blob: 51354b4d4b2bc7bd9de49d282006bc5da46c5199 [file] [log] [blame]
<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><title>Milagro Crypto · Apache Milagro</title><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta name="generator" content="Docusaurus"/><meta name="description" content="One of the critical points about information security is to give access to resources only to authorized entities and deny access to unauthorized ones."/><meta name="docsearch:language" content="en"/><meta property="og:title" content="Milagro Crypto · Apache Milagro"/><meta property="og:type" content="website"/><meta property="og:url" content="https://milagro.apache.org/"/><meta property="og:description" content="One of the critical points about information security is to give access to resources only to authorized entities and deny access to unauthorized ones."/><meta name="twitter:card" content="summary"/><link rel="shortcut icon" href="/img/favicon.ico"/><link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css"/><link rel="alternate" type="application/atom+xml" href="https://milagro.apache.org/blog/atom.xml" title="Apache Milagro Blog ATOM Feed"/><link rel="alternate" type="application/rss+xml" href="https://milagro.apache.org/blog/feed.xml" title="Apache Milagro Blog RSS Feed"/><script type="text/javascript" src="https://buttons.github.io/buttons.js"></script><script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-MML-AM_CHTML"></script><script src="/js/scrollSpy.js"></script><link rel="stylesheet" href="/css/main.css"/><script src="/js/codetabs.js"></script></head><body class="sideNavVisible separateOnPageNav"><div class="fixedHeaderContainer"><div class="headerWrapper wrapper"><header><a href="/"><img class="logo" src="/img/milagro.svg" alt="Apache Milagro"/><h2 class="headerTitleWithLogo">Apache Milagro</h2></a><div class="navigationWrapper navigationSlider"><nav class="slidingNav"><ul class="nav-site nav-site-internal"><li class="siteNavGroupActive"><a href="/docs/milagro-intro" target="_self">Docs</a></li><li class="siteNavGroupActive"><a href="/docs/support" target="_self">Support</a></li><li class="siteNavGroupActive"><a href="/docs/contributor-guide" target="_self">Contributing</a></li><li class="siteNavGroupActive"><a href="/docs/downloads" target="_self">Downloads</a></li><li class=""><a href="/blog/" target="_self">Status</a></li></ul></nav></div></header></div></div><div class="navPusher"><div class="docMainWrapper wrapper"><div class="docsNavContainer" id="docsNav"><nav class="toc"><div class="toggleNav"><section class="navWrapper wrapper"><div class="navBreadcrumb wrapper"><div class="navToggle" id="navToggler"><div class="hamburger-menu"><div class="line1"></div><div class="line2"></div><div class="line3"></div></div></div><h2><i></i><span>About Milagro</span></h2><div class="tocToggler" id="tocToggler"><i class="icon-toc"></i></div></div><div class="navGroups"><div class="navGroup"><h3 class="navGroupCategoryTitle collapsible">About Milagro<span class="arrow"><svg width="24" height="24" viewBox="0 0 24 24"><path fill="#565656" d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"></path><path d="M0 0h24v24H0z" fill="none"></path></svg></span></h3><ul class="hide"><li class="navListItem"><a class="navItem" href="/docs/milagro-intro">Milagro Introduction</a></li><li class="navListItem navListItemActive"><a class="navItem" href="/docs/milagro-crypto">Milagro Crypto</a></li><li class="navListItem"><a class="navItem" href="/docs/milagro-protocols">Milagro Protocols</a></li><li class="navListItem"><a class="navItem" href="/docs/milagro-design">Milagro Design</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle collapsible">AMCL Library<span class="arrow"><svg width="24" height="24" viewBox="0 0 24 24"><path fill="#565656" d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"></path><path d="M0 0h24v24H0z" fill="none"></path></svg></span></h3><ul class="hide"><li class="navListItem"><a class="navItem" href="/docs/amcl-overview">AMCL Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/amcl-c-api-2.0.0">AMCL C API 2.0.0</a></li><div class="navGroup subNavGroup"><h4 class="navGroupSubcategoryTitle">AMCL JavaScript API 1.0.0</h4><ul><li class="navListItem"><a class="navItem" href="/docs/cryptojs/aes">AES</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/big">BIG</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/bls">BLS</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/bls192">BLS192</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/bls256">BLS256</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/dbig">DBIG</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/ecdh">ECDH</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/ecp">ECP</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/ecp2">ECP2</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/ecp4">ECP4</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/ecp8">ECP8</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/ff">FF</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp">FP</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp2">FP2</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp4">FP4</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp8">FP8</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp12">FP12</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp16">FP16</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp24">