On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013
What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way. Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions Introduced conceptual frameworks coupled with feasibility results
The three-step process in action: The case of Encryption schemes Sending messages “without revealing anything” to an adversary that may be tapping the channel. Robust definitions of secure encryption scheme. Schemes that satisfy this security definition provided that factoring large integers is hard (e.g., inverting RSA is hard). Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions
The Definition of Secure Encryption Schemes Hey, this is not a cryptography course. Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides).
Semantic Security A good disguise should not reveal the person’s height. A good encryption should hide all partial information.
Security as Indistinguishability A good disguise should not allow the mother to identify her own child (i.e., distinguish him from other children). A good encryption does not allow to distinguish the encryption of any pair of known messages.
The three-step process in action: The case of Zero-Knowledge Proofs Forcing proper behavior by asking the actors to provide a proof that it has acted according to their secret, but without disclosing these secrets. Definitions of interactive proofs and zero-knowledge. A zero-knowledge interactive proof for an set believed not to be in P; and later zero-knowledge proofs for any NP stmt (again, assuming intractability of factoring integers, etc). Distilling intuitive security concerns Providing robust definitions that capture them Demonstrating the feasibility of satisfying these definitions
The Definitions of Interactive Proofs and Zero-Knowledge Interactions Again, this is not a cryptography course. Essence: Start from the ideal (and don’t be timid about it), and then make conceptually clear relaxations like replacing “anything one can do” by “anything one can (actually) do”. The ideal model is so intuitive and appealing that it offers nice illustrations and metaphors (see next slides). E.g., interactive proofs = any two-party interactive protocol by which the verifier is convinced only of valid assertions. Zero-knowledge: Defining what is zero-knowledge without defining what is knowledge. OK to say I don’t know what is X, but for sure this is not X. Surprisingly, in the case of ZK, this approach sufficed.
Zero-Knowledge (w.o. interaction) E.g., whatever the dog can reach is not new to it. Whatever you can do by yourself is not knowledge.
Zero-Knowledge (w. interaction) E.g., a protocol for two Italians to pass through a door (generates a sequence of easily predictable messages). An interaction you can simulate by yourself gives you no knowledge.
What have Shafi & Silvio done for us? Revolutionized Cryptographic Research and effecting all TCS along the way by introducing conceptual frameworks coupled with feasibility results. Definitions and constructions of secure encryption [GM’82]. Definitions and constructions of interactive proofs and zero-knowledge interactive proofs [GMR’85, GMW’86]. Definitions and constructions of pseudorandom generators and functions [BM’82, GGM’84]. General Secure Multi-Party Computation [GMW’87, BGW’88]. Definition and construction of signature schemes [GMR’84]. NIZK [BFM’88], MIP [BGKW’88], PCP-Approximation [FGLSS], PT [GGR’96], and much more!
End The slides of this talk are available at Ultra Brief BIO: PhD at UCB (supervised by M. Blum) in early 1980s. At MIT since (Shafi at WIS since 1993.) Turing Award 2012.
Additional photos The slides of this talk are available at