Processing math: 100%
Skip to main content
Library homepage
 

Text Color

Text Size

 

Margin Size

 

Font Type

Enable Dyslexic Font
Engineering LibreTexts

Search

  • Filter Results
  • Location
    • There are no locations to filter by
  • Classification
    • Article type
    • Author
    • Set as Cover Page of Book
    • License
    • Show TOC
    • Transcluded
    • OER program or Publisher
    • Autonumber Section Headings
    • License Version
    • Print CSS
  • Include attachments
Searching in
About 108 results
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/08%3A_Security_against_Chosen_Plaintext_Attacks/8.04%3A_Exercises
    Let be an encryption scheme, and suppose there is a program A that recovers the key from a chosen plaintext attack. Construction 7.4 is a randomized encryption scheme, but w...Let be an encryption scheme, and suppose there is a program A that recovers the key from a chosen plaintext attack. Construction 7.4 is a randomized encryption scheme, but we could also consider defining it as a nonce-based scheme, interpreting r as the nonce: Enc(k,r,m)=(r,F(k,r)m). (b) Prove that the scheme has CPA security if at least one of {Σ1,Σ2} has CPA security.
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/05%3A_Basing_Cryptography_on_Limits_of_Computation/5.04%3A_Birthday_Probabilities_and_Sampling_with_out_Replacement
    We can use both of these upper and lower bounds on ex to show the following: \[\prod_{i=1}^{q-1}\left(1-\frac{i}{N}\right) \leqslant \prod_{i=1}^{q-1} e^{-\frac{i}{N}}=e^{-\sum_{i=1}^{q-1} \fr...We can use both of these upper and lower bounds on ex to show the following: q1i=1(1iN)q1i=1eiN=eq1i=1iN=eq(q1)2N10.632q(q1)2N. With the last inequality we used the fact that q2N, and therefore q(q1)2N1 (this is necessary to apply the inequality ex10.632x ).
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/07%3A_Pseudorandom_Functions_and_Block_Ciphers
    A pseudorandom generator allows us to take a small amount of uniformly sampled bits, and “amplify” them into a larger amount of uniform-looking bits. A PRG must run in polynomial time, so the length o...A pseudorandom generator allows us to take a small amount of uniformly sampled bits, and “amplify” them into a larger amount of uniform-looking bits. A PRG must run in polynomial time, so the length of its pseudorandom output can only be polynomial in the security parameter. But what if we wanted even more pseudorandom output? Is it possible to take λ uniformly sampled bits and generate 2λ pseudorandom bits?
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/03%3A_The_Basics_of_Provable_Security/3.01%3A_How_to_Write_a_Security_Definition
    "an encryption scheme is a good one if encryptions of mL look like encryptions of mR to an attacker, when each key is secret and used to encrypt only one plaintext, even when the attacke..."an encryption scheme is a good one if encryptions of mL look like encryptions of mR to an attacker, when each key is secret and used to encrypt only one plaintext, even when the attacker chooses mL and mR.
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/03%3A_The_Basics_of_Provable_Security
    This chapter is about the fundamental skills that revolve around security definitions: how to write them, how to understand & interpret them, how to prove security using the hybrid technique, and how ...This chapter is about the fundamental skills that revolve around security definitions: how to write them, how to understand & interpret them, how to prove security using the hybrid technique, and how to demonstrate insecurity using attacks against the security definition.
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/07%3A_Pseudorandom_Functions_and_Block_Ciphers/7.06%3A_Strong_Pseudorandom_Permutations
    In the exercises, you will see that it is possible to construct F which is a secure PRP, whose inverse F1 is not a secure PRP! An even stronger requirement would allow the distinguisher to...In the exercises, you will see that it is possible to construct F which is a secure PRP, whose inverse F1 is not a secure PRP! An even stronger requirement would allow the distinguisher to query both F and F1 in a single interaction (rather than one security definition where the distinguisher queries only F, and another definition where the distinguisher queries only F1 ).
