On pages 9-11 of the paper Sequence of games, Shoup provides a detailed proof of the semantic security of a hashed EleGamal. However, he only claims security goals. I would like to know what the attack/adversary model is: EVA, CPA or CCA.
Asked
Active
Viewed 108 times
1 Answers
2
The attacker model is given in the initial attack games. For hashed ElGamal, see Attack Game 0. Roughly, semantic security, as defined in Shoup's paper, is similar to CPA security because the attacker is not allowed to encrypt queries. In the PKE setting, these two notions are equivalent, although the advantages should account for the number of encryption queries.
As a side note, attacker capabilities are usually part of the security goals, namely whatever the security game defines. It's another question whether the security definition is then meaningful. However, it's possible to define security meaningfully without explicitly talking about “an adversary”.
Marc Ilunga
- 4,042
- 1
- 13
- 24