INDEX OF TERMS

2013, 2 Axolotl, 11 65537, 2 Backdoor, 11 A5/0, 2 Backtracking resistance, 11 A5/1, 2 Backward secrecy, 11 A5/2, 3 Base64, 12 A5/3, 3 BassOmatic, 12 A5/4, 3 BB84, 12 Adaptive attack, 3 bcrypt, 12 AEAD (authenticated encryption Biclique cryptanalysis, 13 with associated data) , 3 BIKE (Bit Flipping Key AES (Advanced Encryption Encapsulation), 13 Standard), 4 BIP (Bitcoin improvement AES-CCM, 4 proposal), 13 AES-GCM, 5 Bit Gold, 14 AES-GCM-SIV, 5 Bitcoin, 14 AES-NI, 5 Black, 14 AES-SIV, 6 BLAKE, 14 AIM (Advanced INFOSEC Machine), 6 BLAKE2, 14 AKA, 6 BLAKE3, 14 AKS (Agrawal–Kayal–Saxena), 7 Bleichenbacher attack, 15 Algebraic cryptanalysis, 7 Blind signature, 15 Alice, 7 Block cipher, 16 All-or-nothing transform (AONT), 7 Blockchain, 16 Anonymous signature, 8 Blockcipher, 17 Applied Cryptography, 8 Blowfish, 17 Applied cryptography, 8 BLS (Boneh-Lynn-Shacham) ARC4, 8 signature, 17 Argon2, 8 Bob, 18 ARX (Add-Rotate-XOR), 9 Boolean function, 18 ASIACRYPT, 9 Boomerang attack, 18 Asymmetric cryptography, 9 BQP (bounded-error quantum Attack, 9 polynomial time), 19 Attribute-based encryption (ABE), 10 Braid group cryptography, 19 Authenticated cipher, 11 Brainpool curves, 19 Break-in recovery, 20 Cryptologia, 29 Broadcast encryption, 20 Cryptology, 29 Brute-force attack, 20 Cryptonomicon, 29 Bulletproof, 20 Cryptorchidism, 30 Byzantine fault tolerance, 21 Cryptovirology, 30 CAESAR, 21 CRYPTREC, 30 Caesar’s cipher, 22 CSIDH (Commutative Supersingular CAVP (Cryptographic Algorithm Isogeny Diffie–Hellman), 30 Validation Program), 22 CTF (capture the flag), 31 CBC (cipher block chaining), 22 Cube attack, 31 CECPQ (combined elliptic-curve and Curve25519, 32 post-quantum), 22 Curve448, 32 Cellular automata, 22 Cypher, 32 Ceremony, 22 Daemon, 32 Certificate, 23 Davies–Meyer, 32 Certificate authority (CA), 23 Decentralized private Certificate transparency (CT), 23 computation, 33 ChaCha20, 23 Déchiffrer, 33 CHES (Conference on Cryptographic Décrypter, 33 Hardware and Embedded Deniable encryption, 33 Systems), 24 DES (Data Encryption Standard), 33 CIA, 24 Dictionary, 34 Ciphertext stealing, 24 Dictionary attack, 34 Clipper, 25 Differential cryptanalysis, 34 CMVP (Cryptographic Module Diffie–Hellman, 34 Validation Program), 25 Disclosure, 35 Code-based cryptography, 25 Discrete logarithm problem, 35 Commitment, 25 Distinguisher, 35 Concurrent zero-knowledge, 26 Distributed randomness, 35 Consensus protocol, 26 Dolev–Yao model, 36 Control word, 26 Double ratchet, 36 COPACOBANA (Cost-Optimized Dragonfly, 36 PArallel COde Breaker), 26 DRBG (deterministic random bit Cothority (collective authority), 26 generator), 37 Cryptanalysis, 26 DSA (Digital Signature Algorithm), 37 Cryptids, 27 DSS (Digital Signature Standard), 37 Crypto, 27 DVB-CSA, 38 CRYPTO, 27 E0, 38 Crypto AG, 27 ECB (electronic codebook), 38 Crypto period, 28 ECC, 38 Crypto variable, 28 ECDLP (Elliptic-curve discrete Crypto wars, 28 logarithm problem), 39 Cryptobiosis, 28 ECDSA (Elliptic-curve DSA), 39 Cryptocurrency, 29 ECIES (Elliptic-curve IES), 39 Crypto-Gram, 29 Ed25519, 40 Cryptography, 29 EdDSA, 40

