Stream ciphers are semantically secure Online Cryptography Course Dan Boneh Goal secure PRG semantically secure stream cipher Stream ciphers are semantically secure ID: 398575
Download Presentation The PPT/PDF document "Stream ciphers" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Stream ciphers
Stream ciphers are semantically secure
Online Cryptography Course Dan Boneh
Goal: secure PRG ⇒ semantically secure stream cipherSlide2
Stream ciphers are semantically secure
Thm
: G:K ⟶{0,1}n is a secure PRG ⇒ stream cipher E derived from G is sem. sec. ∀ sem. sec. adversary A , ∃a PRG adversary B s.t.
Adv
SS[A,E] ≤ 2 ∙ AdvPRG[B,G] Slide3
Proof: Let A be a sem. sec. adversary.For b=0,1:
Wb := [ event that b’=1 ].
AdvSS[A,E] = | Pr[ W0 ] − Pr[ W1 ] |
Chal.
b
Adv. A
k
K
m
0
, m
1
M : |m
0
| = |m
1
|
c
m
b ⊕ G(k)
b’
{0,1}
r
{0,1}
nSlide4
Proof: Let A be a sem. sec. adversary.For b=0,1:
Wb := [ event that b’=1 ].
AdvSS[A,E] = | Pr[ W0 ] − Pr[ W1 ] |
For b=0,1: Rb := [ event that b’=1 ]
Chal.
b
Adv. A
k
K
m
0
, m
1
M : |m
0
| = |m
1
|
c
mb ⊕ r
b’
{0,1}
r
{0,1}
nSlide5
Proof: Let A be a sem. sec. adversary.Claim 1: |Pr[R0] – Pr
[R1]| =
Claim 2: ∃B: |Pr[Wb] – Pr[Rb]| =
⇒
AdvSS[A,E] =
|Pr[W0] – Pr[W1
]
|
≤ 2 ∙
Adv
PRG
[B,G]
0
1
Pr
[W
0
]
Pr
[W
1
]Pr[Rb]Slide6
Proof of claim 2: ∃B: |Pr[W0] – Pr[R
0]| = AdvPRG
[B,G] Algorithm B:AdvPRG[B,G
] =
PRG adv. B (us)
Adv. A(given)
c
m
0
⊕
y
y ∈ {0,1}
n
m
0
, m
1
b
’
∈ {0,1}Slide7
End of Segment