Re: Question on definition of semantic security: why "probability ensemble"?




Kristian Gjøsteen wrote:
Sergei <silentser@xxxxxxxxx> wrote:
Pr[A(E_k(X_n))=1] < Pr[A'(lengthof(X_n))=1] + 1/poly(n)

I'm afraid you've messed up this definition.

Hmm... where? Of course, I didn't include all the argumetns of the
algorithms A and A', but I don't see what is so wrong here?

(The probability ensemble represents the adversary's a priori
knowledge about the plaintext.)

Not really. In order to introduce the adversary's a priori knowledge
about the plaintext, algorithms A and A' get an additional argument
h(X_n), which is a function of a plaintext, again represented by the
probability ensemble.

I think the latter version best captures the cryptographic thinking,
but I guess they would be equivalent. You should prove that, of course.

It also seems so to me. But on the other hand, why making the defintion
more complex?

Sergei

.



Relevant Pages