This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: ICS 180: Introduction to Cryptography April 8, 2004 Lecture 2: Computational Notion of Security Lecturer: Stanislaw Jarecki 1 L ECTURE S UMMARY We introduce the notion of computational security, in contrast to the perfect security of last lec ture, which was an informationtheoretic, rather than computational notion. We review the notions of algorithm running time, assymptotic notation, and polynomial time algorithms. We introduce notions of efficient algorithms, negligible probabilities, and adversarial advantage in attacking a cryptosystem. We exemplify these notions with an example of computational security definition for (privatekey) encryption, namely the indistinguishability of encryption. 2 Computational Notion of Secrecy for Encryption In the last lecture we saw that the perfect secrecy definition for encryption can be satisfied only by ciphers whose keys are as long as the messages they encrypt. With the computational notion of secrecy we try to preserve the spirit of Shannon’s perfect secrecy notion, but we relax it in two fundamental ways, which in the end allows us to actually satisfy this notion with some practical algorithms. Recall that we called a cipher perfectly secret if for every pair of messages m ,m 1 ∈ M and ciphertext c we have Prob k ←K [ Enc ( k,m ) = c ] = Prob k ←K [ Enc ( k,m 1 ) = c ] In other words, if encryptions of m look exactly the same as encryptions of m 1 . The computational version of this definition will say that for every messages m ,m 1 , for every efficient algorithms A , the adversarial advantage of A in distinguishing encryptions of m from encryptions of m 1 is negligibly small , i.e.  Prob k ←K [ A ( m ,m 1 ,c ) = 1  c ← Enc ( k,m )] Prob k ←K [ A ( m ,m 1 ,c ) = 1  c ← Enc ( k,m 1 )]  < ǫ for some negligibly small ǫ . What do we mean by “efficient algorithm” and “negligibly small” factor? By “efficient algo rithm” we mean probabilistic polynomial time . The next section reviews what probabilistic polyno mial time algorithms are, and recalls some associated notation. 3 Review of Algorithm Analysis First some notation (you can skip this now and only refer to it as needed): L21 • By Z we denote the set of integers, by N the naturals (i.e. positive integers plus zero), and by R the set of real numbers. Note that N ⊂ Z ⊂ R . • If D,R are sets, we denote functions f from domain D to range R as f : D → R . For example, f : N → [0 , 1] is a function from naturals to the interval between and 1 . • We’ll denote assignment of a random variable according to some distribution with the ← sign. For example, by b ← { , 1 } we denote the event of picking a random element in set { , 1 } and assigning its value to variable b . In other words, in this case b is a random bit....
View
Full
Document
This note was uploaded on 01/30/2008 for the course ICS 180 taught by Professor Jarecki during the Spring '04 term at UC Irvine.
 Spring '04
 Jarecki

Click to edit the document details