FP24</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/fp48">FP48</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/gcm">GCM</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/hash256">HASH256</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/hash384">HASH384</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/hash512">HASH512</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/mpin">MPIN</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/mpin192">MPIN192</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/mpin256">MPIN256</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/pair">PAIR</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/pair192">PAIR192</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/pair256">PAIR256</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/rand">RAND</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/rsa">RSA</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/sha3">SHA3</a></li><li class="navListItem"><a class="navItem" href="/docs/cryptojs/unit64">UInt64</a></li></ul></div></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle collapsible">D-TA<span class="arrow"><svg width="24" height="24" viewBox="0 0 24 24"><path fill="#565656" d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"></path><path d="M0 0h24v24H0z" fill="none"></path></svg></span></h3><ul class="hide"><li class="navListItem"><a class="navItem" href="/docs/d-ta-overview">D-TA Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/quickstart">Quick Start</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/api">API</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/configuration">Configuration</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/identity-documents">Identity Documents</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/encrypted-envelope">Encrypted Envelope</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/ipfs">IPFS</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/plugins-overview">Plugins Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/dta-details/authentication">Authentication</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle collapsible">MPC Library<span class="arrow"><svg width="24" height="24" viewBox="0 0 24 24"><path fill="#565656" d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"></path><path d="M0 0h24v24H0z" fill="none"></path></svg></span></h3><ul class="hide"><li class="navListItem"><a class="navItem" href="/docs/mpc-api-0.1">Multi-Party Computation Library 0.1</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle collapsible">ZKP-MFA Clients/Servers<span class="arrow"><svg width="24" height="24" viewBox="0 0 24 24"><path fill="#565656" d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"></path><path d="M0 0h24v24H0z" fill="none"></path></svg></span></h3><ul class="hide"><li class="navListItem"><a class="navItem" href="/docs/zkp-mfa-overview">ZKP-MFA Overview</a></li><li class="navListItem"><a class="navItem" href="/docs/zkp-mfa-api">ZKP-MFA API</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle collapsible">Project Info<span class="arrow"><svg width="24" height="24" viewBox="0 0 24 24"><path fill="#565656" d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"></path><path d="M0 0h24v24H0z" fill="none"></path></svg></span></h3><ul class="hide"><li class="navListItem"><a class="navItem" href="/docs/contributor-guide">Contributor&#x27;s Guide</a></li><li class="navListItem"><a class="navItem" href="/docs/downloads">Downloads</a></li><li class="navListItem"><a class="navItem" href="/docs/support">Support</a></li></ul></div></div></section></div><script>
var coll = document.getElementsByClassName('collapsible');
var checkActiveCategory = true;
for (var i = 0; i < coll.length; i++) {
var links = coll[i].nextElementSibling.getElementsByTagName('*');
if (checkActiveCategory){
for (var j = 0; j < links.length; j++) {
if (links[j].classList.contains('navListItemActive')){
coll[i].nextElementSibling.classList.toggle('hide');
coll[i].childNodes[1].classList.toggle('rotate');
checkActiveCategory = false;
break;
}
}
}
coll[i].addEventListener('click', function() {
var arrow = this.childNodes[1];
arrow.classList.toggle('rotate');
var content = this.nextElementSibling;
content.classList.toggle('hide');
});
}
document.addEventListener('DOMContentLoaded', function() {
createToggler('#navToggler', '#docsNav', 'docsSliderActive');
createToggler('#tocToggler', 'body', 'tocActive');
var headings = document.querySelector('.toc-headings');
headings && headings.addEventListener('click', function(event) {
var el = event.target;
while(el !== headings){
if (el.tagName === 'A') {
document.body.classList.remove('tocActive');
break;
} else{
el = el.parentNode;
}
}
}, false);
function createToggler(togglerSelector, targetSelector, className) {
var toggler = document.querySelector(togglerSelector);
var target = document.querySelector(targetSelector);
if (!toggler) {
return;
}
toggler.onclick = function(event) {
event.preventDefault();
target.classList.toggle(className);
};
}
});
</script></nav></div><div class="container mainContainer docsContainer"><div class="wrapper"><div class="post"><header class="postHeader"><h1 id="__docusaurus" class="postHeaderTitle">Milagro Crypto</h1></header><article><div><span><p>One of the critical points about information security is to give access to resources only to authorized entities and deny access to unauthorized ones.
