solutions 2 - ICS 180 Introduction to Cryptography...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
ICS 180: Introduction to Cryptography 4/22/2004 Solutions to homework 2 1 Security Definitions [10+20 points] Definition of some security property often goes like this: We call some communication scheme Σ secure in the sense of resistance against attack of type “X” if for all probabilistic polynomial time algorithms A , the probability that A succeeds in an “attack of type X” against Σ is negligibly small, i.e. it’s a negligible function of the security parameter τ . For example, the definition of one-way secure encryption scheme Σ = ( KGen, Enc, Dec ) has exactly this form, where “attack of type X” of A against Σ is the “decryption attack”, defined as follows: (1) KGen is executed on the security parameter τ to create key k , (2) random m is picked in the messages space M , (3) ciphertext c is computed as Enc ( k, m ), and finally (4) A runs on input c and outputs some string m . We say that A succeeds in this attack if m = m . 1.1 [10 points] Show a (trivial) PPT algorithm which succeeds with a non-zero but negligible probability in an attack against the “one way security” property of the one-time pad encryption scheme defined for message space M = { 0 , 1 } τ and key space K = { 0 , 1 } τ , where τ is the security parameter. Note that this means that even if a scheme is perfectly secure , let alone one-way secure , there nevertheless usually exist efficient attacks against it which succeed with negligible probability. This, in part, is why we usually cannot ask that that the probability of suc- cessful break of our scheme be zero for all efficient algorithms. Solution: The attack algorithm A , on input c = Enc ( k, m ) = k m , for k, m ∈{ 0 , 1 } τ , simply outputs a random string m ←{ 0 , 1 } τ . A succeeds in inverting the one-time pad encryption if m = m . A is PPT because guessing a τ -long string takes O ( τ ) time, while its probability of success is Adv A ( τ ) = Prob [ m = m | k ←K ; m ←M ; c k m ; m A ( c ))] = Prob [ m = m | m ←{ 0 , 1 } τ ; m ←{ 0 , 1 } τ ] = 2 τ which is non-zero but negligible. 1.2 [bonus 20 points] Let’s show that the definitions of this type are “robust” in the following sense: Assume that a scheme Σ is secure against “attack of type X” in the above sense, but that there nevertheless exists an efficient algorithm A which does succeed in this attack but only with a negligible probability, for example 2 p ( τ ) for some polynomial p ( · ). S2-1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Consider a new efficient attack algorithm A , which simply runs attack A for some polynomial number of times, say p ( τ ), and succeeds if any of these runs of A return a succesful output. Argue why A is an efficient algorithm, and show that such polynomial- number of repetitions of attack against Σ still has only negligible probability of success. [[Hint: First of all, your goal is to argue that the probability that A succeeds is smaller than some negligible function for all large enough τ , i.e. for all τ larger than some τ 0 . Therefore all intermediate steps you make do not have to hold for all τ ’s, but only for all sufficiently large τ ’s.
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern