Loading...
Please wait, while we are loading the content...
Similar Documents
CSE 599 b : Cryptography ( Winter 2006 ) Lecture 11 : Semantic Security vs Indistinguishability Security
| Content Provider | Semantic Scholar |
|---|---|
| Author | Beame, Paul |
| Copyright Year | 2006 |
| Abstract | From now on we will at least aim for the ability to handle chosen plaintext attacks (CPA). Also, of the two versions of chosen ciphertext attack, CCA1 and CCA2, we will only consider CCA2 attacks which allow the chosen ciphertexts to depend on (but be different from) the challenge ciphertext. We also have 3 security notions: Semantic Security (SS), Indistinguishability Security (IND) which is also sometimes called ‘left-or-right’ security (which is natural given the way the pair oracle works), and Nonmalleability (NM). So far, this leaves 6 potential levels of security of interest: IND-CPA, SS-CPA, NM-CPA, INDCCA2, SS-CCA2, NM-CCA2. However, we will see that the IND and SS versions are equivalent. In order to show this we need to define semantic security formally. The basic idea we want to capture is that an adversary that gets to query the encryption algorithm and choose any distribution on plaintexts, can’t predict the value of any polynomial-time computable function of a plaintext from that distribution given its ciphertext than it would if it received an encryption of an independently chosen (unrelated) plaintext from that distribution. To make it convenient to talk about what that adversary does, we split its operation into pieces that we describe separately. Definition 1.1. A symmetric encryption scheme (K, E , D) is SS-CPA secure if and only if for every polynomial-time computable function f and for every PPTs A, P ,M, the function |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://courses.cs.washington.edu/courses/cse599b/06wi/lecture11.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
