An encryption scheme is secure if an attacker gets no information about the plaintext s from the ciphertext s Attack scenarios threat models ciphertext only attack single ciphertext multiple ciphertexts same key Known plaintext attack Chosen plaintext attack Attacker also gien m i Enc k m i Attacker gets m i Enc k m i where m are chosen by the attacker Chosen ciphertext attack In addition to chosen plaintext attack the attacker is also given c i Dec k c i for c of the attackers choice A lot of times a scheme may be theoretically secure but it s implementation may be susceptible to attack Ch 2 K key space C ciphertext space K and all m in M the set of all keys that can be outputted by Gen the set of all cipertexts that can be outputted by Enc k m for all k in Gen defines a distribution over K k random variable denoting the key e g for the shift cipher Pr k 7 1 26 For some assumed distribution over M let m be a random variable denoting the message m and k are independent These define a distribution over C c is a random variable denoting the ciphertext An encrption scheme Gen Enc Dec over message space M is perfectly secure if for all distributions over M all m in M and all c in C Pr M m C c Pr M m aka viewing the ciphertext gives you no additional information about the plaintext equivalent to Pr Enc k m c Pr Enc k m c
View Full Document