fmouhart/thesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Uniformize math

Browse Source
This commit is contained in:
Fabrice Mouhartem
2018-04-14 11:06:00 +02:00
parent 9d478c72fc
commit 779f186db1
3 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
chap-proofs.tex
View File

@ -215,9 +215,9 @@ Two examples of security game are given in Figure~\ref{fig:sec-game-examples}: t
\centering
\subfloat[\indcpa{} game for \PKE]{
\fbox{\procedure{$\Exp{\indcpa}{\adv, b}(\lambda)$}{%
(pk,sk) \gets \mathcal E.\mathsf{keygen}(1^\lambda)\\
(pk,sk) \gets \mathcal{E}.\mathsf{keygen}(1^\lambda)\\
(m_0, m_1) \gets \adv(pk, 1^\lambda)\\
\mathsf{ct} \gets \mathcal E.\mathsf{enc}(m_b)\\
\mathsf{ct} \gets \mathcal{E}.\mathsf{enc}(m_b)\\
b' \gets \adv(pk, 1^\lambda, \mathsf{ct})\\
\pcreturn b'
}}
@ -237,7 +237,7 @@ Two examples of security game are given in Figure~\ref{fig:sec-game-examples}: t
\end{figure}
\index{Reduction!Advantage} \index{Encryption!IND-CPA}
The \indcpa{} game is an \emph{indistinguishability} game. Meaning that the goal for the adversary $\mathcal A$ against this game is to distinguish between two messages from different distributions.
The \indcpa{} game is an \emph{indistinguishability} game. Meaning that the goal for the adversary $\mathcal{A}$ against this game is to distinguish between two messages from different distributions.
To model this, for any adversary $\adv$, we define a notion of \emph{advantage} for the $\indcpa$ game as
\[
\advantage{\indcpa}{\adv}(\lambda)
@ -245,7 +245,7 @@ To model this, for any adversary $\adv$, we define a notion of \emph{advantage}
\left| \Pr\left[ \Exp{\indcpa}{\adv,1}(\lambda) = 1 \right] - \Pr\left[ \Exp{\indcpa}{\adv, 0}(\lambda) = 1\right] \right|.
\]
We say that a $\PKE$ scheme is $\indcpa$ if for any $\ppt$ $\adv$, the advantage of $\mathcal A$ in the $\indcpa$ game is negligible with respect to $\lambda$.
We say that a $\PKE$ scheme is $\indcpa$ if for any $\ppt$ $\adv$, the advantage of $\mathcal{A}$ in the $\indcpa$ game is negligible with respect to $\lambda$.
This definition of advantages models the fact that the adversary is unable to distinguish whether the ciphertext $\mathsf{ct}$ comes from the experiment $\Exp{\indcpa}{\adv, 0}$ or the experiment $\Exp{\indcpa}{\adv, 1}$.
Which means that the adversary cannot get a single bit of information about the ciphertext.
@ -288,7 +288,7 @@ there exists a $\ppt$ \emph{simulator} $\widehat{\adv}'$ --\,in the \emph{Ideal
In other words, it means that the information that $\widehat{\adv}$ obtains from its interaction with the challenger $\cdv$ does not allow $\widehat{\adv}$ to do more things that what it can do with blackbox accesses to the functionality.
In the context of $\PKE$, the functionality is the access to the public key $pk$ as described in Line 2 of $\Exp{\indcpa}{\adv, b}(\lambda)$.
Therefore, the existence of a simulator $\widehat{\adv}$ that does not use $pk$ shows that $\mathcal A$ does not learn anything from $pk$.
Therefore, the existence of a simulator $\widehat{\adv}$ that does not use $pk$ shows that $\mathcal{A}$ does not learn anything from $pk$.
For $\PKE$, the simulation-based definition for chosen plaintext security is the same as the indistinguishability security~\cite[Se. 5.2.3]{Gol04}.
As indistinguishability based model are easier to manipulate, that's why this is the most common definition for security against chosen plaintext attacks for $\PKE$.