Search results
Results From The WOW.Com Content Network
According to Wikipedia, the IND-CPA game is: The challenger generates a key pair PK, SK based on some security parameter k (e.g., a key size in bits), and publishes PK to the adversary. The
As today, after a huge effort and time spent on the factorisation problem, we dont have any efficient algorithm to factorise, that proves that the adversary do no extist, so the scheme is IND-CPA or IND-CCA secure. $\endgroup$ –
Any efficient (LOR) IND-CPA adversary with an advantage of $\epsilon$ can be translated into an IND\$-CPA adversary with polynomially similar efficiency and an advantage of $\frac{\epsilon}{2}$. Thus, if the IND-CPA advantage is large (meaning the encryption scheme is insecure in that sense) then the IND\$-CPA advantage will also be large ...
Which means basically that in the IND-CPA game, the adversary has the right to perform a polynomially bounded number of encryptions or other operations, before sending the two plaintexts to the challenger, which will choose one and return its encryption to the adversary, who must now guess to which plaintexts it corresponds.
Replacing the KDF with AES is as secure as the above construction, as this mode is called CTR-mode, which is proven to be IND-CPA secure. For practical purposes, as there are better solutions, which already provide higher security levels (IND-CCA2).
If there exists an IND-CPA symmetric encryption scheme (where the key is shorter than the total length of the messages, i.e., the scheme is not the OTP), then there are one-way functions. A sequence of articles have shown how to construct pseudorandom generators out of OWFs (culminating with this paper ).
In the 'adaptive' FTG-CPA (the version described in the linked paper), the Adversary continues to be able to query the encryption oracle after receiving the challenge (and prior to making its guess). By the way, the FTG notion is only one variant of IND-CPA. There is also the Left Or Right (LOR) notion, and the Real OR Random (ROR) notions.
If the Discrete Diffie-Hellman problem is hard (i.e. if the DDH assumption holds), El Gamal is IND-CPA secure." which is stated here along with the proof. So we have adversary A that has a non-negligible advantage with CPA and we are trying to build adversary B that can break DDH.
Therefore I can build a Reduction: R can simulate the CPA game with A and just gives the messages of A to his challenger and the response back to A. R then outputs the result of A. Because A has a non negligible probability in breaking #2, R also has a non negligible probability in breaking #1, which gives a contradiction to the basic assumption
IND-CPA security is a security notion specifically related to encryption schemes. OWF and OWP are not encryption schemes, hence they cannot be said "IND-CPA secure"; however, one can construct an IND-CPA symmetric encryption scheme from any OWF, or OWP. (for asymmetric encryption schemes, stronger primitives are needed).