140 Break-in recovery EKMS (Electronic Key Management Heartbleed, 53 System), 40 Hedged signature, 53 Electronic codebook, 41 HFE (Hidden Field Equations), 54 ElGamal, 41 HMAC (Hash-based MAC), 54 Elligator, 41 Homomorphic encryption, 54 Elliptic curve, 41 HPC (Hasty Pudding Cipher), 54 Elliptic-curve cryptography, 42 HSM (hardware security module), 55 Encipherment, 42 HTTP/3, 56 End-to-end encryption (E2EE), 42 Hyperelliptic-curve cryptography, 56 Enigma, 43 IACR (International Association for Entropy, 43 Cryptologic Research), 56 ePrint, 44 IDEA (International Data Encryption Erathosthenes’ sieve, 44 Algorithm), 56 eSTREAM, 44 IDEA NXT, 57 Ethereum, 44 Identity-based encryption, 57 Eurocrypt, 45 IES (Integrated Encryption Eve, 45 Scheme), 57 E-voting, 45 Impatient saboteur, 57 Factoring problem, 45 Impossibility, 57 Feedback shift register, 46 Impossible differential attack, 57 Feistel network, 46 IND-CCA, 58 Fialka (Фиалка), 46 IND-CPA, 58 Fiat–Shamir, 46 Indelibility, 58 FIPS 140-2, 47 Indifferentiability, 58 FIPS 140-3, 47 Indistinguishability, 59 Forgery, 48 Indistinguishability obfuscation Formal verification, 48 (iO), 59 Format-preserving encryption, 48 Information-theoretic security, 59 Forward secrecy, 48 INT-CTXT, 60 FOX, 49 Invisible signature, 60 FSE (Fast Software Encryption), 49 IOTA, 60 Fully homomorphic encryption, 49 IPES (Improved Proposed Encryption Functional encryption, 49 Standard), 60 Future secrecy, 50 IPSec, 60 Fuzzy extractor, 50 ISO standard, 61 Generalized birthday problem, 50 Isogeny-based cryptography, 61 GNFS (General Number Field Journal of Cryptology (JoC), 61 Sieve), 51 KASUMI, 61 GOST, 51 Keccak, 62 Grain, 51 KeeLoq, 62 Gröbner basis, 51 KEM (key encapsulation Group signature, 51 mechanism), 62 Grover’s algorithm, 52 Kerberos, 62 Hardcore predicate, 52 Kerckhoffs’ principles, 63 Hash function, 52 Key derivation function (KDF), 64 Hash-based cryptography, 53 Key escrow, 65

Key escrow 141 Key management, 66 Mixnet, 76 Key wrapping, 66 MQV (Menezes–Qu–Vanstone), 77 Kleptography, 66 Multicollision, 77 Known-key attack, 66 Multi-party computation (MPC), 77 Kupyna (Купина), 66 Multivariate cryptography, 77 Laconic zero-knowledge proof, 66 NBS (National Bureau of Lai–Massey, 67 Standards), 77 Lamport signature, 67 NESSIE (New European Schemes Lattice-based cryptography, 68 for Signatures, Integrity, and Le Chiffre, 68 Encryption), 78 Leakage-resilient cryptography, 68 “New Directions in Cryptography”, 78 Learning with errors (LWE), 68 NFSR (nonlinear feedback shift Length extension attack, 69 register), 79 Length-preserving encryption, 69 NIST (National Institute of Standards LFSR (linear feedback shift and Technology), 79 register), 70 NIZK (non-interactive zero- Lightweight cryptography, 70 knowledge), 80 Linear cryptanalysis, 70 Noekeon, 80 Linkability, 70 Noise, 80 LM hash, 70 Nonce, 80 Luby–Rackoff, 71 Non-committing encryption, 81 Lucifer, 71 Non-outsourceability, 81 MAC (message authentication Non-slanderability, 81 code), 71 NSA (National Security Agency), 81 MAGENTA, 72 NT hash, 81 Malleability, 72 NTRU (Nth degree Truncated Manger attack, 72 polynomial Ring Units), 82 Man-in-the-middle, 72 Null cipher, 82 MASH (Modular Arithmetic Secure OAEP (Optimal Asymmetric Hash), 73 Encryption Padding), 82 McEliece encryption scheme, 73 Oblivious key management system MD4, 73 (OKMS), 82 MD5, 73 Oblivious PRF (OPRF), 83 MDC (Message Digest Cipher), 73 Oblivious RAM (ORAM), 83 MDC-2 (Modification Detection Oblivious transfer, 83 Code 2), 73 Obscurity, 83 Meet-in-the-middle, 73 OCB (offset codebook mode), 84 Merkle puzzle, 74 One-time pad, 84 Merkle tree, 74 One-way function, 84 Merkle–Damgård construction, 74 Onion-AE, 84 Mersenne twister, 74 OPAQUE, 84 Message franking, 75 OpenSSL, 85 Miller–Rabin, 75 Oracle, 85 MINERVA, 75 OTR (Off-the-Record), 86 Mining, 75 Padding oracle attack, 86 Misuse resistance, 75 Paillier cryptosystem, 87

