The Mathematics of Public-Key Cryptography, Lecture 18

November 16, 2000

Summary of material covered in lecture 18

• non-adjacent form (NAF) representation
  • uniqueness of NAF representation
  • converting from binary representation to NAF representation
  • NAF representation minimizes the number of non-zero coefficients
  • average number of non-zero coeficients is about 2l/3 in a NAF representation for l large (where l = number of bits)
  • expected speedup of about 11% using this method
• signature schemes
  • mathematical definition
  • RSA signature scheme
  • classification of attack models, adversarial goals, and security assurances (see below)
  • examples of attacks on RSA signature scheme
• attack model (for signature schemes)
  • public-key only
  • known message
  • chosen message (adaptive or non-adaptive)
• security level
  • unconditional security (generally not applicable to signature schemes)
  • "provable" security
    • reduction to underlying mathematical problem
    • random oracle model
  • computational security against specified attacks
• goal of adversary (for signature schemes)
  • complete break (find secret key)
  • selective forgery (with specified probability)
  • existential forgery (with specified probability)
• hash functions
  • definition of a hash function
  • use of hash function in a signature scheme (hash-then-sign) to sign messages of arbitrary length