... protocol run
(c) off-line
on-line
[optional]
[optional]
A
A
A
in-line
TTP
TTP
TTP
off-line
Figure 13.2:
In-line, on-line, and off-line third parties.
In-line third parties are of particular interest ... properties of escrow systems include:
1. applicability to store-and-forward vs. real-time user communications
2. capability of real-time decryption of user traffic
3. requirement of t...
... prevents chosen-text existential forgery (Example 9.62), without im-
pacting the efficiency of the intermediate stages as would using two-key triple-encryption
Handbook of Applied Cryptography by ... a two-block input, independent of the length of x.
Additionalsuggestionsfor achievingMAC-likefunctionalityby combiningMDCs and
encryption are discussed in §9.6.5.
Handbook of...
... proof
systems and the notion of zero-knowledge (ZK) proofs were formalized in 1985 by Gold-
wasser, Micali, and Rackoff [481] in the context of an interactive proof of membership of
a string x in a language ... maximal and equals the base-2 loga-
rithm of the number of possible passwords.
Handbook of Applied Cryptography by A. Menezes, P. van Oorschot and S. Vanstone.
§
10...
... ratio of the
logarithm(base2) of the size of the signingspaceM
S
to the logarithm (base 2) of the size of
M
R
, the image space of the redundancy function. Hence, the bandwidthefficiency is deter-
minedby ... set-
tingsof§11.3 (RSA and related signature schemes),§11.4 (Fiat-Shamir signature schemes),
§11.5 (DSA and related signature schemes), or §11.6 (one-time digital signatures)....
... conferences of two or more parties. Their propos-
als are non-interactiveand ID-based, following the original idea of two-party non-interact-
ive ID-basedschemesbyBlom[157,158],includingconsiderationof ... use of number of
↓ Protocol timestamps messages
point-to-point key update none optional 1-3
Shamir’s no-key protocol none no 3
Kerberos KDC yes 4
Needham-Schroeder shared-key KDC...
... non-repudiation of origin (denial of being the
originator of a message), non-repudiation of delivery (denial of having received a mes-
sage), and non-repudiation associated with the actions of ... draft 10118–4 includes MASH-1 and MASH-2 (see Algorithm 9.56).
ISO/IEC 11770: This multi-part standard addresses generic key management and spe-
Handbook of Applied Cryptography...
... applications. The ef -
ciency of a particular cryptographic scheme based on any one of these algebraic structures
will dependonanumberoffactors, such as parametersize, time-memorytradeoffs,process-
ing power ... the case
of the additive group Z
m
, the time required to do modular multiplication can be im-
proved at the expense of precomputing a table of residues modulo m. For a l...
... fac-
tored is of a special form; these are called special-purpose factoring algorithms. The run-
ning times of such algorithmstypically depend on certain properties of the factors of n. Ex-
amples ... one having a worst-case running time of O(lg
3
n) bit operations, and a sec-
ond having an average-case running time of O(lg
2
n) bit operations. A more recent algo-
rithm of Berns...
... originator.
1.8 Public-key cryptography
The concept of public-key encryption is simple and elegant, but has far-reaching conse-
quences.
1.8.1 Public-key encryption
Let {E
e
: e ∈K}be a set of encryption ... abstract
concepts of this section in mind as concrete methods are presented.
Handbook of Applied Cryptography by A. Menezes, P. van Oorschot and S. Vanstone.
10 Ch. 1 Over...