142 Key management Pairing, 87 Proof of work, 100 Pairing-based cryptography, 87 Provable security, 100 PAKE (password-authenticated key Provably secure, 100 exchange), 88 Proxy re-encryption, 101 Paradigm, 88 Pseudo-random, 101 Password hash function, 88 Pseudorandom function (PRF), 101 PBKDF2 (Password-Based Key Pseudorandom number generator Derivation Function 2), 89 (PRNG), 101 PCT (Private Communications Pseudorandom permutation Technology), 89 (PRP), 102 PEP (Plaintext equivalence proof), 89 Public-key cryptography, 102 Perfect forward secrecy, 89 PUF (physically unclonable Permutation-based cryptography, 90 function), 102 PES (Proposed Encryption Puncturable encryption, 102 Standard), 91 Puncturable pseudorandom function PET (Plaintext equivalence test), 91 (PPRF), 102 PFS, 91 Quantum computer, 103 PGP (Pretty Good Privacy), 91 Quantum cryptography, 103 Photuris, 91 Quantum encryption, 103 Picnic, 92 Quantum key distribution, 103 PKC, 92 Quantum signature, 103 PKCS (Public Key Cryptography QUIC (Quick UDP Internet Standards), 92 Connections), 104 Poly1305, 93 Rabin cryptosystem, 104 Polynomial complexity, 93 Rainbow tables, 104 Post-compromise security, 93 Random bits, 104 Post-quantum cryptography, 93 Random oracle, 104 Post-quantum RSA, 94 Randomness, 105 Prediction resistance, 94 Range proof, 105 Preimage, 94 RC4, 105 PRESENT, 95 RC5, 105 PRIMES, 95 RC6, 106 Privacy-preserving, 96 Real world, 106 Private information retrieval (PIR), 97 Real World Crypto (RWC), 106 Proof of burn, 98 Rectangle attack, 106 Proof of catalytic space, 98 Related-key attack, 107 Proof of human work, 98 Research papers, 107 Proof of replication, 98 Revocation, 108 Proof of reserve, 99 Rijndael, 108 Proof of security, 99 Ring signature, 108 Proof of sequential work, 99 RIPEMD-160, 108 Proof of space, 99 Rivest–Shamir–Adleman, 108 Proof of spacetime, 99 ROBOT (Return Of Bleichenbacher’s Proof of stake, 100 Oracle Threat), 109 Proof of storage, 100 ROS, 109 Proof of useful work, 100 RSA, 109

RSA 143 Rubber-hose cryptanalysis, 109 SNIP (secret-shared non-interactive Rumba20, 109 proof), 120 SAEP (Simplified OAEP), 110 SNOW 3G, 120 Salsa20, 110 Solitaire, 121 Sandwich attack, 110 SPECK, 121 S-box, 110 SPEKE (Simple Password Exponential Scalar, 111 Key Exchange), 121 sci.crypt, 111 SPHINCS, 121 Scrambler, 111 Sponge function, 121 scrypt, 111 SRP (Secure Remote Password), 122 Searchable encryption, 111 SSH (Secure Shell), 122 secp256k1, 112 SSL (Secure Socket Layer), 122 Secret sharing, 112 STARK (scalable transparent Security, 112 arguments of knowledge), 122 Security proof, 112 Steganography, 123 Semantic security, 112 Stream cipher, 123 Serious Cryptography, 113 Substitution-permutation network Serpent, 113 (SPN), 123 SHA-0, 113 Suck, 124 SHA-1, 113 Sugar beet auctions, 124 SHA-2, 113 Suite A, 124 SHA-3, 113 SUPERCOP, 125 SHA-3 competition, 114 Superpolynomial complexity, 125 SHACAL, 114 SVP (shortest vector problem), 125 Shamir’s secret database, 114 Symmetric-key cryptography, 125 Shor’s algorithm, 114 TCC, 126 SHS (Secure Hash Standard), 115 Test vectors, 126 Side channel, 115 Threefish, 126 Side-channel attack, 115 Threshold encryption, 126 Sigaba, 115 Threshold secret-sharing, 126 Signal protocol, 116 Threshold signature, 127 Signature, 116 Time AI, 127 Signcryption, 117 Time-lock encryption, 127 SIKE (Supersingular Isogeny Key Time-lock puzzle, 127 Encapsulation), 117 Timing attack, 128 SIMECK, 117 TLS (Transport Layer Security), 128 SIMON, 117 Tor, 129 SipHash, 117 Traitor tracing, 129 SIV-AES, 117 Transfinite cryptography, 129 Skipjack, 118 Trapdoor, 130 Slide attack, 118 Triple DES, 130 SM, 119 Trivium, 131 Smart contract, 119 True random number generator Snake-oil, 119 (TRNG), 131 SNARK (succinct non-interactive Trusted third party, 131 argument of knowledge), 119 Tweakable block cipher, 131

144 Rubber-hose cryptanalysis Twitter, 131 Watermarking, 134 Twofish, 131 White-box cryptography, 135 Undeniable signature, 132 Winternitz signature, 135 Universal composability, 132 WireGuard, 135 Universal hash function, 132 X25519, 136 Updatable encryption, 133 X3DH, 136 Verifiable delay function XMSS (eXtended Merkle Signature (VDF), 133 Scheme), 137 Verifiable random function XOF (extendable output (VRF), 133 function), 137 Verifiable unpredictable function XOR, 137 (VUF), 134 XOR encryption, 137 Vigenère cipher, 134 Zerocash, 137 VSH (Very Smooth Hash), 134 ZKP (zero-knowledge proof), 137 Wallet, 134 ZRTP, 138

ZRTP 145