module 7 Flashcards

1
Q

alternative definition of security for PRG

A

indistinguishability from random

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

indistinguishability

A

informally: can adversary tell the difference between the output of experiment 1 and the output of experiment 2
formally: does there exist an efficient statistical test that distinguishes between the output of these experiments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

statistical test

A

an algorithm A that on input x E {0,1}^n:
outputs 0 when it thinks x is not random
outputs 1 when it thinks x is random

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

advantage

A

captures how good a statistical test is at differentiating inputs

if advantage is close to 1:
– statistical test behaves differently when given pseudorandom inputs vs random inputs (so it’s good!)

if advantage is close to 0:
– statistical test behaves the same for both (so it is bad!)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

computational indistinguishability

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

PRG security in terms of indistinguishability

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

semantic security

A

perfect secrecy is too strong of a definition
– only OTP or its generalizations can satisfy it

SS is an analogue of perfect secrecy against PPT (probabilistic polynomial time) adversaries

definition: given the ciphertext of a message m, no PPT adversary can determine any information about m with probability non-negligibly higher than all PPT adversaries that only have access to m’s length

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

semantic security is hard to work with, so instead we work with a definition of security that is equivalent to SS, but that is based on indistinguishability. This is called ____.

A

ciphertext indistinguishability against chosen plaintext attackers (IND-CPA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IND-CPA

A

assumes that the adversary:

  • is computationally-bounded (weaker than perfect secrecy)
  • picks the plaintexts to be encrypted

approach

  • indistinguishability def requires 2 distributions from which to distinguish
  • construct a challenger that will output from one of two distributions
  • ask whether adversary can distinguish between the two
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IND-CPA Security Game

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do we define if a cryptosystem is secure using the IND-CPA game?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

how do cryptographic reduction proofs work?

A

*useful to establish that if cryptographic object X is secure, then cryptographic object Y is also secure

typically work by contradiction

  • assume Y is not secure. then show how the attack of Y can also break X
  • since X is secure, attacker of Y cannot break Y (contradiction)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

properties of cryptographic hash functions

A
  1. pre-image resistance
    given a digest y, it is computationally hard for a PPT adversary to find any x such that H(x) = y
  2. second pre-image resistance
    give x1 it is computationally hard for a PPT adversary to find a different x2 (x1 != x2) such that H(x1) = H(x2)
  3. collision resistance
    it is hard for a PPT adversary to find any two values x1, x2, (x1 != x2) such that H(x1) = H(x2)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

proof that collision resistance implies second pre-image resistance

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly