This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Chapter 4 Symmetric Encryption The symmetric setting considers two parties who share a key and will use this key to imbue commu nicated data with various security attributes. The main security goals are privacy and authenticity of the communicated data. The present chapter looks at privacy. A later chapter looks at authen ticity. Chapters 3 and 4 describe tools we shall use here. 4.1 Symmetric encryption schemes The primitive we will consider is called an encryption scheme. Such a scheme specifies an encryption algorithm , which tells the sender how to process the plaintext using the key, thereby producing the ciphertext that is actually transmitted. An encryption scheme also specifies a decryption algorithm , which tells the receiver how to retrieve the original plaintext from the transmission while possibly performing some verification, too. Finally, there is a keygeneration algorithm , which produces a key that the parties need to share. The formal description follows. Definition 4.1.1 A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms, as follows: The randomized key generation algorithm K returns a string K . We let Keys ( SE ) denote the set of all strings that have nonzero probability of being output by K . The members of this set are called keys . We write K $ K for the operation of executing K and letting K denote the key returned. The encryption algorithm E , which might be randomized or stateful, takes a key K Keys ( SE ) and a plaintext M { , 1 } to return a ciphertext C { , 1 } {} . We write C $ E K ( M ) for the operation of executing E on K and M and letting C denote the ciphertext returned. The deterministic decryption algorithm D takes a key K Keys ( SE ) and a ciphertext C { , 1 } to return some M { , 1 } {} . We write M D K ( C ) for the operation of executing D on K and C and letting M denote the message returned. The scheme is said to provide correct decryption if for any key K Keys ( SE ), any sequence of messages M 1 ,...,M q { , 1 } , and any sequence of ciphertexts C 1 $ E K ( M 1 ) ,C 2 $ E K ( M 2 ) ,... , C q $ E K ( M q ) that may arise in encrypting M 1 ,... ,M q , it is the case that D K ( C i ) = M i for each C i negationslash = . 2 SYMMETRIC ENCRYPTION The keygeneration algorithm, as the definition indicates, is randomized. It takes no inputs. When it is run, it flips coins internally and uses these to select a key K . Typically, the key is just a random string of some length, in which case this length is called the key length of the scheme. When two parties want to use the scheme, it is assumed they are in possession of a key K generated via K ....
View
Full
Document
 Winter '08
 daniele

Click to edit the document details