User:Blokhead/Todo

Decisional Diffie-Hellman assumption

• add section on candidate groups where it is believed to hold,  Y
• general clean up.  Y

Diffie-Hellman key exchange is in bad shape formally

• uses ${\displaystyle \mathbb {Z} _{p}^{*}}$  everywhere,
• stuff about prime order subgroups should really go in DDH article.
• do we really need a zillion examples?

ElGamal encryption

• needlessly duplicates all of the prime-order subgroup disclaimer stuff.  Y

ElGamal signature scheme (don't know about this scheme, but the article is very suspicious.)

• uses ${\displaystyle \mathbb {Z} _{p}^{*}}$  everywhere
• only mentions computational discrete log problem.

Diffie-Hellman problem and Computational Diffie-Hellman assumption:

• be sure to maintain consistency with these guys

Cramer-Shoup cryptosystem.

• needs separate security section
• comments about history of CCA schemes should go in CCA article

Computational hardness assumption

• misc TLC

what links to DDH assumption page

semantic security

• needs an actual definition!

chosen ciphertext attack, adaptive chosen ciphertext attack, chosen plaintext attack

• good god, they don't have actual definitions.
• CCA1 and CCA2 do NOT need separate articles.

Ciphertext indistinguishability

• what a crappy term
• article also sucks

• Weed out claims of "provable security" that don't mention the computational assumption (or security level achieved, i.e CCA/CPA).

• Try to achieve some uniformity about "cryptosystem" vs "encryption scheme" vs (my least favorite) "encryption algorithm".

• Write Univeral composability

• Secure computation and secure two-party computation do not need a separate article from secure multi-party computation. Also, secure computation uses the phrase "zero-knowledgeness", which makes me want to vomit.

• Merge negligible function (cryptography) and negligible (complexity theory)