{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

A Concrete Introduction to Higher Algebra, 2nd Edition

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
U.C. Berkeley — CS276: Cryptography Lecture Date: 5 March 2002 Professors Luca Trevisan and David Wagner Scribe: Samantha Riesenfeld Lecture 13: Left or Right Security The focus of this lecture is Left-or-Right (LOR) security, which was defined at the end of the last lecture. We will discuss some of the implications of LOR security in terms of other concepts of security, as well as some systems that are provably LOR secure. First we review the definition of LOR security: Definition 1 (Left or Right Security) Let § i ( x 0 , x 1 ) = x i . Then an ecryption system E is ( t, q, μ, ) -secure in the LOR sense against CPA if for all adversaries A running in time t and making q queries of total length at most μ , Pr i,k [ A E k ◦§ 0 = 1] Pr i,k [ A E k ◦§ 1 = 1] . Note that we require that | x | = | y | for oracle call ( x, y ) . Informally, this definition means that A cannot tell, except with low probability, whether on input ( x, y ), the oracle returns the ecryption of x or the encryption of y . LOR security is a very strong notion of security. We will show that it implies security against key recovery attacks and security against CPA. Theorem 1 LOR security implies security against key recovery attacks. Proof: If A E k is a key-recovery attack, we create B E k ◦§ i to be an LOR attack. Let O = E k ◦ § i . Define B O as follows: 1. Let k A f where f ( m ) = O ( m, m ), so k is the decryption key. 2.Let c ← O ( R, R ) where R, R R M , i.e. R and R are messages drawn at random from the same message space M . 3. If D k ( c ) = R , output 1; else output 0. When A succeeds in recovering the correct key, then B almost always succeds in distin- guishing whether the left or right message is being encrypted by O . The only case when B may fail though A is successful is when R = R . A big enough message space eliminates this problem.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}