Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [adversarial-model]

An adversary model formally defines the power of the adversary. It includes specifics whether the adversary is deterministic/randomized, uniform/non-uniform, interactive/non-interactive and how he interacts with the security game.

An adversary model formally defines the power of the adversary. It includes specifics whether the adversary is deterministic/randomized, uniform/non-uniform, interactive/non-interactive and how he interacts with the security game.

They are often used when defining and/or describing proofs in cryptography. For example: http://crypto.stanford.edu/~ananthr/docs/crypto-proofs.pdf

80 questions
15
votes
1 answer

What is universal composability guaranteeing, specifically? Where does it apply, and where does it not?

I don't have a proper computer science education, so bear with my misunderstandings. UC is supposed to "guarantee strong security properties". From what I stand, if you have some secure protocol, such as a strong block cipher mode of operation, you…
Expectator
  • 362
  • 3
  • 10
11
votes
1 answer

Relation between attack and attack model for signatures

What is the relationship between an attack and an attack model? For example, let $\Pi$ be the Lamport signature scheme. This signature has its security based on any one-way function. The Grover algorithm, an attack, inverts this function with…
juaninf
  • 2,781
  • 3
  • 21
  • 29
11
votes
0 answers

How to build a security model

What are the minimal components to build a security model proof for a protocol? This question might seem trivial, but having read many papers-- from the IEEE, ACM, etc., that talk about a KMP-- I still don't know where to start. For example, should…
CipherX
  • 381
  • 3
  • 12
8
votes
4 answers

Automated security protocol verification tool for eCK model

I want a tool that (runs on Win7 and) can perform automated verification of a protocol in the eCK security model as described in Microsoft Research's paper "Stronger Security of Authenticated Key Exchange". Does anyone know such a tool?
T.B
  • 1,292
  • 13
  • 25
7
votes
1 answer

Difference between Generic Group Models

I'm trying to understand the difference between the (classical) Generic Group Model as it is described by Shoup [Shoup] and the somewhat restricted Generic Group Model as it is described by Schnorr and Jakobsson in [SJ00]. For clarity, I'm going to…
einsteinwein
  • 379
  • 1
  • 6
6
votes
1 answer

What are the capabilities of passive and active adversaries?

I have trouble understanding what exactly the capabilities of passive and active adversaries are on paper and in the real world.
NedStark
  • 73
  • 1
  • 4
5
votes
5 answers

How to rigorously prove that $Enc_{\Pi'(k)}(M) = Enc_{\Pi(k)}(M) || LSB(k)$ is CPA secure assuming $\Pi$ is?

Assume $\Pi$ is a CPA secure scheme. Let $\Pi'$ be a derived scheme, such that the encryption of a message $M$ is as follows: $Enc_{\Pi'(k)}(M) = Enc_{\Pi(k)}(M) || LSB(k)$, where $LSB(k)$ is the least significant bit of the randomly chosen key. Can…
mercury0114
  • 267
  • 2
  • 7
5
votes
0 answers

Explanation of the term "view" for algorithm or adversary

What is the view of an algorithm/adversary? Is view just a term used to describe the output over a set of inputs for a probabilistic algorithm? For example: Consider experiment Mac-forgeA,Π (n). In that experiment, the view of A when run as a…
Nebulous Ryan
  • 51
  • 2
5
votes
1 answer

Parameterizing adversaries with security parameters

In many cryptographic games, the adversary doesn't seem to be parameterized by the security parameter.‡ Are such games equivalent to variants in which the adversary is parameterized by the security parameter?‡‡ ‡ E.g., Bellare et al.'s IND-CPA…
user2768
  • 367
  • 4
  • 15
4
votes
1 answer

Secret sharing such that all shareholders obtain access to the secret (one shareholder can't just run off with the shares)

Say, using something like Shamir's polynomial scheme, you split a secret $x$ among $n$ people (each given a "share" of the secret) such that you need all $n$ shares to recover the secret. How can one ensure that all $n$ participants will have access…
chausies
  • 365
  • 1
  • 11
4
votes
1 answer

Is there any examples of information-theoretic secure MPC for dishonest majority against malicious adversary?

My research is to propose highly secure MPC protocol with some conditions. Especially, I want to consider that security against malicious (active) adversary dishonest majority setting information-theoretic security I know SPDZ family that achieve…
shoy700
  • 43
  • 3
4
votes
1 answer

Differential Privacy: What is the 'game' between data holder and adversary?

I have been reading the Differential Privacy (DP) literature for some time to get familiar with it. I feel comfortable with the Math and Stats foundations of it, but I am suffering a bit from the 'setting' of response release. What I don't get is,…
independentvariable
  • 227
  • 1
  • 8
4
votes
3 answers

Homomorphic & Functional encryption: Mapping unencrypted outputs to encrypted outputs using existing data

Let's assume I have datapiece A which, after being put through a model or neural network, has a known output X in the unencrypted space. When I move datapiece A into an encrypted space, and put it through an encrypted model, it becomes datapiece…
nick carraway
  • 143
  • 6
4
votes
1 answer

Comparing stronger vs. weaker assumptions

If I have to argue that an assumption A is stronger than B, should I argue this way:- An adversary breaking the security of A does not translate to breaking the security of B. But, if an adversary breaks the security of B, it can break A too.…
Cinderella
  • 307
  • 2
  • 8
4
votes
1 answer

What is an adversary type?

The term "type 1 adversary" was used and I was curious as to what determines the adversarial type's category? Is it a well defined term within the cryptographic community? Please note that I'm a beginner in this field.
user128897
  • 41
  • 1
1
2 3 4 5 6