Talk:IND-CPA security

From CRYPTUTOR

in an indistinguishability def'n, there is no Alice & Bob... just an adversary trying to distinguish a bit.

first "experiment" appears to be standard one-time security (IND-onetime). The encryption oracle is vital to this CPA security def'n.

proposed outline:

define experiment for adversary A
define advantage of A in that experiment
define IND-CPA (either with epsilon parameter or for epsilon=0) based on advantage for all As
variants: epsilon advantage
other remarks specific to CPA-type security.

should be clear that encryption scheme must be randomized (perhaps make explicit), and that the encryption oracle given message m returns a random encryption of m, otherwise the experiment is meaningless (adversary just asks for the unique encryption of m_0 and m_1).

Retrieved from "http://crypto.cs.uiuc.edu/wiki/index.php/Talk:IND-CPA_security"

Views

Article
Discussion
Edit
+
History
PDF

Personal tools

38.107.191.80
Talk for this IP
Log in / create account

Search

Toolbox

What links here
Related changes
Upload file
Special pages
Printable version
Permanent link