Terminology

密碼學中的穿孔是什麼意思

  • November 3, 2022

當我閱讀密碼的文件時 $ \LaTeX $ package I stumbled across the “primitive” called puncturing in subsection 2.12. This was the first time I read about this “primitive”. Additionally, I am no native speaker, which is why I have no intuition about what it could mean. Can someone explain it to me on a basic level?

Similarly to the meaning of everyday life, puncturing denotes the act of poking a hole into something, making that part somewhat irrelevant. In the cryptographic context, puncturable schemes usually seem to characterize schemes with an additional algorithm that removes some specified capability, for instance, decryption or a function evaluation. Some examples to add to others:

«««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream

  1. Puncturable Encryption : Green 和 Miers 在連結的論文中使用可穿刺加密來實現前向秘密加密。這個想法是密文與標籤列表相關聯。還有一種穿刺算法可以修改密鑰,從而僅刪除指定標籤的解密能力。
  2. Puncturable Key Wrapping:提議為對稱密鑰層次結構提供更好的前向保密保證(例如,使用密鑰加密密鑰來保護數據加密密鑰)。其他案例是具有 0-RTT 和外封包件儲存的 TLS1.3 的前向安全性。
  3. 上面的 Puncturable Key Wrapping 方案由 AEAD 方案和Puncturable PRF(在此答案中描述)實例化。
  4. 除了原始結構之外,證明中還有其他範例。在Boneh 和 Shoup的書中,提出了一種基於身份的加密方案(構造 2),其優點是不需要將身份散列到曲線中。該證明(除其他外)是對決策雙線性 Diffie-Hellman 問題的簡化,並使用了穿孔的密鑰。 ======= =======

Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes

  1. Puncturable Encryption: Green and Miers use puncturable encryption in the linked paper to achieve forward-secret encryption. The idea is that ciphertext is associated with a list of tags. And there’s a puncture algorithm that modifies the secret key in a way that removes decryption capability only for a specified tag.
  2. Puncturable Key Wrapping: proposed to provide better forward secrecy guarantees for symmetric key hierarchies (for instance, using a Key Encryption Key to protect a Data Encryption Key). Additional use cases are forward security of TLS1.3 with 0-RTT and outsourced file storage.
  3. The Puncturable Key Wrapping scheme above is instantiated by an AEAD scheme and a Puncturable PRF (described in this answer).
  4. Besides primitive constructions, there are other examples in proofs as well. In the book of Boneh and Shoup, an identity-based encryption scheme (construction 2) is presented that has the advantage of not requiring hashing identities into curves. The proof is (amongst) others a reduction to the Decision bilinear Diffie-Hellman problem and uses a punctured secret key. «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream «««< Updated upstream

Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes ======= Stashed changes

引用自:https://crypto.stackexchange.com/questions/102553