Preventing unauthorized access very often comes down to making it <strong><em>almost impossible</em></strong>, i.e., tough, expensive, complicated, and time-consuming for the unauthorized entities to get access to resources.</p>
<p>The same principles apply to cryptography. In most cases, a suitable encryption mechanism satisfies at least two basic requirements:</p>
<ol>
<li>It is possible to give easy access to encrypted, cryptographically protected content to authorized entities.</li>
<li>It is possible to make it extremely challenging for unauthorized entities to access encrypted (ditto) content.</li>
</ol>
<p>Using the above, we can define an operation: Encryption that is tough to reverse without possessing a particular parameter, for example, a decryption key.
In RSA-based encryption two prime numbers, the private key, are multiplied to generate a public key, so that it is almost impossible to reverse the operation and retrieve the original prime numbers.</p>
<p>Multiple sources are available online to read more on the topic. We recommend this short paper from <a href="https://math.berkeley.edu/~kpmann/encryption.pdf">Cal Berkeley at this link</a>.</p>
<p>As noted in the mentioned paper, with RSA, we need enormous prime numbers to make it <strong><em>almost impossible</em></strong> to break the encryption, hence to find the two big prime numbers.
On elliptic curves, multiplication of a point by a number can be defined so that much shorter numbers than in the big prime number case are needed to reach the same level of <strong><em>almost impossibility</em></strong>.</p>
<h2><a class="anchor" aria-hidden="true" id="elliptic-curve-cryptography"></a><a href="#elliptic-curve-cryptography" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Elliptic Curve Cryptography</h2>
<p>Elliptic curves are another way to do encryption. Elliptic curves are mathematical structures, on which operations like addition and multiplications of points are easily defined.
In particular, multiplication of a point by a number is a relatively easy operation to compute, while it is <strong><em>almost impossible</em></strong> to reverse the process, that is, to determine
the multiplier knowing the result of the multiplication.</p>
<p>The problem of reversing the multiplication is known as the Discrete Logarithm Problem on elliptic curves (ECDLP).
The difference in computational complexity (between performing the multiplication and reversing the result to retrieve the multiplier) is one of the essential cornerstones of elliptic curve cryptography.</p>
<h2><a class="anchor" aria-hidden="true" id="pairing-based-cryptography"></a><a href="#pairing-based-cryptography" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Pairing Based Cryptography</h2>
<p>Using elliptic curves we can now define on some elliptic curve a bilinear function called a <strong><em>pairing</em></strong>, which enables a mapping from two points on the same curve (or points on two related curves) into a different mathematical structure called a finite field. The bilinearity of the pairing is the key characteristic that makes pairing interesting and widely used in cryptography.</p>
<p>A <strong><em>bilinear pairing</em></strong> \( e \) maps a pair of points (hence the name pairing) on an elliptic curve \( E \), defined over some field \( F_{q} \) to an element of the multiplicative group of a finite extension of \( {F}_{q^k} \).</p>
<p>$$ e(mA+B, nP + Q) = e(A,P)^{mn} e(B, Q) $$</p>
<p>The elements \( P \) and \( Q \) lie in two different groups, respectively \( G_{1} \) and \( G_{2} \). The choice of those two different group determines a different <strong><em>types</em></strong> of pairing.</p>
<p>Let \( E \) an ordinary elliptic curve, take \( G_{1} \neq G_{2} \), and if there is not an efficiently computable isomorphism \( \phi:G_{1}\to G_{2} \) then the pairing is said to be of <strong><em>Type\( -3 \)</em></strong>.</p>
<p>Currently, most of the state-of-the-art implementations of pairings take place on ordinary curves that assume the <strong><em>Type\( -3 \)</em></strong> scenario for reasons of efficiency and secure implementation.</p>
<h2><a class="anchor" aria-hidden="true" id="identity-based-encryption"></a><a href="#identity-based-encryption" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Identity Based Encryption</h2>
<p>Pairing-based cryptography builds on elliptic curve-based cryptography, but the extra functionality of the pairing enables us to design schemes which would otherwise be impossible to realize, or would be prohibitively expensive to do using RSA-based cryptosystems.</p>
<p>Identity-based encryption (IBE) is one such scheme that has received a large of amount of attention from the crypto community, and where commercially available products have been on the market for some time and are in wide use today.</p>
<p>IBE is similar to classical asymmetric key cryptography, in that each user has a public key for encryption and a private key for decryption. But there are many differences:</p>
<ol>
<li>IBE allows public keys to be set to the value of a pre-existing identifier, such as an email address, while in PKI the public key does not contain the notion of an identity, and the association with an identifier is created by a certificate signed by a third party (Certification Authority).</li>
<li>Clients or individual users do not generate private keys, but must instead download them from a trusted third party known as the Trust Authority (TA).</li>
