Mar 05 notes

# A Concrete Introduction to Higher Algebra, 2nd Edition

• Notes
• davidvictor
• 4

This preview shows pages 1–2. Sign up to view the full content.

U.C. Berkeley — CS276: Cryptography Lecture Date: 5 March 2002 Professors Luca Trevisan and David Wagner Scribe: Samantha Riesenfeld Lecture 13: Left or Right Security The focus of this lecture is Left-or-Right (LOR) security, which was defined at the end of the last lecture. We will discuss some of the implications of LOR security in terms of other concepts of security, as well as some systems that are provably LOR secure. First we review the definition of LOR security: Definition 1 (Left or Right Security) Let § i ( x 0 , x 1 ) = x i . Then an ecryption system E is ( t, q, μ, ) -secure in the LOR sense against CPA if for all adversaries A running in time t and making q queries of total length at most μ , Pr i,k [ A E k ◦§ 0 = 1] Pr i,k [ A E k ◦§ 1 = 1] . Note that we require that | x | = | y | for oracle call ( x, y ) . Informally, this definition means that A cannot tell, except with low probability, whether on input ( x, y ), the oracle returns the ecryption of x or the encryption of y . LOR security is a very strong notion of security. We will show that it implies security against key recovery attacks and security against CPA. Theorem 1 LOR security implies security against key recovery attacks. Proof: If A E k is a key-recovery attack, we create B E k ◦§ i to be an LOR attack. Let O = E k ◦ § i . Define B O as follows: 1. Let k A f where f ( m ) = O ( m, m ), so k is the decryption key. 2.Let c ← O ( R, R ) where R, R R M , i.e. R and R are messages drawn at random from the same message space M . 3. If D k ( c ) = R , output 1; else output 0. When A succeeds in recovering the correct key, then B almost always succeds in distin- guishing whether the left or right message is being encrypted by O . The only case when B may fail though A is successful is when R = R . A big enough message space eliminates this problem.

This preview has intentionally blurred sections. Sign up to view the full version.

This is the end of the preview. Sign up to access the rest of the document.
• Spring '02
• Trevisan
• Cryptography, Encryption, FK, random function, LOR security

{[ snackBarMessage ]}

### What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern