Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013.

Published byAlbert Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013."— Presentation transcript:

1 On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich SSF @ WIS, Dec 2013

2 What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way. Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions Introduced conceptual frameworks coupled with feasibility results

3 The three-step process in action: The case of Encryption schemes Sending messages “without revealing anything” to an adversary that may be tapping the channel. Robust definitions of secure encryption scheme. Schemes that satisfy this security definition provided that factoring large integers is hard (e.g., inverting RSA is hard). Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions

4 The Definition of Secure Encryption Schemes Hey, this is not a cryptography course. Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides).

5 Semantic Security A good disguise should not reveal the person’s height. A good encryption should hide all partial information.

6 Security as Indistinguishability A good disguise should not allow the mother to identify her own child (i.e., distinguish him from other children). A good encryption does not allow to distinguish the encryption of any pair of known messages.

7 The three-step process in action: The case of Zero-Knowledge Proofs Forcing proper behavior by asking the actors to provide a proof that it has acted according to their secret, but without disclosing these secrets. Definitions of interactive proofs and zero-knowledge. A zero-knowledge interactive proof for an set believed not to be in P; and later zero-knowledge proofs for any NP stmt (again, assuming intractability of factoring integers, etc). Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions

8 The Definitions of Interactive Proofs and Zero-Knowledge Interactions Again, this is not a cryptography course. Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides). E.g., interactive proofs = any two-party interactive protocol by which the verifier is convinced only of valid assertions. Zero-knowledge: Defining what is zero-knowledge without defining what is knowledge. OK to say I don’t know what is X, but for sure this is not X. Surprisingly, in the case of ZK, this approach sufficed.

9 Zero-Knowledge (w.o. interaction) E.g., whatever the dog can reach is not new to it. Whatever you can do by yourself is not knowledge.

10 Zero-Knowledge (w. interaction) E.g., a protocol for two Italians to pass through a door (generates a sequence of easily predictable messages). An interaction you can simulate by yourself gives you no knowledge.

11 What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way by introducing conceptual frameworks coupled with feasibility results. Definitions and constructions of secure encryption [GM’82]. Definitions and constructions of interactive proofs and zero-knowledge interactive proofs [GMR’85, GMW’86]. Definitions and constructions of pseudorandom generators and functions [BM’82, GGM’84]. General Secure Multi-Party Computation [GMW’87, BGW’88]. Definition and construction of signature schemes [GMR’84]. NIZK [BFM’88], MIP [BGKW’88], PCP-Approximation [FGLSS], PT [GGR’96], and much more!

12 End The slides of this talk are available at http://www.wisdom.weizmann.ac.il/~oded/T/ssf-wis.ppt Ultra Brief BIO: PhD at UCB (supervised by M. Blum) in early 1980s. At MIT since 1983. (Shafi at WIS since 1993.) Turing Award 2012.

13 Additional photos The slides of this talk are available at http://www.wisdom.weizmann.ac.il/~oded/T/ssf-wis.ppt

Download ppt "On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013."

Similar presentations

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.

Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.
Zero Knowledge Proofs(2) Suzanne van Wijk & Maaike Zwart

Zero Knowledge Proofs(2) Suzanne van Wijk & Maaike Zwart
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.

Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
The Complexity of Zero-Knowledge Proofs Salil Vadhan Harvard University.

The Complexity of Zero-Knowledge Proofs Salil Vadhan Harvard University.
1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.

1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.

Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.

Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.
Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.

Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
1 Adapted from Oded Goldreich’s course lecture notes.

1 Adapted from Oded Goldreich’s course lecture notes.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Similar presentations

Ads by Google