<li>In IBE, to encrypt messages, the sender must obtain public “system parameters” from the Trust Authority (TA). These system parameters are used in combination with the intended recipient’s identity string (e.g. email address) to generate an encrypted message.</li>
</ol>
<h2><a class="anchor" aria-hidden="true" id="post-quantum-cryptography"></a><a href="#post-quantum-cryptography" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Post-Quantum Cryptography</h2>
<p>&quot;Post-quantum cryptography (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer. As of 2018, this is not true for the most popular public-key algorithms, which can be efficiently broken by a sufficiently strong hypothetical quantum computer.</p>
<p>The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor's algorithm.</p>
<p>Even though current, publicly known, experimental quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat.&quot;<sup class="footnote-ref"><a href="#fn1" id="fnref1">[1]</a></sup></p>
<h2><a class="anchor" aria-hidden="true" id="zero-knowledge-proof"></a><a href="#zero-knowledge-proof" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Zero Knowledge Proof</h2>
<p>&quot;In cryptography, a <strong>zero-knowledge proof</strong> or <strong>zero-knowledge protocol</strong> is a method by which one party (the <em>prover</em>) can prove to another party (the <em>verifier</em>) that a given statement is true, without conveying any information apart from the fact that the statement is indeed true.</p>
<p>If proving the statement requires knowledge of some secret information on the part of the prover, the definition implies that the verifier will not be able to prove the statement in turn to anyone else, since the verifier does not possess the secret information.</p>
<p>Notice that the statement being proved must include the assertion that the prover has such knowledge (otherwise, the statement would not be proved in zero-knowledge, since at the end of the protocol the verifier would gain the additional information that the prover has knowledge of the required secret information).</p>
<p>If the statement consists <em>only</em> of the fact that the prover possesses the secret information, it is a special case known as <em>zero-knowledge proof of knowledge</em>, and it nicely illustrates the essence of the notion of zero-knowledge proofs: proving that one has knowledge of certain information is trivial if one is allowed to simply reveal that information; the challenge is proving that one has such knowledge without revealing the secret information or anything else.&quot;<sup class="footnote-ref"><a href="#fn2" id="fnref2">[2]</a></sup></p>
<h2><a class="anchor" aria-hidden="true" id="summary"></a><a href="#summary" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Summary</h2>
<p><strong>Elliptic curve cryptography</strong> is an attractive alternative to conventional public key cryptography for implementation on constrained devices, where the significant computational resources i.e. speed, memory are limited and low-power wireless communication protocols is essential. It attains the same security levels as traditional cryptosystems using smaller parameter sizes.</p>
<p><strong>Pairing-based cryptography</strong> builds on elliptic curve-based cryptography, but the extra functionality of the pairing enables us to design schemes which would otherwise be impossible to realize, or would be prohibitively expensive. Examples include identity-based encryption, group signatures and non-interactive zero-knowledge proofs.</p>
<p><strong>Identity-based encryption</strong> doesn’t require certificates and certificate authorities. A trusted third party generates all the private keys, but all the public keys can be derived knowing the identity of the public key owner, for example, an email address. That means that no certificate is needed to bind a public key to its owner. Typically, it is up to the application to verify the owner possesses access to the unique identity attribute during the enrollment process in which a client obtains a private key.</p>
<p><strong>Post-quantum cryptography</strong> Post-quantum cryptography are cryptosystems which can be run on a classical computer, but are secure even if an adversary possesses a quantum computer. For data that must be private, but has the potential to be long lived and publicly available, using post-quantum secure algorithms like AES 256-bit for encryption and SIKE for encapsulation of encryption keys is essential.</p>
<p><strong>Zero-knowledge proof</strong> is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any information apart from the fact that the statement is indeed true.</p>
<p>For an in-depth dive into the cryptographic protocols in use within the Milagro framework, see the next section <a href="/docs/milagro-protocols">Milagro Protocols</a>.</p>
<hr>
<div class="admonition admonition-note">
<div class="admonition-heading">
<h5><div class="admonition-icon"><svg xmlns="http://www.w3.org/2000/svg" width="14" height="16" viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"/></svg></div> See an error in this documentation?</h5>
</div>
<div class="admonition-content">
<p>Submit a pull request on the development branch of <a href="https://github.com/apache/incubator-milagro">Milagro Website Repo</a>.</p>
</div></div><!--
Supported admonition types are: caution, note, important, tip, warning.
