Public-key cryptography ensures both secrecy and authenticity of communication using public-key encryption schemes and digital signatures, respectively. Following a brief introduction to the public-key setting (and a comparison with the classical symmetric-key setting), we present rigorous definitions of security for public-key encryption and digital signature schemes, introduce some number-theoretic primitives used in their construction, and describe various practical instantiations.


Signature Scheme Discrete Logarithm Problem Digital Signature Scheme Hybrid Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 2.1.
    J. Katz, Y. Lindell: Introduction to Modern Cryptography (Chapman & Hall/CRS Press, Boca Raton, FL, USA 2007)Google Scholar
  2. 2.2.
    R.L. Rivest, A. Shamir, L.M. Adleman: A method for obtaining digital signature and public-key cryptosystems, Commun. ACM, 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 2.3.
    T. El Gamal: A public key cryptosystem and a signature scheme based on discrete logarithms, Trans. Inf. Theory 31, 469–472 (1985)zbMATHCrossRefGoogle Scholar
  4. 2.4.
    PKCS #1 version 1.5: RSA cryptography standard (RSA Data Security, Inc., 1991), available at
  5. 2.5.
    D. Bleichenbacher: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Advances in Cryptology – Crypto ’98, Lecture Notes in Computer Science, Vol. 1462, ed. by H. Krawczyk (Springer, Heidelberg, Germany 1998) pp. 1–12Google Scholar
  6. 2.6.
    PKCS #1 version 2.1: RSA cryptography standard (RSA Data Security, Inc., 1998), available at
  7. 2.7.
    M. Bellare, P. Rogaway: Optimal asymmetric encryption. In: Advances in Cryptology – Eurocrypt ’94, Lecture Notes in Computer Science, Vol. 950, ed. by A. De Santis (Springer, Heidelberg, Germany 1994) pp. 92–111CrossRefGoogle Scholar
  8. 2.8.
    E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern: RSA-OAEP is secure under the RSA assumption, J. Cryptol. 17(2), 81–104 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 2.9.
    M. Bellare, P. Rogaway: Random oracles are practical: A paradigm for designing efficient protocols, 1st ACM Conference on Computer and Communications Security (ACM Press, 1993) pp. 62–73Google Scholar
  10. 2.10.
    R. Cramer, V. Shoup: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack, SIAM J. Comput. 33(1), 167–226 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 2.11.
    Digital signature standard (dss). National Institute of Standards and Technology (NIST), FIPS PUB #186-2, Department of Commerce, 2000Google Scholar
  12. 2.12.
    M. Bellare, P. Rogaway: The exact security of digital signatures: How to sign with RSA and Rabin. In: Advances in Cryptology – Eurocrypt ’96, Lecture Notes in Computer Science, Vol. 1070, ed. by U.M. Maurer (Springer, Heidelberg, Germany 1996) pp. 399–416Google Scholar
  13. 2.13.
    O. Goldreich: Foundations of Cryptography, Vol. 1: Basic Tools (Cambridge University Press, Cambridge, UK 2001)Google Scholar
  14. 2.14.
    O. Goldreich: Foundations of Cryptography, Vol. 2: Basic Applications (Cambridge University Press, Cambridge, UK 2004)Google Scholar
  15. 2.15.
    D.R. Stinson: Cryptography: Theory and Practice, 3rd edn. (Chapman & Hall/CRC Press, Boca Raton, FL, USA 2005)Google Scholar
  16. 2.16.
    M. Bellare, P. Rogaway: Introduction to modern cryptography: Lecture notes (2003), available at
  17. 2.17.
    B. Schneier: Applied Cryptography, 2nd edn. (Wiley, New York, NY, USA 1996)Google Scholar
  18. 2.18.
    A.J. Menezes, P.C. van Oorschot, S.A. Vanstone: Handbook of Applied Cryptography (CRC Press, Boca Raton, FL, USA 1996)Google Scholar
  19. 2.19.
    W. Diffie, M.E. Hellman: New directions in cryptography, IEEE Trans. Inf. Theory 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 2.20.
    M.O. Rabin: Digital signatures and public key functions as intractable as factorization. Technical Report MIT/LCS/TR-212 (Massachusetts Institute of Technology, January 1979)Google Scholar
  21. 2.21.
    S. Goldwasser, S. Micali: Probabilistic encryption, J. Comput. Syst. Sci. 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 2.22.
    M. Naor, M. Yung: Public-key cryptosystems provably secure against chosen ciphertext attacks, 22nd Annual ACM Symposium on Theory of Computing (ACM Press, 1990)Google Scholar
  23. 2.23.
    C. Rackoff, D.R. Simon: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Advances in Cryptology – Crypto ’91, Lecture Notes in Computer Science, Vol. 576, ed. by J. Feigenbaum (Springer, Heidelberg, Germany 1992) pp. 433–444Google Scholar
  24. 2.24.
    M. Blum, S. Goldwasser: An efficient probabilistic public-key encryption scheme which hides all partial information. In: Advances in Cryptology – Crypto ’84, Lecture Notes in Computer Science, Vol. 196, ed. by G.R. Blakley, D. Chaum (Springer, Heidelberg, Germany 1985) pp. 289–302CrossRefGoogle Scholar
  25. 2.25.
    S. Goldwasser, S. Micali, R.L. Rivest: A digital signature scheme secure against adaptive chosen-message attacks, SIAM J. Comput. 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jonathan Katz
    • 1
  1. 1.Department of Computer ScienceUniversity of MarylandCollege ParkUSA

Personalised recommendations