Re: A question on indistinguishabilty definition
- From: "Sergei" <silentser@xxxxxxxxx>
- Date: 25 Sep 2006 14:43:46 -0700
David Wagner wrote:
Sergei wrote:
Does it make any sense to require for a deterministic encryption scheme
to provide indistinguishability for two sets, each consisting of unique
plaintexts (the sets themselves can intersect)? By such scheme I
understand a scheme that reveals nothing but a distribution of
plaintexts (unlike one-time-pad that, for example, can reveals
exclusive-or of two plaintexts).
I don't understand the question. Can you explain? Also, is this
property implied by IND-CPA, or not?
The two-time pad reveals the xor of two plaintexts, yes. The one-time
pad does not, because any given pad is (must be) used only once.
I mean that if {a_1,...a_l} and {b_1,...,b_l} are sets of plaintexts,
where a_i != a_j and b_i != b_j then is it possible to have such
DETERMINISTIC encryption scheme (K,E,D) that {E_k(a_1),...,E_k(a_l)}
and {E_k(b_1),...,E_k(b_l)} are indistinguishable.
One-time-pad, obviously, fails here, but are there deteministic schemes
posessing such property?
I'm asking this because I want to use a deterministic cipher in my
application and I'm looking for an "intermediate" security definition
that, on the one hand, will filter out such weak candidates as
one-time-pad but, from the other hand, will allow the scheme to remain
deterministic. And, of course, I consider only passive adversaries.
.
- References:
- A question on indistinguishabilty definition
- From: Sergei
- Re: A question on indistinguishabilty definition
- From: David Wagner
- A question on indistinguishabilty definition
- Prev by Date: Re: A question on indistinguishabilty definition
- Next by Date: Re: A question on indistinguishabilty definition
- Previous by thread: Re: A question on indistinguishabilty definition
- Next by thread: National Security Agency Crypto History Document Indices Published Online
- Index(es):
Relevant Pages
|
|