-->
<hr class="footnotes-sep">
<section class="footnotes">
<ol class="footnotes-list">
<li id="fn1" class="footnote-item"><p><a href="https://en.wikipedia.org/wiki/Post-quantum_cryptography">Wikipedia article</a> <a href="#fnref1" class="footnote-backref"></a></p>
</li>
<li id="fn2" class="footnote-item"><p><a href="https://en.wikipedia.org/wiki/Zero-knowledge_proof">Wikipedia article</a> <a href="#fnref2" class="footnote-backref"></a></p>
</li>
</ol>
</section>
</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/milagro-intro"><span class="arrow-prev"></span><span>Milagro Introduction</span></a><a class="docs-next button" href="/docs/milagro-protocols"><span>Milagro Protocols</span><span class="arrow-next"></span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#elliptic-curve-cryptography">Elliptic Curve Cryptography</a></li><li><a href="#pairing-based-cryptography">Pairing Based Cryptography</a></li><li><a href="#identity-based-encryption">Identity Based Encryption</a></li><li><a href="#post-quantum-cryptography">Post-Quantum Cryptography</a></li><li><a href="#zero-knowledge-proof">Zero Knowledge Proof</a></li><li><a href="#summary">Summary</a></li></ul></nav></div><footer class="nav-footer" id="footer"><section class="sitemap"><a href="/" class="nav-home"><img src="/img/milagro.svg" alt="Apache Milagro" width="50" height="100"/></a><div><h5>Docs</h5><a href="/docs/milagro-intro.html">Milagro Intro</a><a href="/docs/amcl-overview.html">Apache Milagro Crypto Library</a><a href="/docs/d-ta-overview.html">Decentralized Trust Authority</a><a href="/docs/zkp-mfa-overview.html">Zero Knowledge Proof MFA</a></div><div><h5>Community</h5><a href="../docs/support">Support</a><a href="../docs/contributor-guide">Contributing</a><a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=115529045" target="_blank" rel="noreferrer noopener">Developer Wiki</a><a href="https://twitter.com/apachemilagro?lang=en" target="_blank" rel="noreferrer noopener">Twitter</a></div><div><h5>More</h5><a href="/blog">Status</a><a href="https://github.com/apache/incubator-milagro-crypto-c">GitHub</a><a class="github-button" href="https://github.com/apache/incubator-milagro" data-icon="octicon-star" data-count-href="/apache/incubator-milagro-crypto/stargazers" data-show-count="true" data-count-aria-label="# stargazers on GitHub" aria-label="Star this project on GitHub">Star</a></div></section><a href="https://apache.org" target="_blank" rel="noreferrer noopener" class="fbOpenSource"><img src="/img/oss_logo.png" alt="Apache Incubator" width="170" height="45"/></a><section class="copyright"><div>Apache Milagro is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.</div></section><p></p><section class="copyright">Copyright © 2022 The Apache Software Foundation. Apache Milagro, Milagro, Apache, the Apache feather, and the Apache Milagro project logo are either registered trademarks or trademarks of the Apache Software Foundation.</section></footer></div></body></html>