第1页 / 共553页
第2页 / 共553页
第3页 / 共553页
第4页 / 共553页
第5页 / 共553页
第6页 / 共553页
第7页 / 共553页
第8页 / 共553页
Introduction to Modern Cryptography.pdf
00 Front-Matter
01
02
03
04
05
06
07
08
09
10
11
12
13
14 Back-Matter
CHAPMAN & HALL/CRC
CRYPTOGRAPHY AND NETWORK SECURITY
lnt:roduct:ion t:o
Modern Cryptography
CHAP N & HALL/CRC
CRYPTOGRAPHY AND NETWORK SECURITY
Series Editor
Douglas
R. Stinson
Published
Titles
Jonathan Katz and Yehuda Lindell,
Introduction
to Modern Cryptography
Forthcoming
Titles
Burton Rosenberg, Handbook of Financial
Cryptography
Maria Isabel Vasco, Spyros Magliveras,
Group Theoretic Cryptography
and Rainer Steinwandt,
Shiu-Kai Chin and Susan Beth Older, A Mathematical Introduction
Access Control
to
CHAPMAN & HALL/CRC
CRYPTOGRAPHY AND NETWORK SECURITY
Introduction to
Modern Cryptography
_jtJna1:han Ka1:z
Yehuda Lindell
Boca Raton London New York
Chapman & Haii/CRC is an imprint of the
Taylor & Francis Group, an informa business
Chapman & Hall/CRC
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
© 2008 by Taylor & Francis Group, LLC
Chapman & Hall/CRC is an imprint of Taylor & Francis Group, an Informa business
No claim to original
Printed in the United States of America on acid-free
109 87 6 5 4
U.S. Government works
paper
.
International
Standard Book Number-13: 978-1-58488-551-1
(Hardcover)
This book contains information obtained
material is quoted with permission,
listed.
and the publisher cannot assume responsibility
quences of their use.
Reasonable efforts have been made to publish reliable
and sources are indicated.
for the validity
A wide variety of references
are
but the author
data and information,
of all materials or for the conse
from authentic and highly regarded sources. Reprinted
No part of this book may be reprinted, reproduced,
electronic,
microfilming,
permission from the publishers.
or other means, now known or hereafter
and recording,
mechanical,
or in any information storage or retrieyal
transmitted,
or utilized in any form by any
invented, including
photocopying,
system, without written
(http://www.copy
For permission to photocopy or use material electronically
copyright.com
222 Rosewood Drive, Danvers, MA 01923, 978-750-8400.
· provides licenses and registration
photocopy license by the CCC, a separate
right.com/) or contact the Copyright Clearance
CCC is a not-for-profit
for a variety of users. For organizations
system of payment has been arranged.
Center, Inc. (CCC)
organization
that
that have been granted a
from this work, please access www.
Trademark Notice: Product or corporate names may be trademarks or registered trademarks,
are used only for
and explanation without intent to infringe.
identification
and
Library of Congress Cataloging-in-
Publication
Data
Katz, Jonathan.
Introduction
to modern cryptography : principles
and protocols I Jonathan
Katz and Yehuda Lindell.
p.cm.
Includes bibliographical
references
ISBN 978-1-58488-551-1 (alk. paper)
1. Computer security.
and index.
2. Cryptography. I. Lindell,
Yehuda. II. Title.
QA76.9.A25K36
005.8--dc22
2007
2007017861
Visit the Taylor & Francis Web site at
http:/ /www.taylorandfrancis.com
and the CRC Press Web site at
http:/ /www.crcpress.com
Preface
the basic paradigms
to serve as a textbook
This book presents
phy. It is designed
courses
as a general
uate students), and as a reference
(in computer
suitable
in cryptography
introduction
and principles
for undergraduate-
or mathematics
(especially
for self-study
for students, researchers,
for beginning
grad
and practitioners
of modern cryptogra
departments),
or graduate-level
science
.
There are numerous
other cryptography text
another
books available
book on the subject
ask whether
reader may rightly
would not have written
other than
opinion,
provides
appropriate
an unequivocal
distinguishes
a rigorous treatment
for an introduction
to the topic.
this book if the answer to that question
yes. The novelty
it from all other books
currently
of modern cryptography
in an accessible manner
of this book - and what, in our
- is that it
available
today, and the
is needed.
were anything
We
As mentioned,
is distinguished
precise
of these
assumptions,
in turn (these
our focus is on modem (post-1980s)
from classical
by its emphasis
and rigorous
cryptography
principles
proofs of security.
in greater
We briefly discuss
each
in Chapter
are explored
detail
1):
cryptography
, which
on definitions,
• The central role of definitions: A key intellectual
contribution
of
first step ·'in the design of any cryptographic
has been the recognition
that formal definitions
The reason,
modern cryptQgraphy
of security are an essential
primitive or-protocol.
know what it is you are trying to achieve,
when you have
definitions
appear impossible
tography
constructions
satisfying
of security
are quite strong
achieved
such strong definipons
to achieve. One of the most amazing
is that {under mild and widely-believed
and - at first glance
- may
of cryp
assumptions)
efficient·
aspects
can be proven to exist.
in retrospect,
is simple;
ifyop don't
how can you hope to know
it? As we will see in this book, cryptographic
• The importance of formal and precise assumptions: As will be
can
often
2 and 3, many cryptographic
in an unconditional
sense.
be proven secure
in Chapters
Security
constructions
on some widely-believed
(albeit
unproven)
assumption.
