Lecture 3: One-Way Encryption, RSA Example

Lecture 3: One-Way Encryption, RSA Example - ICS 180...

Info icon This preview shows pages 1–3. Sign up to view the full content.

ICS 180: Introduction to Cryptography April 13, 2004 Lecture 3: One-Way Encryption, RSA Example Lecturer: Stanislaw Jarecki 1 L ECTURE S UMMARY We look at a different security property one might require of encryption, namely one-way security . The notion is natural and seems like a minimal requirement on an encryption scheme. It makes sense for both symmetric and public-key encryption schemes. To make the discussion more concrete, we look at the so-called “textbook” variant of the RSA encryption, and see how to pick keys in relation to the security parameter so that the best algorithms that invert RSA are either inefficient or have only negligible advantage. We will also see that while the “textbook RSA” can plausibly be one- way secure, it is definitely not secure in the sense of indistinguishabibility (this security property of encryption schemes was defined in the last class). This shows us that one-wayness is a weaker notion than indistinguishability. 2 One-Way Security for Encryption In the last lecture we developed the computational version (relaxation) of the perfect secrecy security property for encryption schemes, which we called indistinguishability of encryption. This notion is pretty strong, and today we’ll look at a weaker notion of security for encryption, namely one-way security . In essence, we say that an encryption scheme is one-way secure if it is infeasible to decrypt ciphertexts of random plaintexts (i.e. randomly chosen from a big-enough message space). Here is the formal definition, first for the case of symmetric encryption schemes: Definition 1 (one-way secure (symmetric) encryption) We call a (symmetric) encryption scheme Σ = ( KGen, Enc, Dec ) one-way secure for (family of) message spaces {M τ } τ =1 , 2 ,... if for all PPT algorithms A , the following holds: Adv A ( τ ) = Prob [ A ( c ) = m | k KGen (1 τ ); m ←M τ ; c Enc ( k, m )] negl ( τ ) And here is the corresponding definition for public-key encryption schemes. The only real difference is that here the adversary sees the public key used to encrypt messages: Definition 2 (one-way secure (public key) encryption) We call a (public-key) encryption scheme Σ = ( KGen, Enc, Dec ) one-way secure for (family of) message spaces {M τ } τ =1 , 2 ,... if for all PPT algorithms A , the following holds: Adv A ( τ ) = Prob [ A ( PK, c ) = m | ( SK, PK ) KGen (1 τ ); m ←M τ ; c Enc ( PK, m )] negl ( τ ) L3-1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Discussion. The one-wayness of encryption seems to be a pretty minimal requirement needed of an encryption scheme. Suppose, on the contrary, that an encryption scheme is not one-way. This would mean that there exists an efficient algorithm A which has a non-negligible chance of success in decrypting an encryption of a random message. Notice that in any application of an encryption scheme, the encryption/decryption keys are going to be picked by a (random) run of the KGen (1 τ ) algorithm, which is just like in the one-wayness game the adversary plays with an encryption scheme in the above definition(s). So if A ’s advantage in this game is “sizable”, i.e. larger than negligible (larger than 1 /p ( τ )
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.
  • Spring '04
  • Jarecki
  • Cryptography, Encryption, public-key encryption, encryption scheme, RSA Example

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern