Académique Documents
Professionnel Documents
Culture Documents
Stream ciphers
Seman1c
security
Goal:
secure
PRG
secure
stream
cipher
Dan
Boneh
m0 , m1 M : |m0| = |m1|
Adv. A
c E(k, mb)
b {0,1}
Dan Boneh
for
all
explicit
m0
,
m1
M
:
{
E(k,m0)
}
p
{
E(k,m1)
}
Dan
Boneh
Examples
Suppose
ecient
A
can
always
deduce
LSB
of
PT
from
CT.
E =
(E,D)
is
not
seman1cally
secure.
b{0,1}
Chal.
kK
m 0,
m 1,
LSB(m0)=0
LSB(m1)=1
C E(k, mb)
Adv. B (us)
Adv.
A
(given)
LSB(mb)=b
Dan Boneh
m0 , m1 M : |m0| = |m1|
Adv. A
c km0 or c km1
b
{0,1}
For
all
A:
AdvSS[A,OTP]
=
|
Pr[
A(km0)=1
]
Pr[
A(km1)=1
]
|=
0
Dan
Boneh
End of Segment
Dan Boneh