Handout 2: Symmetric Encryption from a PRF

Handout 2: Symmetric Encryption from a PRF - ICS 180:...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ICS 180: Introduction to Cryptography 6/3/2004 Handout 2: Symmetric Encryption from a PRF A PRF is a very powerful source of (pseudo)randomness and therefore it can be imme- diately turned into powerful ciphers. The construction is very simple: just use the outputs of the pseudorandom function as one-time pads to xor your message with. We give here a simple proof that the resulting encryption is secure both under the Chosen Plaintext Attack (CPA) and under the Lunchtime Attack, sometimes called Chosen Ciphertext Attack 1 (CCA1). 1 First, a Pseudorandom Function [PRF] family is defined as set of functions { F s } s { , 1 } n , where F s : { , 1 } l ( n ) { , 1 } L ( n ) for every s { , 1 } n , s.t. 1. F s ( x ) is polytime computable (for every s,x ). 2. Functions F s are indistinguishable from random functions on the same domain/range, i.e. from functions chosen at random from family of all functions mapping domain { , 1 } l ( n ) to range { , 1 } L ( n ) . Formally, we require that for every PPT A , the following two distributions are indistinguishable: { A F k ( ) (1 n ) } k { , 1 } n { A R ( ) (1 n ) } R RndFct ( l ( n ) ,L ( n )) (1) Where in each case, A can interact with functions F k or R as with oracles: For any input A gives to the oracle, he receives an output a value of the function at this input. Now, using such PRF family { F s } , we can design a symmetric encryption scheme as follows: KGen (1 n ) k, for k { , 1 } n (2) Enc k ( m ) ( x,F k ( x ) m ) , for x { , 1 } l ( n ) , assuming | m | = L ( n ) (3) Dec k (( c 1 ,c 2 )) F k ( c 1 ) c 2 (4) Theorem 1 The above (symmetric) encryption scheme is (CPA,CCA1)-secure....
View Full Document

This note was uploaded on 01/30/2008 for the course ICS 180 taught by Professor Jarecki during the Spring '04 term at UC Irvine.

Page1 / 3

Handout 2: Symmetric Encryption from a PRF - ICS 180:...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online