Small rewriting
This commit is contained in:
parent
19440fa656
commit
723cc66560
@ -102,9 +102,11 @@ In cryptology, it is also important to consider the success probability of algor
|
|||||||
an attack is successful if the probability that it succeed is noticeable.
|
an attack is successful if the probability that it succeed is noticeable.
|
||||||
|
|
||||||
\index{Negligible function}
|
\index{Negligible function}
|
||||||
\scbf{Notation.} Let $f : \NN \to [0,1]$ be a function. The function $f$ is said to be \emph{negligible} if $f(n) = n^{-\omega(1)}_{}$, and this is written $f(n) = \negl[n]$.
|
\begin{definition}[Negligible, noticeable, overwhelming probability] \label{de:negligible}
|
||||||
Non-negligible functions are also called \emph{noticeable} functions.
|
Let $f : \NN \to [0,1]$ be a function. The function $f$ is said to be \emph{negligible} if $f(n) = n^{-\omega(1)}_{}$, and this is written $f(n) = \negl[n]$.\\
|
||||||
And if $f = 1- \negl[n]$, $f$ is said to be \emph{overwhelming}.
|
Non-negligible functions are also called \emph{noticeable} functions.\\
|
||||||
|
Finally, if $f = 1- \negl[n]$, $f$ is said to be \emph{overwhelming}.
|
||||||
|
\end{definition}
|
||||||
|
|
||||||
Once that we define the notions related to the core of the proof, we have to define the objects on what we work on.
|
Once that we define the notions related to the core of the proof, we have to define the objects on what we work on.
|
||||||
Namely, defining what we want to prove, and the hypotheses on which we rely, also called ``hardness assumption''.
|
Namely, defining what we want to prove, and the hypotheses on which we rely, also called ``hardness assumption''.
|
||||||
@ -279,6 +281,4 @@ Therefore, the existence of a simulator $\widehat{\adv}$ that does not use $pk$
|
|||||||
For $\PKE$, the simulation-based definition for chosen plaintext security is the same as the indistinguishability security~\cite[Se. 5.2.3]{Gol04}.
|
For $\PKE$, the simulation-based definition for chosen plaintext security is the same as the indistinguishability security~\cite[Se. 5.2.3]{Gol04}.
|
||||||
As indistinguishability based model are easier to manipulate, that's why this is the most common definition for security against chosen plaintext attacks for $\PKE$.
|
As indistinguishability based model are easier to manipulate, that's why this is the most common definition for security against chosen plaintext attacks for $\PKE$.
|
||||||
For other primitives, such as Oblivious Transfer ($\OT$) described in Chapter~\ref{ch:ac-ot}, the simulation-based definitions are strictly stronger than indistinguishability definitions~\cite{CF01}.
|
For other primitives, such as Oblivious Transfer ($\OT$) described in Chapter~\ref{ch:ac-ot}, the simulation-based definitions are strictly stronger than indistinguishability definitions~\cite{CF01}.
|
||||||
Therefore, it is preferable to have security proofs of the strongest possible definitions in theoretical cryptography.
|
Therefore, it is preferable to have security proofs of the strongest \emph{possible} definitions in theoretical cryptography.
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user