solutions 2

solutions 2 - ICS 180: Introduction to Cryptography...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
ICS 180: Introduction to Cryptography 4/22/2004 Solutions to homework 2 1 Security Defnitions [10+20 points] Defnition oF some security property oFten goes like this: We call some communication scheme Σ secure in the sense of resistance against attack of type “X” iF For all probabilistic polynomial time algorithms A , the probability that A succeeds in an “attack of type X” against Σ is negligibly small, i.e. it’s a negligible Function oF the security parameter τ . ±or example, the defnition oF one-way secure encryption scheme Σ = ( KGen,Enc,Dec ) has exactly this Form, where “attack of type X” oF A against Σ is the “decryption attack”, defned as Follows: (1) KGen is executed on the security parameter τ to create key k , (2) random m is picked in the messages space M , (3) ciphertext c is computed as Enc ( k,m ), and fnally (4) A runs on input c and outputs some string m . We say that A succeeds in this attack iF m = m . 1.1 [10 points] Show a (trivial) PPT algorithm which succeeds with a non-zero but negligible probability in an attack against the “one way security” property oF the one-time pad encryption scheme defned For message space M = { 0 , 1 } τ and key space K = { 0 , 1 } τ , where τ is the security parameter. Note that this means that even iF a scheme is perfectly secure , let alone one-way secure , there nevertheless usually exist e²cient attacks against it which succeed with negligible probability. This, in part, is why we usually cannot ask that that the probability oF suc- cessFul break oF our scheme be zero For all e²cient algorithms. Solution: The attack algorithm A , on input c = Enc ( k,m ) = k m , For k,m ∈ { 0 , 1 } τ , simply outputs a random string m ← { 0 , 1 } τ . A succeeds in inverting the one-time pad encryption iF m = m . A is PPT because guessing a τ -long string takes O ( τ ) time, while its probability oF success is Adv A ( τ ) = Prob [ m = m | k ← K ; m ← M ; c k m ; m A ( c ))] = Prob [ m = m | m ← { 0 , 1 } τ ; m ← { 0 , 1 } τ ] = 2 τ which is non-zero but negligible. 1.2 [bonus 20 points] Let’s show that the defnitions oF this type are “robust” in the Following sense: Assume that a scheme Σ is secure against “attack oF type X” in the above sense, but that there nevertheless exists an e²cient algorithm A which does succeed in this attack but only with a negligible probability, For example 2 p ( τ ) For some polynomial p ( · ). S2-1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Consider a new efcient attack algorithm A , which simply runs attack A For some polynomial number oF times, say p ( τ ), and succeeds iF any oF these runs oF A return a succesFul output. Argue why A is an efcient algorithm, and show that such polynomial- number oF repetitions oF attack against Σ still has only negligible probability oF success.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 7

solutions 2 - ICS 180: Introduction to Cryptography...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online