: A has a string ff to which she wishes ....

....D, a polynomial time computable function hist, and the value hist(ff) are known to both players. The function hist models information about the Sender s input to which the receiver may have access. At the end of the commit stage the representation of ff should be semantically secure (see [13] for exact definition) Non Interactive Zero Knowledge Proof Systems The following explanation is taken almost verbatim from [26] A (single theorem) noninteractive proof system for a language L allows one party P to prove membership in L to another party V for any x 2 L. P and V initially share ....

[Article contains additional citation context not shown here]

O. Goldreich, A Uniform Complexity Encryption and Zero-knowledge, Technion CS-TR 570, June 1989.

....We extend Yamamoto s idea to public key cryptography. Several authors have classified levels of security for public key cryptosystems (PKCSs) For example, Goldwasser and Micali [5] defined the notions of semantic security and probabilistic encryption. Micali, Rackoff, and Sloan [7] and Goldreich [4] then showed that semantic security was equivalent to indistinguishability. Naor and Yung [8] used noninteractive zero knowledge proofs [1] to transform secure PKCSs into PKCSs secure against chosen plaintext attack. Currently, all known public key cryptosystems depend on the intractibility of ....

O. Goldreich, A uniform complexity encryption and zero-knowledge, Technion CS-TR 570, June 1989.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC