Lecture 4:One-Way Encryption vs. Indistinguishability

# Lecture 4:One-Way Encryption vs. Indistinguishability - ICS...

• Notes
• davidvictor
• 3

This preview shows pages 1–2. Sign up to view the full content.

ICS 180: Introduction to Cryptography April 15, 2004 Lecture 4: One-Way Encryption vs. Indistinguishability Lecturer: Stanislaw Jarecki 1 L ECTURE S UMMARY Last time we saw an example of an encryption scheme, the “textbook RSA” scheme, which can be one-way secure (that’s exactly the belief expressed in the “RSA assumption”) but is not secure in the sense of indistinguishability. Now we’ll see that any one-way encryption might have some bad characteristics that make it not indistinguishably secure. With these arguments we’ll try to convince you that the one-way security requirement on encryption is in fact not enough in practice. 2 One-Way Secure Encryption Can Leak Some Messages We’ll first show that an encryption scheme can be one-way secure and yet it can totally leak some messages. In fact, if an encryption scheme is one-way secure on some reasonable message space, for example M τ = { 0 , 1 } τ where τ is the security parameter, then it can very well be that there is a polynomially-sized subset M τ ⊂{ 0 , 1 } τ of messages (i.e. |M τ |≤ p ( τ ) for some polynomial p ( · ) ) 1 , s.t. when the encryption scheme is applied to any message m ∈M τ , the adversary can immediately recover m from the ciphertext. You might be tempted to think that since the size of this bad-message space M is negligible compared to M τ , because M τ / M τ = p ( τ ) / 2 τ < negl ( τ ) , maybe it follows that one is unlikely to encounter any m in this subset M τ ? But that’s not the right argument, because this encryption scheme can be bad for any set M τ ⊂{ 0 , 1 } τ , including the set of messages which are in fact the most likely ones that will get encrypted in a given application. For example, M τ can contain “yes”, “no”, “nothing new”, etc, and these might be what someone often wants to send.

This preview has intentionally blurred sections. Sign up to view the full version.

This is the end of the preview. Sign up to access the rest of the document.
• Spring '04
• Jarecki
• Cryptography, ENC, encryption scheme

{[ snackBarMessage ]}

### What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern