Questions tagged [advantage]
11 questions
3
votes
0 answers
Should I normalize adversary's advantage in IND-XXX Game?
The Cryptography made simple (page 207, under Fig 11.12)(Nigel Smart) say that adversary's advantage of IND-PASS Game is $Adv1 = 2\times|Pr[b=b']-\frac{1}{2}|$.
The reason for multiplying by 2 is to normalize advantage from $[0,\frac{1}{2}]$ to…
apapapa
- 131
- 2
2
votes
2 answers
Understanding Adversary's Advantage for Target Key Recovery in Ideal Cipher Model
In the ideal cipher model, a block cipher is modeled by a different, independent random permutation for every key.
Let $$ \mathcal{A}_{q}^{\text{IC-EKS}} $$ be a ( q )-query exhaustive key-search adversary in the ideal cipher model.
and…
CrypticPotato
- 21
- 4
2
votes
1 answer
Reduction from Distinguisher to Indishtinguishability
Content and Informal Problem
Suppose a protocol $\pi$ doing an arbitrary task between two users A and B. I only know that $\pi$ relies on a IND-CPA symmetric encryption scheme $\mathcal{E} = $(KeyGen, Enc, Dec). In details, A holds a key $k$ in…
gamarcad
- 23
- 3
2
votes
1 answer
About the definition of distinguishing advantage and computational indistinguishability
Given a polynomial-time adversary $A$ with binary output, the distinguishing advantage of $A$ with respect two games $G, H$ is defined…
AYun
- 858
- 7
- 13
1
vote
1 answer
What is the definition of semantic secure advantage?
I'm doing sequence-of-game formal security analysis for key exchange protocol. It confuses me a lot how to calculate the adversary's semantic secure (SS) advantage. In Shoup's tutorial "sequences of games: a tool for taming complexity in security…
Chandler
- 39
- 5
1
vote
1 answer
A smaller modulus-to-noise ratio means more security in LWE
Let $\text{Adv}^{\text{DLWE}}_{n,m,q,\sigma}$ be the advantage of an attacker to distinguish LWE samples from uniform ones, where $m$ is the number of samples, $q$ the modulus and $\sigma$ the standard deviation of the error distribution.
I can't…
C.S.
- 515
- 3
- 10
1
vote
0 answers
Proving 2-way nesting security
I recently came across the theorem about $n$-way nesting. It states that if $\mathcal{E}=(E, D)$ is semantically secure, then $\mathcal{E}$ is secure for $n$-way nesting. I'm trying to prove the specific case of $n=2$. For the encryption…
libre
- 21
- 1
1
vote
1 answer
Computing the advantage when checking PRF
I am reading a pdf on pseudorandom function I found here https://www.cs.utexas.edu/~dwu4/courses/sp21/static/reductions.pdf
My problem/struggle is with the computation of the distinguisher's $B$ advantage.
According to the notes $b=0$ means that $B$…
tonythestark
- 173
- 6
0
votes
1 answer
How to understand the "Authenticity" and "Privacy" of CCM-mode encryption scheme?
CCM mode refers to CTR+ CBC-MAC encryption mode.
Based on this paper, the adversary's advantages against the authenticity of CCM is:
Eq(1)
Authenticity: it should be infeasible for an adversary to forge a valid ciphertext without knowing the secret…
Chandler
- 39
- 5
0
votes
0 answers
MAC Security - MAC verification queries
In the applied cryptography book by Boneh and Shoup, Chapter 6 on MACs, it is stated that an adversary that is also capable of requesting the challenger for verification queries (in addition to signing queries) is not stronger than an Adversary that…
Evgeni Vaknin
- 1,155
- 8
- 20
0
votes
0 answers
On showing an Inequality on a Generalized Decisional Diffie-Hellman Problem
This paper talks about a generalization of the Decisional Diffie-Hellman problem over different polynomial exponents of the base generator to be given and be distinguished from each other. Throughout this question I'll be using jargon and notation…
fifteententwenty
- 11
- 1