Diffie–Hellman key exchangeDiffie–Hellman key exchange is a mathematical method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.
Optimal asymmetric encryption paddingIn cryptography, Optimal Asymmetric Encryption Padding (OAEP) is a padding scheme often used together with RSA encryption. OAEP was introduced by Bellare and Rogaway, and subsequently standardized in PKCS#1 v2 and RFC 2437. The OAEP algorithm is a form of Feistel network which uses a pair of random oracles G and H to process the plaintext prior to asymmetric encryption. When combined with any secure trapdoor one-way permutation , this processing is proved in the random oracle model to result in a combined scheme which is semantically secure under chosen plaintext attack (IND-CPA).
Key-agreement protocolIn cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a cryptographic key in such a way that both influence the outcome. If properly done, this precludes undesired third parties from forcing a key choice on the agreeing parties. Protocols that are useful in practice also do not reveal to any eavesdropping party what key has been agreed upon. Many key exchange systems have one party generate the key, and simply send that key to the other party—the other party has no influence on the key.
Strong cryptographyStrong cryptography or cryptographically strong are general terms used to designate the cryptographic algorithms that, when used correctly, provide a very high (usually unsurmountable) level of protection against any eavesdropper, including the government agencies. There is no precise definition of the boundary line between the strong cryptography and (breakable) weak cryptography, as this border constantly shifts due to improvements in hardware and cryptanalysis techniques.
Chosen-ciphertext attackA chosen-ciphertext attack (CCA) is an attack model for cryptanalysis where the cryptanalyst can gather information by obtaining the decryptions of chosen ciphertexts. From these pieces of information the adversary can attempt to recover the hidden secret key used for decryption. For formal definitions of security against chosen-ciphertext attacks, see for example: Michael Luby and Mihir Bellare et al. A number of otherwise secure schemes can be defeated under chosen-ciphertext attack.
Tutorial systemThe tutorial system is a method of university education where the main teaching method is regular, very small group sessions. These are the core teaching sessions of a degree, and are supplemented by lectures, practicals and larger group classes. This system is found at the collegiate universities of Oxford and Cambridge, although other universities use this method to various degrees. The tutorial system was established in the 1800s at the University of Oxford and the University of Cambridge in the United Kingdom.
International Association for Cryptologic ResearchThe International Association for Cryptologic Research (IACR) is a non-profit scientific organization that furthers research in cryptology and related fields. The IACR was organized at the initiative of David Chaum at the CRYPTO '82 conference. The IACR organizes and sponsors three annual flagship conferences, four area conferences in specific sub-areas of cryptography, and one symposium: Crypto (flagship) Eurocrypt (flagship) Asiacrypt (flagship) Fast Software Encryption (FSE) Public Key Cryptography (PKC) Cryptographic Hardware and Embedded Systems (CHES) Theory of Cryptography (TCC) Real World Crypto Symposium (RWC) Several other conferences and workshops are held in cooperation with the IACR.
Information-theoretic securityA cryptosystem is considered to have information-theoretic security (also called unconditional security) if the system is secure against adversaries with unlimited computing resources and time. In contrast, a system which depends on the computational cost of cryptanalysis to be secure (and thus can be broken by an attack with unlimited computation) is called computationally, or conditionally, secure. An encryption protocol with information-theoretic security is impossible to break even with infinite computational power.
