ICS 180: Introduction to Cryptography
6/03/2004
Homework 6
Due
Thursday
, 6/10/2004
1
Symmetric encryptions from a PRP
Let
P
:
{
0
,
1
}
τ
×{
0
,
1
}
m
→{
0
,
1
}
m
be a PRP. Assume that
m
is polynomial in
τ
. Assume
that every PPT adversary running in time
t
has at most advantage
ǫ
in distinguishing
P
from a random permutation, i.e. that for all PPT’s
A
s.t.
Time
A
≤
t
,

Prob
[
A
P
s
(1
τ
) = 1]
s
←{
0
,
1
}
τ
−
Prob
[
A
R
(1
τ
) = 1]
R
←
RNDPRM
(
τ,m
)
 ≤
ǫ
Consider the following symmetric encryption scheme: The secret key is
s
←{
0
,
1
}
τ
. To
encrypt a message
M
∈{
0
,
1
}
m
, the sender picks
r
←{
0
,
1
}
m/
2
, concatenates
r
and
M
,
and computes the ciphertext as
c
=
P
s
([
r

M
]).
1.1
Show how to decrypt.
1.2
Consider the security of this scheme in the sense of indistinguishability. Bound the advan
tage
ǫ
′
that an adversary
A
′
running in time
t
′
has in distinguishing random ciphertexts of
any two messages
M
0
, M
1
∈{
0
,
1
}
m
.
1.3
Consider the security of this scheme against a
chosenmessage attack
.
In other words,
consider an adversary
A
′
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Spring '04
 Jarecki
 Cryptography, PRP, feistel network, 3layer feistel network

Click to edit the document details