The security-definition tag has no wiki summary.
3
votes
1answer
67 views
Proof that IND$-CPA implies IND-CPA?
I've read a few papers recently that used a notion of security called "indistinguishability from random bits/strings" under chosen plaintext attack, also called IND\$-CPA. See e.g. ...
4
votes
2answers
215 views
Why is AES considered to be secure?
The security of RSA is based on the integer factorization problem, which is a very well defined and understood mathematical problem. This problem must be solved in order to fundamentally break RSA.
...
0
votes
0answers
46 views
S/MIME illustration
I'am trying to illustrate complete process of sending message encrypted by S/MIME with triple-encapsulation.
Here is the illustration that I have done.
Please comment. I think I am missing ...
1
vote
1answer
102 views
a possibly stronger type of attack on identity-based encryption
What is known about the security of identity-based encryption schemes
against attacks that involve seeing multiple ciphertexts and then
receiving the private keys corresponding to some of ...
1
vote
0answers
61 views
Ideal system for an encryption scheme
What is the ideal system for an encryption scheme ? For a pseudorandom permutation the ideal one is a random permutation, for a pseudorandom function the ideal one is a random function. For an ...
3
votes
1answer
121 views
Formal definition of (perfect) forward security/secrecy
In recent weeks the concept of (perfect) forward security/secrecy has
been mentioned a lot, primarily in the context of the shocking
revelations about NSA eavesdropping. As far as I'm aware, this ...
0
votes
1answer
24 views
Signature with appendix
I see sometimes signatures schemes with appendix. This is about signatures schemes in which the message is needed in the verification algorithm, that is, the ouput of the signature algorithm is of the ...
1
vote
2answers
62 views
Differential privacy definition
Differential privacy defines "privacy" of a mechanism $A$ as the "closeness" of the two distribution $Pr[A(D) \in S]$ and $Pr[A(D') \in S]$ where $D,D'$ differ in one element. And the distance between ...
3
votes
1answer
125 views
Proofs of security methodologies
I'm looking for course material on the subject of proofs, reductions, and games, as used to prove cryptographic schemes secure. What are the methodologies? What are the preferred ones? In what cases ...
2
votes
2answers
300 views
Why is a non fixed-length encryption scheme worse than a fixed-length one?
I have the following definition (highlights by me):
An (efficient secret-key) encryption scheme $(Gen,Enc,Dec)$, where $Gen$ and $Enc$ are PPT algorithms and $Dec$ is a Deterministic Polytime ...
3
votes
2answers
447 views
Perfect security definitions
In my notes, there are 2 definitions of perfect security:
"For $M \in \{0,1\}^m$, define the distribution $D_M$ on strings as follows: to choose a random member of $D_M$, choose a random $K \in ...
2
votes
1answer
169 views
Exact mathematical definition of simulation based security?
I've been trying to understand cryptographic protocols and how to define their security. The problem is that while I can understand what the intuitive definition says, I have trouble understanding how ...
1
vote
2answers
489 views
Simply put, what does perfect secrecy means?
I would like to ask for a clear (but maybe not so deep) explanation of what the term "perfect secrecy" means.
As far as I have researched and understood, it has to do with probabilities of assuming ...
