1 / 13

On the work of Shafi Goldwasser and Silvio Micali

On the work of Shafi Goldwasser and Silvio Micali. By Oded Goldreich. SSF @ WIS, Dec 2013. What have Shafi & Silvio done for us?. Revolutionized Cryptographic Research and effecting all TCS along the way. Introduced conceptual frameworks coupled with feasibility results.

ismet
Télécharger la présentation

On the work of Shafi Goldwasser and Silvio Micali

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich SSF @ WIS, Dec 2013

  2. What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way. Introduced conceptual frameworks coupled with feasibility results • Distilling intuitive security concerns • Providing robust definitions that capture them • Demonstrating the feasibility of satisfying these definitions

  3. The three-step process in action: The case of Encryption schemes • Distilling intuitive security concerns • Providing robust definitions that capture them • Demonstrating the feasibility of satisfying these definitions • Sending messages “without revealing anything” to an adversary that may be tapping the channel. • Robust definitions of secure encryption scheme. • Schemes that satisfy this security definition provided that factoring large integers is hard (e.g., inverting RSA is hard).

  4. The Definition of Secure Encryption Schemes • Hey, this is not a cryptography course. • Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. • The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides).

  5. Semantic Security A good encryption should hide all partial information. A good disguise should not reveal the person’s height.

  6. Security as Indistinguishability A good encryption does not allow to distinguish the encryption of any pair of known messages. A good disguise should not allow the mother to identify her own child (i.e., distinguish him from other children).

  7. The three-step process in action: The case of Zero-Knowledge Proofs • Distilling intuitive security concerns • Providing robust definitions that capture them • Demonstrating the feasibility of satisfying these definitions • Forcing proper behavior by asking the actors to provide a proof that it has acted according to their secret, but without disclosing these secrets. • Definitions of interactive proofs and zero-knowledge. • A zero-knowledge interactive proof for an set believed not to be in P; and later zero-knowledge proofs for any NPstmt (again, assuming intractability of factoring integers, etc).

  8. The Definitions of Interactive Proofsand Zero-Knowledge Interactions • Again, this is not a cryptography course. • Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. • The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides). • E.g., interactive proofs = any two-party interactive protocol by which the verifier is convinced only of valid assertions. • Zero-knowledge: Defining what is zero-knowledge without defining what is knowledge. OK to say I don’t know what is X, but for sure this is not X. Surprisingly, in the case of ZK, this approach sufficed.

  9. Zero-Knowledge (w.o. interaction) Whatever you can do by yourself is not knowledge. E.g., whatever the dog can reach is not new to it.

  10. Zero-Knowledge (w. interaction) An interaction you can simulate by yourself gives you no knowledge. E.g., a protocol for two Italians to pass through a door (generates a sequence of easily predictable messages).

  11. What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way by introducing conceptual frameworks coupled with feasibility results. • Definitions and constructions of secure encryption [GM’82]. • Definitions and constructions of interactive proofs and zero-knowledge interactive proofs [GMR’85, GMW’86]. • Definitions and constructions of pseudorandom generators and functions [BM’82, GGM’84]. • General Secure Multi-Party Computation [GMW’87, BGW’88]. • Definition and construction of signature schemes [GMR’84]. • NIZK [BFM’88], MIP [BGKW’88], PCP-Approximation [FGLSS], PT [GGR’96], and much more!

  12. End The slides of this talk are available at http://www.wisdom.weizmann.ac.il/~oded/T/ssf-wis.ppt Ultra Brief BIO: PhD at UCB (supervised by M. Blum) in early 1980s. At MIT since 1983.(Shafi at WIS since 1993.) Turing Award 2012.

  13. Additional photos The slides of this talk are available at http://www.wisdom.weizmann.ac.il/~oded/T/ssf-wis.ppt

More Related