Handout 2: Symmetric Encryption from a PRF

Handout 2: Symmetric Encryption from a PRF - ICS 180...

This preview shows pages 1–2. Sign up to view the full content.

ICS 180: Introduction to Cryptography 6/3/2004 Handout 2: Symmetric Encryption from a PRF A PRF is a very powerful source of (pseudo)randomness and therefore it can be imme- diately turned into powerful ciphers. The construction is very simple: just use the outputs of the pseudorandom function as one-time pads to xor your message with. We give here a simple proof that the resulting encryption is secure both under the Chosen Plaintext Attack (CPA) and under the “Lunchtime Attack”, sometimes called “Chosen Ciphertext Attack 1” (CCA1). 1 First, a Pseudorandom Function [PRF] family is defined as set of functions { F s } s ∈{ 0 , 1 } n , where F s : { 0 , 1 } l ( n ) →{ 0 , 1 } L ( n ) for every s ∈{ 0 , 1 } n , s.t. 1. F s ( x ) is polytime computable (for every s, x ). 2. Functions F s are indistinguishable from random functions on the same domain/range, i.e. from functions chosen at random from family of all functions mapping domain { 0 , 1 } l ( n ) to range { 0 , 1 } L ( n ) . Formally, we require that for every PPT A , the following two distributions are indistinguishable: { A F k ( · ) (1 n ) } k ←{ 0 , 1 } n ≈{ A R ( · ) (1 n ) } R RndFct ( l ( n ) ,L ( n )) (1) Where in each case, A can interact with functions F k or R as with oracles: For any input A gives to the oracle, he receives an output a value of the function at this input. Now, using such PRF family { F s } , we can design a symmetric encryption scheme as follows: KGen (1 n ) k, for k ←{ 0 , 1 } n (2) Enc k ( m ) ( x, F k ( x ) m ) , for x ←{ 0 , 1 } l ( n ) , assuming | m | = L ( n ) (3) Dec k (( c 1 , c 2 )) F k ( c 1 ) c 2 (4) Theorem 1 The above (symmetric) encryption scheme is (CPA,CCA1)-secure. Proof: (Part 1) Recall first what does it mean that an (symmetric) encryption is (CPA,CCA1)- secure. It means that any PPT adversary A running in the following game, denoted A O CP A/CCA 1 (1 n ) (i.e. A has input 1 n

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern