The Joy Of Cryptography

A preview of the first 3 chapters is now at joyofcryptography.com

Here is a little writeup I prepared for the Computer Aided Security Proofs (CAPS) workshop at Eurocrypt, showing the CPA-security of hybrid encryption in the style of @JoyOfCrypto. It should give you a sense of what the upcoming web edition will be like! garbledcircus.com/kemdem/left-ri…

🤔 amazon.com/dp/026204997X

Big announcement: The next edition of The Joy of Cryptography will be published by @mitpress!

Well that certainly clears things up.

Best way to show what changes in one step of a game-hopping proof? (see pictures below)

Some other thoughts:

@kaepora @veorq It deserves a name, and I'm all ears to other suggestions.

When people say "I have an encryption problem" it usually means "I have a key management problem"

@prettyokprivacy MLS / treeKEM

Working on an encrypted messaging chapter...

@cronokirby Indeed, the problem is that all the coolest stuff seems to be ideal permutation / ideal cipher and not RO.

@JoyOfCrypto hmmm, I really like modeling sponge / duplex construction security by appealing to the underlying permutation as an ideal permutation, which feels spiritually like using a random oracle

What is your favorite random-oracle construction in the *symmetric-key* world?

I had put off looking at @JoyOfCrypto because "meh, why another cryptography textbook". How wrong I was, it is fantastic. I never thought you could make the OTP interesting. Using it to introduce hybrid arguments is brilliant w/o indistinguishability is so nice.

@neilmaddog Wow, thanks very much for this thoughtful and insightful review! The only thing I'd like to add is that hybrid encryption is indeed covered in section 15.4, although I don't use the terms KEM/DEM (and don't discuss KEM in contrast to full-fledged PKE).

@cronokirby Kolmogorov complexity of a composable security framework still not known to be less than 100 pages!

Yeah, so this is what I've been working on for the past month or so. Basically, the idea is "redo" universally composable security by using state separable proofs as the foundation. I think the advantage is a simpler framework, that allows using results from standalone security