Symmetric Encryption (SE): Difference between revisions
No edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 12: | Line 12: | ||
* <math>\mathsf{Enc}_k(m) \to c</math>, is a randomized function that takes a key <math>k\in \mathcal{K}</math> and plaintext message <math>m\in \mathcal{M}</math>, and outputs a ciphertext <math>c\in \mathcal{C}</math>, | * <math>\mathsf{Enc}_k(m) \to c</math>, is a randomized function that takes a key <math>k\in \mathcal{K}</math> and plaintext message <math>m\in \mathcal{M}</math>, and outputs a ciphertext <math>c\in \mathcal{C}</math>, | ||
* <math>\mathsf{Dec}_k(c) \to m</math>, is a deterministic function that takes a key <math>k\in \mathcal{K}</math> and ciphertext <math>c\in \mathcal{C}</math>, and outputs a plaintext message <math>m\in \mathcal{M}</math>. | * <math>\mathsf{Dec}_k(c) \to m</math>, is a deterministic function that takes a key <math>k\in \mathcal{K}</math> and ciphertext <math>c\in \mathcal{C}</math>, and outputs a plaintext message <math>m\in \mathcal{M}</math>. | ||
=== Correctness === | |||
A SE scheme is ''correct'' if for all <math>m\in \mathcal{M}</math>, there exists a negligible function <math>\nu</math>, such that | |||
<center><math> | |||
\Pr[\mathsf{Dec}_k(\mathsf{Enc}_k(m)) = m] \ge 1 - \nu(\lambda), | |||
</math></center> | |||
where <math>k\gets \mathsf{Gen}(1^{\lambda})</math>. | |||
=== Chosen Plaintext Attack (CPA) Security === | === Chosen Plaintext Attack (CPA) Security === |
Latest revision as of 02:37, 5 July 2024
A Symmetric Encryption (SE) scheme is a primitive that allows someone to encrypt plaintext into a ciphertext under a key and then to decrypt the ciphertext under the same key. It is a widely used primitive with many formal definitions of strengths.
Formal Definition
Syntax
A Symmetric Encryption (SE) scheme is a tuple of efficient functions , with respect to a keyspace , plaintext space , and ciphertext space , such that:
- , is a randomized function that takes a security parameter, and outputs a key ,
- , is a randomized function that takes a key and plaintext message , and outputs a ciphertext ,
- , is a deterministic function that takes a key and ciphertext , and outputs a plaintext message .
Correctness
A SE scheme is correct if for all , there exists a negligible function , such that
where .
Chosen Plaintext Attack (CPA) Security
A SE scheme is CPA-secure if for all efficient adversaries , there exists a negligible function , such that
where , is a uniformly random bit, and .
Chosen Ciphertext Attack (CCA) Security
A SE scheme is CCA-secure if for all admissible efficient adversaries , there exists a negligible function , such that
where , is a uniformly random bit, and . Further, we say an adversary is admissible if it never queries on an output of .
The difference in this definition is that we additionally give the adversary access to a decryption oracle. This is a strictly stronger definition than SE#CPA-security.
Indistinguishable from Random CPA (IND-CPA) Security
A SE scheme is IND-CPA-secure if for all efficient adversaries , there exists a negligible function , such that
where and is a random function from .
This security definition is also a stronger definition than CPA-security as it additionally restricts the distribution of ciphertexts produced by an encryption algorithm.
Relationship to other primitives
Sufficient assumptions
See the sufficient assumptions for OWFs.
Variations
Other Notes
- Other security definitions, named CCA1 and CCA2, exist and have historically been confused with the CCA notion outlined above