• 上一篇：深度优先(1): Exploring Elliptic Curve Cryptography

deep into ...

密码学上的哈希函数

• cryptographic hash function
  • 1991: MD5
    • MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321.
  • 1993: SHA-1
    • SHA = Secure Hash Algorithm.
    • SHA-1 was developed as part of the U.S. Government's Capstone project. 1993.
  • 1996: RIPEMD-160
    • RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of cryptographic hash functions developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996.
  • 2000: Whirlpool
    • It was designed by Vincent Rijmen and Paulo S. L. M. Barreto, who first described it in 2000.
  • 2001: SHA-2
    • designed by the United States National Security Agency (NSA), first published in 2001.
  • 2012: BLAKE2
    • An improved version of BLAKE called BLAKE2 was announced in December 21, 2012. It was created by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein with the goal to replace widely used, but broken MD5 and SHA-1 algorithms.
  • 2015: SHA-3
    • was released by NIST on August 5, 2015.

密码学的预言机(oracle)模型

• wiki:Standard model
  • idealised cryptographic model
  • the adversary is only limited by the amount of time and computational power available.
  • Cryptographic schemes are usually based on complexity assumptions, which state that some problems, such as factorization, cannot be solved in polynomial time.
    • Provable security
  • Schemes which can be proven secure using only complexity assumptions are said to be secure in the standard model. Security proofs are notoriously difficult to achieve in the standard model, so in many proofs, cryptographic primitives are replaced by idealized versions.
• wiki:random oracle model
  • replacing a cryptographic hash function with a genuinely random function.
  • responds to every unique query with a (truly) random response chosen uniformly from its output domain. If a query is repeated it responds the same way every time that query is submitted.
  • Bellare, Mihir; Rogaway, Phillip (1993)
    • Random oracles are practical: A paradigm for designing efficient protocols
• wiki:generic group model
  • the adversary is only given access to a randomly chosen encoding of a group, instead of efficient encodings, such as those used by the finite field or elliptic curve groups used in practice.
• wiki:common reference string model(CRS)
• Public key infrastructure(PKI)
  • invoke trusted third parties to perform some task without cheating;
  • Certificate authority
    • Public key certificate
      • X.509

密码学的攻击模型

• Adversary
  • Alice and Bob
• Man-in-the-middle attack
• Sybil attack

交互式证明

• wiki:Interactive proof system
  • Completeness
  • Soundness

零知识证明

• wiki:Zero-knowledge proof
  • Completeness
  • Soundness
  • Zero knowledge
• wiki:Commitment scheme
• Shafi Goldwasser, Silvio Micali, and Charles Rackoff
  • a common reference string shared between the prover and the verifier is enough to achieve computational zero-knowledge without requiring interaction.
  • The knowledge complexity of interactive proof systems

非交互式零知识证明

• Blum, Feldman, and Micali
  • Non-Interactive Zero-Knowledge and Its Applications
• wiki:Non-interactive zero-knowledge proof

zk-SNARKs

代码