Goldwasser, Shafi, Lecture Notes on Cryptography (PDF) Ostrovsky, Rafail, Foundations of Cryptography (PDF) , retrieved 27 November 2015 Dodis, Yevgeniy, Introduction to Cryptography Lecture Notes (Fall 2008) , retrieved 17 December 2015

**Trapdoor function**-**Wikipedia**https://en.wikipedia.org/wiki/Trapdoor_function##### Web results:

In 1984,

**Shafi Goldwasser**, Silvio Micali, and Ronald Rivest became the first to strictly define the security requirements of**digital signature**schemes. They described a hierarchy of attack models for signature schemes, they also present the GMR signature scheme .**Goldwasser**,**Shafi**, Lecture Notes on Cryptography (PDF) Ostrovsky, Rafail, Foundations of Cryptography (PDF) , retrieved 27 November 2015 Dodis, Yevgeniy, Introduction to Cryptography Lecture Notes (Fall 2008) , retrieved 17 December 2015Bibliography. Oded Goldreich,

**Shafi Goldwasser**, and Shai Halevi. "Public-key cryptosystems from lattice reduction problems". In Crypto ’97: Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, pages 112–131, London, UK, 1997.零知识证明的概念最早在20世纪80年代由美国麻省理工学院的

**Shafi Goldwasser**、Silvio Micali和Charles Rackoff在论文《The Knowledge Complexity of Interactive Proof Systems（交互式证明系统中的知识复杂性）》这篇论文仅能证明某一类特定的问题，且需要证明者和验证者进行多轮交互 ...**STARK**is a proof system. It uses cutting-edge cryptography to provide polylogarithmic verification resources and proof size, with minimal and post-quantum-secure assumptions.In their own words,

**Goldwasser**, Micali, and Rackoff say: Of particular interest is the case where this additional knowledge is essentially 0 and we show that [it] is possible to interactively prove that a number is quadratic non residue mod m releasing 0 additional knowledge.Society for Industrial and Applied Mathematics. 3600 Market Street, 6th Floor Philadelphia, PA 19104 USA

In their foundational paper,

**Goldwasser**, Micali, and Rivest lay out a hierarchy of attack models against digital signatures: In a key-only attack, the attacker is only given the public verification key. In a known message attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.Zero-knowledge proofs belong to a category known as interactive proofs, so to learn how the former work, it helps to understand the latter. First described in a 1985 paper by the computer scientists

**Shafi Goldwasser**, Silvio Micali and Charles Rackoff, interactive proofs work like an interrogation: Over a series of messages, one party (the prover) tries to convince the other (the verifier) that ...**Shafi Goldwasser**, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and**Nickolai Zeldovich**. In Proceedings of the 33rd Annual International Cryptology Conference (CRYPTO), Santa Barbara, CA, August 2013. Multi-Key Searchable Encryption. Raluca Ada Popa and**Nickolai Zeldovich**. Cryptology ePrint Archive, Report 2013/508, August 2013.