Unformatted text preview: ing an adversary A such that Adv indcpa AE ( A ) is high. You should specify the adversary, state its running time as a function of k (the smaller this is, the more credit you get), state the value of its advantage (the larger this is, the more credit you get) and justify the correctness of the adversary. Problem 2. [30 points] Let AE = ( K , E , D ) be an asymmetric encryption scheme whose message space includes { , 1 } k . DeFne the KEM KEM = ( K , EK , D ) with keylength k via algorithm EK K $ ← { , 1 } k C $ ← E pk ( K ) return ( K,C ) Show that if AE is INDCCA secure, then so is KEM . This means you must state a reductionstyle theorem and then prove it. The better your bounds, the more points you get. 1...
View
Full Document
 Winter '08
 daniele
 Computer Science, Cryptography, Mihir Bellare, correct decryption property

Click to edit the document details