From 723cc6656012e045ceeb5ce02c655a99735873cf Mon Sep 17 00:00:00 2001 From: Fabrice Mouhartem Date: Mon, 12 Feb 2018 15:02:04 +0100 Subject: [PATCH] Small rewriting --- chap-proofs.tex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/chap-proofs.tex b/chap-proofs.tex index 3d8de13..ff24b4a 100644 --- a/chap-proofs.tex +++ b/chap-proofs.tex @@ -102,9 +102,11 @@ In cryptology, it is also important to consider the success probability of algor an attack is successful if the probability that it succeed is noticeable. \index{Negligible function} -\scbf{Notation.} Let $f : \NN \to [0,1]$ be a function. The function $f$ is said to be \emph{negligible} if $f(n) = n^{-\omega(1)}_{}$, and this is written $f(n) = \negl[n]$. -Non-negligible functions are also called \emph{noticeable} functions. -And if $f = 1- \negl[n]$, $f$ is said to be \emph{overwhelming}. +\begin{definition}[Negligible, noticeable, overwhelming probability] \label{de:negligible} + Let $f : \NN \to [0,1]$ be a function. The function $f$ is said to be \emph{negligible} if $f(n) = n^{-\omega(1)}_{}$, and this is written $f(n) = \negl[n]$.\\ + Non-negligible functions are also called \emph{noticeable} functions.\\ + Finally, if $f = 1- \negl[n]$, $f$ is said to be \emph{overwhelming}. +\end{definition} Once that we define the notions related to the core of the proof, we have to define the objects on what we work on. Namely, defining what we want to prove, and the hypotheses on which we rely, also called ``hardness assumption''. @@ -279,6 +281,4 @@ Therefore, the existence of a simulator $\widehat{\adv}$ that does not use $pk$ For $\PKE$, the simulation-based definition for chosen plaintext security is the same as the indistinguishability security~\cite[Se. 5.2.3]{Gol04}. As indistinguishability based model are easier to manipulate, that's why this is the most common definition for security against chosen plaintext attacks for $\PKE$. For other primitives, such as Oblivious Transfer ($\OT$) described in Chapter~\ref{ch:ac-ot}, the simulation-based definitions are strictly stronger than indistinguishability definitions~\cite{CF01}. -Therefore, it is preferable to have security proofs of the strongest possible definitions in theoretical cryptography. - - +Therefore, it is preferable to have security proofs of the strongest \emph{possible} definitions in theoretical cryptography.