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/08%3A_Security_against_Chosen_Plaintext_Attacks
    Our previous security definitions for encryption capture the case where a key is used to encrypt only one plaintext. Fortunately we have arranged things so that we get the "correct" security definitio...Our previous security definitions for encryption capture the case where a key is used to encrypt only one plaintext. Fortunately we have arranged things so that we get the "correct" security definition when we modify the earlier definition in a natural way. We say that Σ has security against chosen-plaintext attacks (CPA security) if LΣcpa-L LΣcpa-R , where:
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/00%3A_Front_Matter/04%3A_Preface
    For example, suppose an encryption scheme was insecure because the XOR of the first two output blocks is the same as the XOR of the third and fourth output blocks. In these notes, the thingamajig-secu...For example, suppose an encryption scheme was insecure because the XOR of the first two output blocks is the same as the XOR of the third and fourth output blocks. In these notes, the thingamajig-security of A gives the student a new constructive rewriting rule that can be placed in his/her toolbox and used to bridge hybrids when proving the doohickey-security of B.
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/13%3A_Authenticated_Encryption_and_AEAD/13.01%3A_Definitions
    The two libraries are different from each other in two major ways: whether the calling program sees real ciphertexts or random strings (that have nothing to do with the given plaintext), and whether t...The two libraries are different from each other in two major ways: whether the calling program sees real ciphertexts or random strings (that have nothing to do with the given plaintext), and whether the calling program sees the true result of decryption or an error message. By making a distinction between plaintext and associated data separately in AEAD, the ciphertext length can depend only on the length of the plaintext, and not depend on the length of the associated data.
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/16%3A_Public-Key_Encryption/16.04%3A_Hybrid_Encryption
    \[\begin{aligned} \operatorname{Dec}(s k, \operatorname{Enc}(p k, m)) &=\operatorname{Dec}\left(s k,\left(\Sigma_{\text {pub }} \cdot \operatorname{Enc}(p k, t k), \Sigma_{\text {sym }} \cdot \operato...\[\begin{aligned} \operatorname{Dec}(s k, \operatorname{Enc}(p k, m)) &=\operatorname{Dec}\left(s k,\left(\Sigma_{\text {pub }} \cdot \operatorname{Enc}(p k, t k), \Sigma_{\text {sym }} \cdot \operatorname{Enc}(t k, m)\right)\right) \\ &=\Sigma_{\text {sym }} \cdot \operatorname{Dec}\left(\Sigma_{\text {pub }} \cdot \operatorname{Dec}\left(s k, \Sigma_{\text {pub }} \cdot \operatorname{Enc}(p k, t k)\right), \Sigma_{\text {sym }} \cdot \operatorname{Enc}(t k, m)\right) \\ &=\Sigma_{\text {sym }…
  • https://eng.libretexts.org/Under_Construction/Book%3A_The_Joy_of_Cryptography_(Rosulek)/05%3A_Basing_Cryptography_on_Limits_of_Computation/5.03%3A_Indistinguishability
    \[\begin{gathered} =\left|\begin{array}{c} \left(\operatorname{Pr}\left[\mathcal{A} \diamond \mathcal{L}_{\text {left }} \Rightarrow 1 \mid \mathcal{B}_{\text {left }}\right] \cdot p^{*}+\operatorname...\[\begin{gathered} =\left|\begin{array}{c} \left(\operatorname{Pr}\left[\mathcal{A} \diamond \mathcal{L}_{\text {left }} \Rightarrow 1 \mid \mathcal{B}_{\text {left }}\right] \cdot p^{*}+\operatorname{Pr}\left[\mathcal{A} \diamond \mathcal{L}_{\text {left }} \Rightarrow 1 \mid \overline{\mathcal{B}_{\text {left }}}\right]\left(1-p^{*}\right)\right) \\ -\left(\operatorname{Pr}\left[\mathcal{A} \diamond \mathcal{L}_{\text {right }} \Rightarrow 1 \mid \mathcal{B}_{\text {right }}\right] \cdot p^{*…

Support Center

How can we help?