Chapter 4
Symmetric Encryption
The symmetric setting considers two parties who share a key and will use this key to imbue commu
nicated data with various security attributes. The main security goals are privacy and authenticity
of the communicated data. The present chapter looks at privacy. A later chapter looks at authen
ticity. Chapters 3 and 4 describe tools we shall use here.
4.1
Symmetric encryption schemes
The primitive we will consider is called an
encryption scheme.
Such a scheme specifies an
encryption
algorithm
, which tells the sender how to process the plaintext using the key, thereby producing the
ciphertext that is actually transmitted. An encryption scheme also specifies a
decryption algorithm
,
which tells the receiver how to retrieve the original plaintext from the transmission while possibly
performing some verification, too. Finally, there is a
keygeneration algorithm
, which produces a
key that the parties need to share. The formal description follows.
Definition 4.1.1
A
symmetric encryption scheme
SE
= (
K
,
E
,
D
) consists of three algorithms, as
follows:
•
The randomized
key generation
algorithm
K
returns a string
K
. We let
Keys
(
SE
) denote the
set of all strings that have nonzero probability of being output by
K
. The members of this
set are called
keys
. We write
K
$
←K
for the operation of executing
K
and letting
K
denote
the key returned.
•
The
encryption
algorithm
E
, which might be randomized or stateful, takes a key
K
∈
Keys
(
SE
)
and a
plaintext
M
∈{
0
,
1
}
∗
to return a
ciphertext
C
∈{
0
,
1
}
∗
∪{⊥}
. We write
C
$
←E
K
(
M
)
for the operation of executing
E
on
K
and
M
and letting
C
denote the ciphertext returned.
•
The deterministic
decryption
algorithm
D
takes a key
K
∈
Keys
(
SE
) and a ciphertext
C
∈
{
0
,
1
}
∗
to return some
M
∈{
0
,
1
}
∗
∪{⊥}
.
We write
M
←D
K
(
C
) for the operation of
executing
D
on
K
and
C
and letting
M
denote the message returned.
The scheme is said to provide
correct decryption
if for any key
K
∈
Keys
(
SE
), any sequence of
messages
M
1
, . . . , M
q
∈{
0
,
1
}
∗
, and any sequence of ciphertexts
C
1
$
←E
K
(
M
1
)
, C
2
$
←E
K
(
M
2
)
, . . . ,
C
q
$
←E
K
(
M
q
) that may arise in encrypting
M
1
, . . . , M
q
, it is the case that
D
K
(
C
i
) =
M
i
for each
C
i
negationslash
=
⊥
.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
2
SYMMETRIC ENCRYPTION
The keygeneration algorithm, as the definition indicates, is randomized. It takes no inputs. When
it is run, it flips coins internally and uses these to select a key
K
. Typically, the key is just a random
string of some length, in which case this length is called the
key length
of the scheme. When two
parties want to use the scheme, it is assumed they are in possession of a key
K
generated via
K
.
How they came into joint possession of this key
K
in such a way that the adversary did not get
to know
K
is not our concern here, and will be addressed later. For now we assume the key has
been shared.
This is the end of the preview.
Sign up
to
access the rest of the document.
 Winter '08
 daniele
 Cryptography, symmetric encryption scheme, encryption scheme

Click to edit the document details