An Introduction to Mathematical Cryptography (2nd Edition) (Undergraduate Texts in Mathematics)
Joseph H. Silverman, Jeffrey Hoffstein, Jill Pipher
Format: PDF / Kindle (mobi) / ePub
This self-contained introduction to modern cryptography emphasizes the mathematics behind the theory of public key cryptosystems and digital signature schemes. The book focuses on these key topics while developing the mathematical tools needed for the construction and security analysis of diverse cryptosystems. Only basic linear algebra is required of the reader; techniques from algebra, number theory, and probability are introduced and developed as required. This text provides an ideal introduction for mathematics and computer science students to the mathematical foundations of modern cryptography. The book includes an extensive bibliography and index; supplementary materials are available online.
The book covers a variety of topics that are considered central to mathematical cryptography. Key topics include:
* classical cryptographic constructions, such as Diffie–Hellmann key exchange, discrete logarithm-based cryptosystems, the RSA cryptosystem, and digital signatures;
* fundamental mathematical tools for cryptography, including primality testing, factorization algorithms, probability theory, information theory, and collision algorithms;
* an in-depth treatment of important cryptographic innovations, such as elliptic curves, elliptic curve and pairing-based cryptography, lattices, lattice-based cryptography, and the NTRU cryptosystem.
The second edition of An Introduction to Mathematical Cryptography includes a significant revision of the material on digital signatures, including an earlier introduction to RSA, Elgamal, and DSA signatures, and new material on lattice-based signatures and rejection sampling. Many sections have been rewritten or expanded for clarity, especially in the chapters on information theory, elliptic curves, and lattices, and the chapter of additional topics has been expanded to include sections on digital cash and homomorphic encryption. Numerous new exercises have been included.
we can see, a yes instance of this problem (i.e., N is composite) has a (trivial) polynomial-time verification algorithm, and so this decision problem belongs to . It can also be shown that the complementary problem belongs to . That is, if N is a no instance (i.e., N is prime), then the primality of N can be verified in polynomial time on a nondeterministic Turing machine. When both the yes and no instances of a problem can be verified in polynomial time, the decision problem is said to belong
chooses two large primes p and q and publishes their product N. Peggy’s task is to prove to Victor that a certain number y is a square modulo N without revealing to Victor any information that would help him to prove to other people that y is a square modulo N. We note that since Peggy knows how to factor N, if y is a square modulo N, then she can find a square root for y, say x, satisfying In each round, Peggy and Victor perform the following steps: 1.Peggy chooses a random number r modulo N.
M.E. Hellman, Hiding information and signatures in trapdoor knapsacks, in Secure Communications and Asymmetric Cryptosystems, ed. by G.J. Simmons. Volume 69 of AAAS Selected Symposium Series (Westview, Boulder, 1982), pp. 197–215  R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefMATH  A. Shamir, A polynomial-time algorithm for breaking the basic Merkle-Hellman cryptosystem.
frequently than one might guess. This is an example of the “birthday paradox,” which says that the probability of getting a match (e.g. of trigrams or birthdays or colors) is quite high. We discuss the birthday paradox and some of its many applications to cryptography in Sect. 5.4. 5.2.2 Cryptanalysis of the Vigenère Cipher: Practice In this section we illustrate how to cryptanalyze a Vigenère ciphertext by decrypting the message given in Table 5.2. Table 5.2:A Vigenère ciphertext to
if N is large, the lower bound is very close to 1. For example, if we run the algorithm 100 times and get 100 No answers, then the probability that m does not have property A is at least So for most practical purposes, it is safe to conclude that m does not have property A. 5.3.4 Random Variables We are generally more interested in the consequences of an experiment, for example the net loss or gain from a game of chance, than in the experiment itself. Mathematically, this means that we are