Previous article Next article Full AccessSIGESThttps://doi.org/10.1137/SIREAD000045000004000725000001BibTexSections ToolsAdd to favoritesExport CitationTrack CitationsEmail SectionsAboutAbstract The editors of SIAM Review are delighted to present a SIGEST paper about cryptography, a topic that appears frequently these days in mainstream news media. Stories about computer security, defenses against terrorism, privacy, and file swapping invariably refer to cryptographic systems, which thus represent an extraordinarily visible example of the practical application of mathematics and computer science. Encryption systems depend on a stream of new mathematical results and algorithms; it may take years of study by experts to prove that a proposed technique is secure (or not). An additional wrinkle is that humans tend to avoid any encryption procedure that they perceive to be too much trouble, which means that researchers in cryptography need to consider criteria like ease of use as well as more precise properties. Cryptographers are blessed with, and continue to devise, engaging terminology and even some implied personalities. No discussion of cryptography is complete without Alice and Bob---so much more appealing than A and B---whose roles may, however, vary. For example, Alice and Bob are sometimes friends eager to communicate secrets without others learning them, and sometimes two people who need to communicate but do not know or trust each other; new variations on Alice, Bob, and their relationship are constantly emerging. Another fixture in cryptography is the presumably evil adversary, who may be passive (an eavesdropper limited to observing the information traffic sent between Alice and Bob) or active (someone who can see and modify the traffic). Wide use is made of "zero knowledge proof systems" (an apparently contradictory term), and this paper defines an evocatively named "garbage/not garbage" oracle that is useful in validity checks. The standard requirement of semantic security for cryptosystems means that an adversary learns nothing about the original text (the "plaintext") from its encrypted form (the "ciphertext"). The stricter requirement of nonmalleability, needed to hide information from active adversaries, means, roughly speaking, that an adversary cannot use the ciphertext associated with an original plaintext to produce an encryption of a related plaintext. This issue's SIGEST paper, "Nonmalleable Cryptography," by D. Dolev, C. Dwork, and M. Naor, which first appeared in 2000 in volume 30 of the SIAM Journal on Computing, identified and addressed the concept of nonmalleability. The paper has been extremely influential, is widely cited, and has inspired a substantial level of related research. For the paper's appearance in SIGEST, the authors have added an extended and completely new preface, intended for the general SIREV reader, that introduces much of the terminology, presents easily understood examples, and brings the reader up-to-date on related problems. Section 1.4, on deniable authentication, clarifies some of the many complications in defining new protocols and their desired (or undesired) security features. The original paper itself explores in detail the implications of nonmalleability, presenting nonmalleable schemes for three key problem classes and proving security against strong ciphertext attacks. We are grateful indeed to the authors for their extra efforts to make this important paper accessible to nonexperts in cryptography. Previous article Next article FiguresRelatedReferencesCited ByDetails Volume 45, Issue 4| 2003SIAM Review History Published online:04 August 2006 InformationCopyright © 2003 Society for Industrial and Applied Mathematics Article & Publication DataArticle DOI:10.1137/SIREAD000045000004000725000001Article page range:pp. 725-725ISSN (print):0036-1445ISSN (online):1095-7200Publisher:Society for Industrial and Applied Mathematics