This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: ICS 180: Introduction to Cryptography 4/15/2004 Homework 2 Due Thursday, 4/22/2004 at the beginning of class. 1 Security Definitions [10+20 points] Definition of some security property often goes like this: We call some communication scheme secure in the sense of resistance against attack of type X if for all probabilistic polynomial time algorithms A , the probability that A succeeds in an attack of type X against is negligibly small, i.e. its a negligible function of the security parameter . For example, the definition of oneway secure encryption scheme = ( KGen,Enc,Dec ) has exactly this form, where attack of type X of A against is the decryption attack, defined as follows: (1) KGen is executed on the security parameter to create key k , (2) random m is picked in the messages space M , (3) ciphertext c is computed as Enc ( k,m ), and finally (4) A runs on input c and outputs some string m . We say that A succeeds in this attack if m = m . 1.1 [10 points] Show a (trivial) PPT algorithm which succeeds with a nonzero but negligible probability in an attack against the one way security property of the onetime pad encryption scheme defined for message space M = { , 1 } and key space K = { , 1 } , where is the security parameter. Note that this means that even if a scheme is perfectly secure , let alone oneway secure , there nevertheless usually exist efficient attacks against it which succeed with negligible probability. This, in part, is why we usually cannot ask that that the probability of suc cessful break of our scheme be zero for all efficient algorithms....
View
Full
Document
 Spring '04
 Jarecki

Click to edit the document details