A Concrete Introduction to Higher Algebra, 2nd Edition

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: U.C. Berkeley — CS276: Cryptography Lecture Notes: 01/29/2002 Professors Luca Trevisan and David Wagner Scribe: Deepak Rajan Lecture Notes: 01/29/2002 1 Message Indistinguishability ⇔ Semantic Security Last class, we showed that Semantic Security ( SS ) = ⇒ Message Indistinguishability ( MI ). Next, we try to prove that Message Indistinguishability ( MI ) = ⇒ Semantic Security ( SS ). In fact, we’ll prove that ( t, )- MI = ⇒ ( t , 2 )- SS , where t = t − poly ( n ). Before we do so, we need an equivalent definition for ( t, )- MI . Definition 1 For every m , m 1 ∈ { , 1 } n , for every algorithm A that runs in time ≤ t ( n ) − O ( n ) , for every a ∈ { , 1 } ∗ , | a | ≤ n Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m 1 , p k ) , p k ) = a ] − Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m , p k ) , p k ) = a ] ≤ 2 ( n ) ( ∗ ) (the distribution of outputs of A () is roughly the same given the encryption of m or m 1 .) Proposition 1 ( t, )- MI = ⇒ ( ∗ ) . Proof: Assume that ∃ A, a such that Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m 1 , p k ) , p k ) = a ] − Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m , p k ) , p k ) = a ] > 2 ( n ) (i.e. ( ∗ ) does not hold) Define A ( c, p ) as follows A ( c, p ) = 1 if A ( c, p ) = a 0 otherwise Now, Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m i , p k ) , p k ) = i ] = 1 2 Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m 1 , p k ) , p k ) = 1] + 1 2 Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m , p k ) , p k ) = 0] = 1 2 Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m 1 , p k ) , p k ) = a ] + 1 2 1 − Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m , p k ) , p k ) = a ] = 1 2 + 1 2 Pr ( p k ,s k ) ∈ G ( n ) [ A ( E ( m 1 , p k ) , p k ) = a ] − Pr ( p k ,s k ) ∈ G ( n ) [ A...
View Full Document

This note was uploaded on 02/04/2008 for the course CS 276 taught by Professor Trevisan during the Spring '02 term at University of California, Berkeley.

Page1 / 5

Jan 29 notes - U.C. Berkeley — CS276: Cryptography...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online