This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: University of California Berkeley Handout PS1 CS276: Cryptography February 12, 2002 Professors Luca Trevisan and David Wagner Problem Set 1 This problem set is due in class on Thursday, February 21. Problem 1. [Power of Simulator in Semantic Security] For a public-key encryption system ( G, E, D ), consider the following notion of weak-( t, )- Semantic-Security; For every message distribution X , side information h , desired information f , and adversary A running in time t ( n ), there is a simulator S of arbitrary running time such that Pr ( pk,sk ) G,m X [ A ( E ( pk, m ) , pk, h ( m )) = f ( m )] Pr m X [ S ( pk, h ( m )) = f ( m )] + Notice how the arbitrary running time of the adversary makes this definition weaker than the one seen in class. Then consider the following definition of strong-( t, )-Semantic Security. There is a polynomial p such that for every message distribution X , side information h , desired information f , and adversary A running in time t A ( n ) t ( n ), there is a simulator S running in time t A ( n ) + p ( n ) such that Pr ( pk,sk ) G,m X [ A ( E ( pk, m ) , pk, h ( m )) = f ( m )] Pr m X [ S ( pk, h ( m )) = f ( m )] + Notice that this definition is stronger because the adversary has to run in time t A ( n ) + poly ( n ) instead of poly ( t A ( n )), and typically we are interested in the case where t A () is super-polynomial. Prove that the two definitions are equivalent and, specifically, if a system is weak-( t, )- semantically secure, then it is also strong-( t, 2 )-semantically secure....
View Full Document
This homework help was uploaded on 02/04/2008 for the course CS 276 taught by Professor Trevisan during the Spring '02 term at University of California, Berkeley.
- Spring '02