{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

# w-se - Chapter 4 Symmetric Encryption The symmetric setting...

This preview shows pages 1–3. Sign up to view the full content.

Chapter 4 Symmetric Encryption The symmetric setting considers two parties who share a key and will use this key to imbue commu- nicated data with various security attributes. The main security goals are privacy and authenticity of the communicated data. The present chapter looks at privacy. A later chapter looks at authen- ticity. Chapters 3 and 4 describe tools we shall use here. 4.1 Symmetric encryption schemes The primitive we will consider is called an encryption scheme. Such a scheme specifies an encryption algorithm , which tells the sender how to process the plaintext using the key, thereby producing the ciphertext that is actually transmitted. An encryption scheme also specifies a decryption algorithm , which tells the receiver how to retrieve the original plaintext from the transmission while possibly performing some verification, too. Finally, there is a key-generation algorithm , which produces a key that the parties need to share. The formal description follows. Definition 4.1.1 A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms, as follows: The randomized key generation algorithm K returns a string K . We let Keys ( SE ) denote the set of all strings that have non-zero probability of being output by K . The members of this set are called keys . We write K \$ ←K for the operation of executing K and letting K denote the key returned. The encryption algorithm E , which might be randomized or stateful, takes a key K Keys ( SE ) and a plaintext M ∈{ 0 , 1 } to return a ciphertext C ∈{ 0 , 1 } ∪{⊥} . We write C \$ ←E K ( M ) for the operation of executing E on K and M and letting C denote the ciphertext returned. The deterministic decryption algorithm D takes a key K Keys ( SE ) and a ciphertext C { 0 , 1 } to return some M ∈{ 0 , 1 } ∪{⊥} . We write M ←D K ( C ) for the operation of executing D on K and C and letting M denote the message returned. The scheme is said to provide correct decryption if for any key K Keys ( SE ), any sequence of messages M 1 , . . . , M q ∈{ 0 , 1 } , and any sequence of ciphertexts C 1 \$ ←E K ( M 1 ) , C 2 \$ ←E K ( M 2 ) , . . . , C q \$ ←E K ( M q ) that may arise in encrypting M 1 , . . . , M q , it is the case that D K ( C i ) = M i for each C i negationslash = .

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
2 SYMMETRIC ENCRYPTION The key-generation algorithm, as the definition indicates, is randomized. It takes no inputs. When it is run, it flips coins internally and uses these to select a key K . Typically, the key is just a random string of some length, in which case this length is called the key length of the scheme. When two parties want to use the scheme, it is assumed they are in possession of a key K generated via K . How they came into joint possession of this key K in such a way that the adversary did not get to know K is not our concern here, and will be addressed later. For now we assume the key has been shared.
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 33

w-se - Chapter 4 Symmetric Encryption The symmetric setting...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online