5 Encryption Schemes
5.1. The Basic Setting
5.1.1. Private-Key Versus Public-Key Schemes
5.1.2. The Syntax of Encryption Schemes
5.2. Definitions of Security
5.2.1. Semantic Security
5.2.2. Indistinguishability of Encryptions
5.2.3. Equivalence of the Security Definitions
5.2.4. Multiple Messages
5.2.5.* A Uniform-Complexity Treatment
5.3. Constructions of Secure Encryption Schemes
5.3.1.* Stream-Ciphers
5.3.2. Preliminaries: Block-Ciphers
5.3.3. Private-Key Encryption Schemes
5.3.4. Public-Key Encryption Schemes
5.4.* Beyond Eavesdropping Security
5.4.1. Overview
5.4.2. Key-Dependent Passive Attacks
5.4.3. Chosen Plaintext Attack
5.4.4. Chosen Ciphertext Attack
5.4.5. Non-Malleable Encryption Schemes
5.5. Miscellaneous
5.5.1. On Using Encryption Schemes
5.5.2. On Information-Theoretic Security
5.5.3. On Some Popular Schemes
5.5.4. HistOrical Notes
5.5.5. SuggestiOns f-0r Further Reading
5.5.6.Open Problems
5.5.7. Exercises
6 Digital Signatures and Message Authentication
6.1. The Setting and Definitional Issues
6.1.1. The Two Types of Schemes: A Brief Overview
6.1.2. Introduction to the Unified Treatment
6.1.3. Basic Mechanism
6.1.4. Attacks and Security
6.1.5.* Variants
6.2. Length-Restricted Signature Scheme
6.2.1. Definition
6.2.2. The Power of Length-Restricted Signature Schemes
6.2.3.* Constructing Collision-Free Hashing Functions
6.3. Constructions of Message-Authentication Schemes
6.3.1. Applying a Pseudorandom Function to the Document
6.3.2.* More on Hash-and-Hide and State-Based MACs
6.4. Constructions of Signature Schemes
6.4.1. One-Time Signature Schemes
6.4.2. From One-Time Signature Schemes to General Ones
6.4.3.* Universal One-Way Hash Functions and Using Them
6.5.* Some Additional Properties
6.5.1. Unique Signatures
6.5.2. Super-Secure Signature Schemes
6.5.3. Off-Line/On-Line Signing
6.5.4. Incremental Signatures
6.5.5. Fail-Stop Signatures
6.6. Miscellaneous
6.6.1. On Using Signature Schemes
6.6.2. On Information-Theoretic Security
6.6.3. On Some Popular Schemes
6.6.4. Historical Notes
6.6.5. Suggestions for Further Reading
6.6.6. Open Problems
6.6.7. Exercises
7 General Cryptographic Protocols
7.1. Overview
7.1.1. The Definitional Approach and Some Models
7.1.2. Some Known Results
7.1.3. Construction Paradigms
7.2.* The Two-Party Case: Definitions
7.2.1. The Syntactic Framework
7.2.2. The Semi-Honest Model
7.2.3. The Malicious Model
7.3.* Privately Computing (Two-Party) Functionalities
7.3.1. Privacy Reductions and a Composition Theorem
7.3.2. The OT Protocol: Definition and Construction
7.3.3. Privately Computing c + c2 = (al + a2). (hi + b2)
7.3.4. The Circuit Evaluation Protocol
7.4.* Forcing (Two-Party) Semi-Honest Behavior
7.4.1. The Protocol Compiler: Motivation and Overview
7.4.2. Security Reductions and a Composition Theorem
7.4.3. The Compiler: Functionalities in Use
7.4.4. The Compiler Itself
7.5.* Extension to the Multi-Party Case
7.5.1. Definitions
7.5.2. Security in the Semi-Honest Model
7.5.3. The Malicious Models: Overview and Preliminaries
7.5.4. The First Compiler: Forcing Semi-Honest Behavior
7.5.5. The Second Compiler: Effectively Preventing Abort
7.6.* Perfect Security in the Private Channel Model
7.6.1. Definitions
7.6.2. Security in the Semi-Honest Model
7.6.3. Security in the Malicious Model
7.7. Miscellaneous
7.7.1.* Three Deferred Issues
7.7.2.* Concurrent Executions
7.7.3. Concluding Remarks
7.7.4. Historical Notes
7.7.5. Suggestions for Further Reading
7.7.6. Open Problems
7.7.7. Exercises
Appendix C: Corrections and Additions to Volume 1
C.4. Enhanced Trapdoor Permutations
C.2. On Variants of Pseudorandom Functions
C.3. On Strong Witness Indistinguishability
C.3.1. On Parallel Composition
C.3.2. On Theorem 4.6.8 and an Afterthought
C.3.3. Consequences
C.4. On Non-Interactive Zero-Knowledge
C.4.1. On NIZKs with Efficient Prover Strategies
C.4.2. On Unbounded NIZKs
C.4.3. On Adaptive NIZKs
C.5. Some DevelOpments Regarding Zero-Knowledge
C.5.1. CompOSing Zero—Knowledge Protocols
C.5.2. Using the Adversary’s Program in the Proof 0f Security
C.6. Additional Corrections and Comments
C.7. Additional MOttoes
Bibliography
lndex
Note: Asterisks indicate advanced material.