Symmetric Encryption (SE): Difference between revisions

From Cryptology City
Jump to navigation Jump to search
(Created page with "<noinclude> Category:Primitives Category:Minicrypt A Symmetric Encryption (SE) scheme is a primitive that allows someone to encrypt plaintext into a ciphertext under a key and then to decrypt the ciphertext under the same key. It is a widely used primitive with many formal definitions of strengths. == Formal Definition == === Syntax === A Symmetric Encryption (SE) scheme is a tuple of functions <math>(\mathsf{Gen}, \mathsf{Enc}, \mathsf{Dec})</math...")
 
Line 11: Line 11:
* <math>\mathsf{Gen}(1^{\lambda}) \to k</math>, is a randomized function that takes a security parameter, and outputs a key <math>k\in \mathcal{K}</math>,
* <math>\mathsf{Gen}(1^{\lambda}) \to k</math>, is a randomized function that takes a security parameter, and outputs a key <math>k\in \mathcal{K}</math>,
* <math>\mathsf{Enc}_k(m) \to c</math>, is a randomized function that takes a key <math>k\in \mathcal{K}</math> and plaintext message <math>m\in \mathcal{M}</math>, and outputs a ciphertext <math>c\in \mathcal{C}</math>,
* <math>\mathsf{Enc}_k(m) \to c</math>, is a randomized function that takes a key <math>k\in \mathcal{K}</math> and plaintext message <math>m\in \mathcal{M}</math>, and outputs a ciphertext <math>c\in \mathcal{C}</math>,
* <math>\mathsf{Dec}_k(c) \to m</math>, is a deterministic function takes a key <math>k\in \mathcal{K}</math> and ciphertext <math>c\in \mathcal{C}</math>, and outputs a plaintext message <math>m\in \mathcal{M}</math>.
* <math>\mathsf{Dec}_k(c) \to m</math>, is a deterministic function that takes a key <math>k\in \mathcal{K}</math> and ciphertext <math>c\in \mathcal{C}</math>, and outputs a plaintext message <math>m\in \mathcal{M}</math>.


=== Chosen Plaintext Attack (CPA) Security ===
=== Chosen Plaintext Attack (CPA) Security ===

Revision as of 14:22, 4 July 2024


A Symmetric Encryption (SE) scheme is a primitive that allows someone to encrypt plaintext into a ciphertext under a key and then to decrypt the ciphertext under the same key. It is a widely used primitive with many formal definitions of strengths.

Formal Definition

Syntax

A Symmetric Encryption (SE) scheme is a tuple of functions , with respect to a keyspace , plaintext space , and ciphertext space , such that:

  • , is a randomized function that takes a security parameter, and outputs a key ,
  • , is a randomized function that takes a key and plaintext message , and outputs a ciphertext ,
  • , is a deterministic function that takes a key and ciphertext , and outputs a plaintext message .

Chosen Plaintext Attack (CPA) Security

A SE scheme is CPA-secure if for all efficient adversaries , there exists a negligible function , such that

where , is a uniformly random bit, and .

Chosen Ciphertext Attack (CCA) Security

A SE scheme is CCA-secure if for all admissible efficient adversaries , there exists a negligible function , such that

where , is a uniformly random bit, and . Further, we say an adversary is admissible if it never queries on an output of .

The difference in this definition is that we additionally give the adversary access to a decryption oracle. This is a strictly stronger definition than SE#CPA-security.

Indistinguishable from Random CPA (IND-CPA) Security

A SE scheme is IND-CPA-secure if for all efficient adversaries , there exists a negligible function , such that

where and is a random function from .

This security definition is also a stronger definition than CPA-security as it additionally restricts the distribution of ciphertexts produced by an encryption algorithm.

Relationship to other primitives

Sufficient assumptions

See the sufficient assumptions for OWFs.

Variations

Other Notes

  • Other security definitions, named CCA1 and CCA2, exist and have historically been confused with the CCA notion outlined above