Lecture 4:One-Way Encryption vs. Indistinguishability

Lecture 4:One-Way Encryption vs. Indistinguishability - ICS...

Info icon This preview shows pages 1–2. Sign up to view the full content.

ICS 180: Introduction to Cryptography April 15, 2004 Lecture 4: One-Way Encryption vs. Indistinguishability Lecturer: Stanislaw Jarecki 1 L ECTURE S UMMARY Last time we saw an example of an encryption scheme, the “textbook RSA” scheme, which can be one-way secure (that’s exactly the belief expressed in the “RSA assumption”) but is not secure in the sense of indistinguishability. Now we’ll see that any one-way encryption might have some bad characteristics that make it not indistinguishably secure. With these arguments we’ll try to convince you that the one-way security requirement on encryption is in fact not enough in practice. 2 One-Way Secure Encryption Can Leak Some Messages We’ll first show that an encryption scheme can be one-way secure and yet it can totally leak some messages. In fact, if an encryption scheme is one-way secure on some reasonable message space, for example M τ = { 0 , 1 } τ where τ is the security parameter, then it can very well be that there is a polynomially-sized subset M τ ⊂{ 0 , 1 } τ of messages (i.e. |M τ |≤ p ( τ ) for some polynomial p ( · ) ) 1 , s.t. when the encryption scheme is applied to any message m ∈M τ , the adversary can immediately recover m from the ciphertext. You might be tempted to think that since the size of this bad-message space M is negligible compared to M τ , because M τ / M τ = p ( τ ) / 2 τ < negl ( τ ) , maybe it follows that one is unlikely to encounter any m in this subset M τ ? But that’s not the right argument, because this encryption scheme can be bad for any set M τ ⊂{ 0 , 1 } τ , including the set of messages which are in fact the most likely ones that will get encrypted in a given application. For example, M τ can contain “yes”, “no”, “nothing new”, etc, and these might be what someone often wants to send.
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Image of page 2
This is the end of the preview. Sign up to access the rest of the document.
  • Spring '04
  • Jarecki
  • Cryptography, ENC, encryption scheme

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern