On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013.

Slides:



Advertisements
Similar presentations
On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Advertisements

Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.
Zero Knowledge Proofs(2) Suzanne van Wijk & Maaike Zwart
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
The Complexity of Zero-Knowledge Proofs Salil Vadhan Harvard University.
1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.
Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
1 Adapted from Oded Goldreich’s course lecture notes.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.
The Bright Side of Hardness Relating Computational Complexity and Cryptography Oded Goldreich Weizmann Institute of Science.
Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.
On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.
Lecturer: Moni Naor Foundations of Cryptography Lecture 12: Commitment and Zero-Knowledge.
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
Tutorial on Secure Multi-Party Computation
Zero Knowledge Proofs. Interactive proof An Interactive Proof System for a language L is a two-party game between a verifier and a prover that interact.
CS555Spring 2012/Topic 41 Cryptography CS 555 Topic 4: Computational Approach to Cryptography.
Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.
Slide 1 Vitaly Shmatikov CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties.
Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.
Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
CS573 Data Privacy and Security
1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography.
CSCI 3130: Formal languages and automata theory Andrej Bogdanov The Chinese University of Hong Kong Interaction,
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
The design of a tutorial to illustrate the Kerberos protocol Lindy Carter Supervisors : Prof Wentworth John Ebden.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
1 Concurrency and Zero-Knowledge Protocols Amit Sahai MIT Laboratory for Computer Science.
Zero-knowledge proof protocols 1 CHAPTER 12: Zero-knowledge proof protocols One of the most important, and at the same time very counterintuitive, primitives.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
CSC 3130: Automata theory and formal languages Andrej Bogdanov The Chinese University of Hong Kong Interaction,
The most dull stories about Shafi and Silvio By Oded SSF, Sept 2013.
Zero Knowledge Proofs Matthew Pouliotte Anthony Pringle Cryptography November 22, 2005 “A proof is whatever convinces me.” -~ Shimon Even.
CSCI 3130: Formal languages and automata theory Andrej Bogdanov The Chinese University of Hong Kong Interaction,
Honest-Verifier Statistical Zero-Knowledge Equals General Statistical Zero-Knowledge Oded Goldreich (Weizmann) Amit Sahai (MIT) Salil Vadhan (MIT)
Cryptography CS Lecture 19 Prof. Amit Sahai.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Zero-Knowledge Proofs Ben Hosp. Classical Proofs A proof is an argument for the truth or correctness of an assertion. A classical proof is an unambiguous.
Bit Commitment, Fair Coin Flips, and One-Way Accumulators Matt Ashoff 11/9/2004 Cryptographic Protocols.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
IP, (NON)ISOGRAPH and Zero Knowledge Protocol COSC 6111 Advanced Algorithm Design and Analysis Daniel Stübig.
Topic 36: Zero-Knowledge Proofs
Zero Knowledge Anupam Datta CMU Fall 2017
Coin Flipping Protocol
Course Business I am traveling April 25-May 3rd
CAS CS 538 Cryptography.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Fiat-Shamir for Highly Sound Protocols is Instantiable
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Presentation transcript:

On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013

What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way. Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions Introduced conceptual frameworks coupled with feasibility results

The three-step process in action: The case of Encryption schemes Sending messages “without revealing anything” to an adversary that may be tapping the channel. Robust definitions of secure encryption scheme. Schemes that satisfy this security definition provided that factoring large integers is hard (e.g., inverting RSA is hard). Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions

The Definition of Secure Encryption Schemes Hey, this is not a cryptography course. Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides).

Semantic Security A good disguise should not reveal the person’s height. A good encryption should hide all partial information.

Security as Indistinguishability A good disguise should not allow the mother to identify her own child (i.e., distinguish him from other children). A good encryption does not allow to distinguish the encryption of any pair of known messages.

The three-step process in action: The case of Zero-Knowledge Proofs Forcing proper behavior by asking the actors to provide a proof that it has acted according to their secret, but without disclosing these secrets. Definitions of interactive proofs and zero-knowledge. A zero-knowledge interactive proof for an set believed not to be in P; and later zero-knowledge proofs for any NP stmt (again, assuming intractability of factoring integers, etc). Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions

The Definitions of Interactive Proofs and Zero-Knowledge Interactions Again, this is not a cryptography course. Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides). E.g., interactive proofs = any two-party interactive protocol by which the verifier is convinced only of valid assertions. Zero-knowledge: Defining what is zero-knowledge without defining what is knowledge. OK to say I don’t know what is X, but for sure this is not X. Surprisingly, in the case of ZK, this approach sufficed.

Zero-Knowledge (w.o. interaction) E.g., whatever the dog can reach is not new to it. Whatever you can do by yourself is not knowledge.

Zero-Knowledge (w. interaction) E.g., a protocol for two Italians to pass through a door (generates a sequence of easily predictable messages). An interaction you can simulate by yourself gives you no knowledge.

What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way by introducing conceptual frameworks coupled with feasibility results. Definitions and constructions of secure encryption [GM’82]. Definitions and constructions of interactive proofs and zero-knowledge interactive proofs [GMR’85, GMW’86]. Definitions and constructions of pseudorandom generators and functions [BM’82, GGM’84]. General Secure Multi-Party Computation [GMW’87, BGW’88]. Definition and construction of signature schemes [GMR’84]. NIZK [BFM’88], MIP [BGKW’88], PCP-Approximation [FGLSS], PT [GGR’96], and much more!

End The slides of this talk are available at Ultra Brief BIO: PhD at UCB (supervised by M. Blum) in early 1980s. At MIT since (Shafi at WIS since 1993.) Turing Award 2012.

Additional photos The slides of this talk are available at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.