Re: Question on definition of semantic security: why "probability ensemble"?

Sergei <silentser@xxxxxxxxx> wrote:

Kristian Gjøsteen wrote:
Sergei <silentser@xxxxxxxxx> wrote:
Pr[A(E_k(X_n))=1] < Pr[A'(lengthof(X_n))=1] + 1/poly(n)

I'm afraid you've messed up this definition.

Hmm... where? Of course, I didn't include all the argumetns of the
algorithms A and A', but I don't see what is so wrong here?

Try an A' that always outputs 1.

(The probability ensemble represents the adversary's a priori
knowledge about the plaintext.)

Not really.

You're right, actually. I'm mixing different definitions. Sorry.

I think the latter version best captures the cryptographic thinking,
but I guess they would be equivalent. You should prove that, of course.

It also seems so to me. But on the other hand, why making the defintion
more complex?

Is it really more complex? Anyway, there can be many reasons for choosing
a more complex definition over a simpler definition.

(When I've used semantic security, I've used different, but equivalent,
definitions because those definitions make later proofs easier.)

Kristian Gjøsteen