• Book: Understanding Cryptography – Paar/Pelzi

  • Course: Introduction to Cryptography (YouTube) – Paar

  • Website: zkhack.dev - by Boneh?

  • Course: Cryptography 1 - Boneh

  • Exercises: Cryptopals

  • Course: Applied Cryptography tweet

  • Quantum computers break the hardness assumption of discrete log and factoring primes.

    • RSA is broken.
    • SHA256 has a sqrt() (quadratic) improvement - i.e. 256 -> 128.

  • Quantum computers are struggling with quantum error correction.

  • ElGamal encryption system (1985) [wiki][55555]

    • (n.b. not ElGamal signature scheme)
    • DHKE-based pubkey encryption scheme
    • uses cyclic groups, typically integers modulo a prime
    • relies on discrete log hardness
    • multiplicatively homomorphic ( E(c1) * E(c2) = E(c1*c2) )
    • not used in modern FHE though, no addition and grows fast
    • key generation is exponentiation in the group, h = g^x
    • encryption is,
      • map message -> group element, m
      • pick random integer y
      • s = h ^ y (shared secret s)
      • ciphertext is two parts; g^y and m * s
    • c1, c2, m can be used to reconstruct s & y, so new one generated every message

  • decryption

    • depends on which cyclic group used, but generally modular multiplicative inverse (using extended euclidean)
    • then map back to original message