Message Authentication
Determine Origin of a Message Message Integrity
Detect all message modifications (e.g., forgeries) with very high probability
Note: by most definitions:
Message Authenticity => Message Integrity
Authenticated Encryption (AuE) Mod
Adversary Denition: Threat & A5ack Capability Models
Adversarys Anatomy
o - set of Attacks possible in a Computing Mode
o Goal
o Threat, Break
Capabilities methods
o i.e., what is needed to achieve goal
Attacks
o Computing Model
Power and Privilege
Exec
1.
From Asymptotic Proofs to Network Adversary Summary Chapters 1-3
The adversary's strategy is to attack the IND$-CPA property of the DPG encryption
scheme using multiple users under the adversary's control when- ever this property is
obtained by a non-t
From Asymptotic Proofs to Network Adversary Summary Chapters 4-5
1.
Security of an encryption scheme, (n), is formally denied in the asymptotic approach by
introducing the notion of an adversary A's advantage in attacking a security property of
that schem
Perfectly Secret Encryption Notes
Preliminary Notions
(Gen, Enc, Dec) = an encryption scheme
K = key space, M = message space, C = ciphertext space
K (defined by Gen) and M (defined by the user and Enc) are independent
Probability distributions over K,
o Real-or-Random Security
o Infeasibility of recovering the plaintext of a given challenge ciphertext in a
chosen-plaintext attack
o Or
o Real-or-Random insecurity <- Feasibility of recovering the plaintext of a given
challenge ciphertext in a chosen-plai
Hash Functions
h: cfw_0,1* -> cfw_0,1l
- a function that maps arbitrary-length strings into strings of fixed-length l 0 (e.g., l =
128, 160, 256, 512)
- evaluation of h is efficient and public
- in polynomial time in the length of the input string
- witho
PRF/PRP security wrt adversary A
o no Key-Recovery by adversary B
o PRF/PRP adversary A <- Key-Recovery adversary B
o this means that there exists an Adversary A that breaks PRF/PRP security
(i.e., when given a F-or-Rl,L oracle)
there exists an Adversar