fmouhart/thesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Small rewriting

Browse Source
This commit is contained in:
Fabrice Mouhartem 2018-02-12 15:02:04 +01:00
parent 19440fa656
commit 723cc66560
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
chap-proofs.tex
View File

@ -102,9 +102,11 @@ In cryptology, it is also important to consider the success probability of algor
an attack is successful if the probability that it succeed is noticeable.
\index{Negligible function}
\scbf{Notation.} Let $f : \NN \to [0,1]$ be a function. The function $f$ is said to be \emph{negligible} if $f(n) = n^{-\omega(1)}_{}$, and this is written $f(n) = \negl[n]$.
Non-negligible functions are also called \emph{noticeable} functions.
And if $f = 1- \negl[n]$, $f$ is said to be \emph{overwhelming}.
\begin{definition}[Negligible, noticeable, overwhelming probability] \label{de:negligible}
Let $f : \NN \to [0,1]$ be a function. The function $f$ is said to be \emph{negligible} if $f(n) = n^{-\omega(1)}_{}$, and this is written $f(n) = \negl[n]$.\\
Non-negligible functions are also called \emph{noticeable} functions.\\
Finally, if $f = 1- \negl[n]$, $f$ is said to be \emph{overwhelming}.
\end{definition}
Once that we define the notions related to the core of the proof, we have to define the objects on what we work on.
Namely, defining what we want to prove, and the hypotheses on which we rely, also called ``hardness assumption''.
@ -279,6 +281,4 @@ Therefore, the existence of a simulator $\widehat{\adv}$ that does not use $pk$
For $\PKE$, the simulation-based definition for chosen plaintext security is the same as the indistinguishability security~\cite[Se. 5.2.3]{Gol04}.
As indistinguishability based model are easier to manipulate, that's why this is the most common definition for security against chosen plaintext attacks for $\PKE$.
For other primitives, such as Oblivious Transfer ($\OT$) described in Chapter~\ref{ch:ac-ot}, the simulation-based definitions are strictly stronger than indistinguishability definitions~\cite{CF01}.
Therefore, it is preferable to have security proofs of the strongest possible definitions in theoretical cryptography.
Therefore, it is preferable to have security proofs of the strongest \emph{possible} definitions in theoretical cryptography.