Chapter 2 Notions, Definitions, and Models In this chapter, we briefly revisit important knowledge including the cryptographic notions, algorithms, and security models of digital signatures, public-key encryp- tion, and identity-based encryption. For convenience in the presentation, we split the traditional key generation algorithm of digital signatures and public-key encryption into the system parameter generation algorithm and the key generation algorithm, where the system parameters can be shared by all users. Each cryptosystem in this book is composed of four algorithms. 2.1 Digital Signatures A digital signature is a fundamental tool in cryptography that has been widely ap- plied to authentication and non-repudiation. Take authentication as an example. A party, say Alice, wants to convince all other parties that a message m is published by her. To do so, Alice generates a public/secret key pair ( pk, sk) and publishes the public key pk to all verifiers. To generate a signature σ m on m, she digitally signs m with her secret key sk. Upon receiving (m, σ m ), any receiver who already knows pk can verify the signature σ m and confirm the origin of the message m. A digital signature scheme consists of the following four algorithms. SysGen: The system parameter generation algorithm takes as input a security parameter λ . It returns the system parameters SP. KeyGen: The key generation algorithm takes as input the system parameters SP. It returns a public/secret key pair ( pk, sk). Sign: The signing algorithm takes as input a message m from its message space, the secret key sk, and the system parameters SP. It returns a signature of m denoted by σ m . 5 © Springer International Publishing AG, part of Springer Nature 2018 F. Guo et al., Introduction to Security Reduction, https://doi.org/10.1007/978-3-319-93049-7_2