This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: University of California Berkeley Handout PS1 CS276: Cryptography February 12, 2002 Professors Luca Trevisan and David Wagner Problem Set 1 This problem set is due in class on Thursday, February 21. Problem 1. [Power of Simulator in Semantic Security] For a publickey encryption system ( G, E, D ), consider the following notion of weak( t, ) SemanticSecurity; For every message distribution X , side information h , desired information f , and adversary A running in time t ( n ), there is a simulator S of arbitrary running time such that Pr ( pk,sk ) G,m X [ A ( E ( pk, m ) , pk, h ( m )) = f ( m )] Pr m X [ S ( pk, h ( m )) = f ( m )] + Notice how the arbitrary running time of the adversary makes this definition weaker than the one seen in class. Then consider the following definition of strong( t, )Semantic Security. There is a polynomial p such that for every message distribution X , side information h , desired information f , and adversary A running in time t A ( n ) t ( n ), there is a simulator S running in time t A ( n ) + p ( n ) such that Pr ( pk,sk ) G,m X [ A ( E ( pk, m ) , pk, h ( m )) = f ( m )] Pr m X [ S ( pk, h ( m )) = f ( m )] + Notice that this definition is stronger because the adversary has to run in time t A ( n ) + poly ( n ) instead of poly ( t A ( n )), and typically we are interested in the case where t A () is superpolynomial. Prove that the two definitions are equivalent and, specifically, if a system is weak( t, ) semantically secure, then it is also strong( t, 2 )semantically secure....
View
Full
Document
This homework help was uploaded on 02/04/2008 for the course CS 276 taught by Professor Trevisan during the Spring '02 term at University of California, Berkeley.
 Spring '02
 Trevisan

Click to edit the document details