This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: ICS 180: Introduction to Cryptography 6/3/2004 Handout 2: Symmetric Encryption from a PRF A PRF is a very powerful source of (pseudo)randomness and therefore it can be imme diately turned into powerful ciphers. The construction is very simple: just use the outputs of the pseudorandom function as onetime pads to xor your message with. We give here a simple proof that the resulting encryption is secure both under the Chosen Plaintext Attack (CPA) and under the Lunchtime Attack, sometimes called Chosen Ciphertext Attack 1 (CCA1). 1 First, a Pseudorandom Function [PRF] family is defined as set of functions { F s } s { , 1 } n , where F s : { , 1 } l ( n ) { , 1 } L ( n ) for every s { , 1 } n , s.t. 1. F s ( x ) is polytime computable (for every s,x ). 2. Functions F s are indistinguishable from random functions on the same domain/range, i.e. from functions chosen at random from family of all functions mapping domain { , 1 } l ( n ) to range { , 1 } L ( n ) . Formally, we require that for every PPT A , the following two distributions are indistinguishable: { A F k ( ) (1 n ) } k { , 1 } n { A R ( ) (1 n ) } R RndFct ( l ( n ) ,L ( n )) (1) Where in each case, A can interact with functions F k or R as with oracles: For any input A gives to the oracle, he receives an output a value of the function at this input. Now, using such PRF family { F s } , we can design a symmetric encryption scheme as follows: KGen (1 n ) k, for k { , 1 } n (2) Enc k ( m ) ( x,F k ( x ) m ) , for x { , 1 } l ( n ) , assuming  m  = L ( n ) (3) Dec k (( c 1 ,c 2 )) F k ( c 1 ) c 2 (4) Theorem 1 The above (symmetric) encryption scheme is (CPA,CCA1)secure....
View
Full
Document
This note was uploaded on 01/30/2008 for the course ICS 180 taught by Professor Jarecki during the Spring '04 term at UC Irvine.
 Spring '04
 Jarecki

Click to edit the document details