explained
not currently
relies,
instead,
The modern cryptographic
must be clearly
lows for objective
enables
evaluation
rigorous
proofs of security
approach
stated and unambiguously
dictates
that any such assumption
defined. This not only al
of the assumption
but, more importantly,
next.
as described
• The possibility of rigorous proofs of security: The previous two
ideas lead naturally
to the current
one, which is the realization
that cryp-
v
Vl
of security
and relative
to a well-defined
from an art to a science.
of modern cryptograp
schemes were designed
. This is the essence
cryptography
to a clearlY
tographic constructions can be proven secure with respect
hic
stated definition
cryptograp
hy, and what lJ.aS
assumption
transformed
The importance
cryptographic
were deemed to be secure if the designers
any attacks. In contrast,
of schemes with formal,
models. Such
ing assumption
model the real-world
assumptions
possible to obtain schemes
allY,
of this idea cannot be over-emphasized
. Historic
a:o.d
could not fi:o.d
the desig:Il
:o.ed
mathematical
are guaranteed to be secure unless the underlY
definition
. By relying
that "factoring
is false (or the security
concerns)
atelY
did not appropri
dillg
(e.g., the assumption
that are extremely
proofs of security
ad-hoc fashion,
in a largely
themselves
on long-st_an
in well-defi
is hard"),
security
unli�ely
it is thllS
schemes
to be broken.
modern cryptography promotes
of modern cryptography
definitions
of cryptography"
not only to the "theory
is, by now, widely understood
A unified approach. The above contributions
relevant
tance of precise
those in the security
systems,
and rigorous
for cryptographic
"applied
and widely-used constructions
time, a proof) of what definition
ents
have become one of the requirem
to be standardized. As such, we do not separate
practical
(and, most of the
security"
along with precise
is achieved.
community
proofs of security
; rather,
statements
are
The impor
d bY
cryptography"
from "provable
community.
of security
we present
schemes
to build secure
who use cryptographic tools
and appreciate
Guide to Using this Book_ ·
This section
is intended
primarily
for instructors
picking
to adopt this book
up this book on his or her own
seeking
for their course,
may also find it a useful overview
of the topics
though the student
that will be covered.
proofs,
some mathematical
requires
and mathemat
In par
and therefore
say in an upper-level
algorithms,
or computabi
the reader is assumed to have· had some exposure
level,
Required background. This book uses definitions,
ical concepts,
ticular,
college
mathematics,
made a significant
accessible.
textbooks
example)
to understand
iity theory. Having s
· the presentation
that this book is not more difficult
, we believe
maturity.
to proofs at the
course or a course on discrete
aid this, we have
and make it generallY
than analogous
that (to take one
asier ·
It is our belief
that are less rigorous
once security
it often becomes e
made in a particular
construc
the design choices
goals are clearly
effort to simplify
mathematics
formulated,
. On the contrary
tion.
We have structured
the book so that the only
formal prerequisites
course in algorithms
on very little
probability
material:
and big-0 notation,
and a course in discrete
are a
Even here we relY
with basic
, we assume some familiarity
and the idea of equating
mathematics.
modular arithmetic,
specifically
Vll
efficient
are reviewed
algorithms
with those running
in polynomial
time. These concepts
in Appendix
A and/ or when first used in the book.
Suggestions for course organization. The core material
which we strongly
on cryptography,
what follows;
recommend
consists
(starred
starred
of the following
should be covered
in any introductory
course
are excluded
in
below):
discussion
regarding
see further
of this book,
material
sections
• Chapters
1-4 (through
Section
4.6), discussing
modern cryptogra
private-key
phy, and the basics
and message
encryption
of private-key
authenticatio
n).
classical
cryptograp
cryptography
(both
hy,
• Chapter
cluding
5, illustrating
material
basic design principles
block ciphers
on the widely-used
DES and AES.1
for block ciphers
and in
• Chapter
7, introducing
concrete mathematical
the number-theoretic
believed
to be
needed to un
background
problems
"hard", and providing
derstand
chapter also gives the first
tions are used in cryptograp
the RSA, Diffie-Hellman,
examples
hy.
and El Gamal cryptosystems.
This
of how number-theoretic
assump
• Chapters
9 and 10, motivating the public-key
encryption
schemes
(including
RSA-based
setting
and El Gamal en
and discussing
public-key
cryption)
.
• Chapter
12, describing
digital
signature
schemes.
• Sections
13.1 and 13.3, introducing
the random oracle
model and the
RSA-FDH signature
scheme.
that this core material
- possibly
and proofs- dm be covered
time available
with more
of all proofs
could proceed
at a more leisurely
and going more slowly when introducing
omitting some
in a 30-35-hour
of the'more
undergraduate
in
We believe
depth discussion
course. Instructors
pace, e.g.; giving
details
the underlying
additional
Those wishing
topics could
group theory and number-theoretic
be incorporated as discussed
next.
in either
material,
to cover additional
graduate course,
incorporation
of other topics
as time permits
interests)
(*) . These sections
faster-paced
allow flexible
the instructor's
starred
do not constitute
As made evident
starred
at any point subsequent
material), starred
"core material"
by the course outline
chapters
to their appearance
and sections
. Specifically,
some of the chapters
a longer course or a
to
on
are
(and depending
and sections
background.
Alternatively,
will find that the book has been structured
are not less important
in any way, but arguably
for an introductory
course in cryptography
.
just given (which does not include
any
may be skipped- or covered
in the book - without affecting
1 Although we consider this
to be core material,
1 and so this chapter can be skipped if desired.
it is not used in the remainder
of the book
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
