【正文】 y Bleichenbacher’s 1MillionChosenCiphertext Attack(Section ).Therefore,security against such attacks is also Section ,we study two examples of publickey encryption schemes which are secure against adaptivelychosenciphertext attacks,and their security of the examples,CramerShoup’ s public key encryption scheme,was the first practical scheme whose security proof is based solely on a standard numbertheoretic assumption and a standard assumption of hash functions(collisionresistance). The ideal cryptographic hash function is a random yields hash values which cannot be distinguished from randomly selected and uniformly distributed a random function is also called a random ,the security of a cryptographic scheme can be proven in the random oracle addition to the assumed hardness of a putational problem,such a proof relies on the assumption that the hash functions used in the scheme are truly random of such schemes include the publickey encryption schemes OAEP(Section )and SAEP(),the above mentioned signature scheme PSS and fulldomainhash RSA signatures(Section ).We give the randomoracle proofs for SAEP and fulldomainhash signatures. Truly random functions can not be implemented,nor even perfectly approximated in ,a proof in the random oracle model can never be a plete security hash functions used in practice are constructed to be good approximations to the ideal of random ,there were surprising errors in the past(see Section ). We distinguished different types of attacks on an encryption a similar way,the attacks on signature schemes can be classified and different levels of security can be introduce this classification in Chapter 10 and give examples of signature schemes whose security can be proven solely under standard assumptions(like the factoring or the strong RSA assumption).No assumptions on the randomness of a hash function have to be made,in contrast,for example,to schemes like typical security proof for the highest level of security is the given signature scheme,we show that not a single signature can be fed,even if the attacker Eve is able to obtain valid signatures from the legitimate signer,for 山東建筑大學 畢業(yè)設(shè)計 11 messages she has chosen adaptively. The security proofs for publickey systems are always conditional and depend on(widely believed,but unproven) the other hand,Shannon’s notion of perfect secrecy and,in particular,the perfect secrecy of Vernam’s onetime pad are perfect unconditional security is not reachable in most practical situations,there are promising attempts to design practical cryptosystems which provably e close to perfect informationtheoretic proofs are based on classical informationtheoretic methods and do not depend on unproven security relies on the fact that munication channels are noisy or on the limited storage capacity of an results in this approach are reviewed in the chapter on provably secure encryption(Section ). 中文譯文： 密碼學介紹 說明 密碼學是一門保守秘密的科學。an introduction to Shannon’s information theory may be found in Appendix ,Vernam’ s onetime pad and all perfectly secret ciphers are usually is not practical in most situations to generate and handle truly random bit sequences of sufficient length as required for perfect secrecy. More recent approaches to provable security therefore abandon the ideal of perfect secrecy and the(unrealistic) assumption of unbounded puting putational plexity of algorithms is taken into attacks that might be feasible in practice are means that the attack can be performed by an efficient course,here the question about the right notion of efficiency ,algorithms with nonpolynomial running time are versa algorithms with polynomial running time are often considered as the efficient this book,we also adopt this notion of efficiency. The way a cryptographic scheme is attacked might be influenced by random 山東建筑大學 畢業(yè)設(shè)計 8 Eve might toss a coin to decide which case she tries ,probabilistic algorithms are used to model attackers. Breaking an encryption system,for example by a ciphertextonly attack,means that a probabilistic algorithm with polynomial running time manages to derive information about the plaintext from the ciphertext,with some nonnegligible algorithms can toss coins,and their control flow may be at least partially directed by these random using random sources,they can be implemented in must not be confused with nondeterministic notion of probabilistic(polynomial) algorithms and the underlying probabilistic model are discussed in Chapter 5. The security of a publickey cryptosystem is based on the hardness of some putational problem(there is no efficient algorithm for solving the problem).For example,the secret keys of an RSA scheme could be easily figured out if puting the prime factors of a large integer were ,it is believed that factoring large integers is are no mathematical proofs for the hardness of the putational problems used in publickey ,security proofs for publickey methods are always conditional: they depend on the validity of the underlying assumption. The assumption usually states that a certain function f is one way。山東建筑大學 畢業(yè)設(shè)計 1 外文文獻： Cryptography is the science of keeping secrets a sender referred to here and in what follows as Alice(as is monly used)wants tosend a message m to a receiver referred to as Bob. She uses an insecure munication example,the channel could be a puter work or a telephone is a problem if the message contains confidential information. The message could be intercepted and read by an ,even worse,the adversary,as usual referred to here as Eve,might be able to modify the message during transmission in such a way that the legitimate recipient Bob does not detect the manipulation. One objective of cryptography is to provide methods for preventing such