Highest Voted 'proof' Questions - Cryptography Stack Exchange

6

votes

0 answers

Can the XOR of PRFs Achieve BBB Security?

Many papers have demonstrated that the XOR of two random permutations (PRPs) is beyond-birthday-bound (BBB) secure. However, I have not found similar research results for the XOR of two random functions (PRFs). Is it possible to transfer the BBB…

asked Jan 23 '25 at 01:04

Ji Li

137
8

4

votes

1 answer

How to prove that 2nd preimage resistance implies preimage resistance [with large enough compression factor]

Question I wanted to learn a bit about the relationship between different properties of cryptographic hash functions, so I looked at the appropriate chapter in the Boneh-Shoup cryptography textbook. Page 337 gives the implication…

hash preimage-resistance 2nd-preimage-resistance proof

asked Jan 03 '25 at 19:46

Person

66
4

4

votes

1 answer

How can I understand the gap between CPA and CCA1?

I have read lots of books about CPA,CCA1,CCA2. I understand how to get an example satisfies CPA but not CCA2. However, I can't find such a scheme which is CPA but not CCA1. What is the extra advantage by lunch attack?

encryption rsa elgamal-encryption proof cca1

asked Mar 08 '24 at 09:54

Wang Xingwang

55
4

4

votes

1 answer

Origin of "abort" in cryptography proofs

It's a very standard move in a game-based security proof to have a transition in which we "abort" on some event such as a hash collision; the two games are identical apart from the abort step, and we add the probability of the abort to the advantage…

terminology game proof

asked Oct 30 '23 at 19:55

Paul Crowley

247
1
10

3

votes

2 answers

Spliting Random Oracle into multiple Random Oracles

I'm currently working on a proof in the random oracle model, where a single random oracle is used in multiple places. Each use is domain-separated so I was thinking of representing it as multiple random oracles for simplicity. Is this valid for the…

random-oracle-model proof

asked Apr 25 '24 at 10:38

Matthew

33
4

2

votes

0 answers

Proof of Pedersen VSS

How to proof Pedersen Verifiable secret sharing using a game-based proof and reduct to the discrete logarithm problem? Are there any papers that can be referenced?

discrete-logarithm secret-sharing proof pedersen-commitment verifiable-encryption

asked Jan 19 '25 at 08:00

user105684

41
2

2

votes

1 answer

How to define anonymity in cryptography and how to prove the anonymity of a security solution?

I'm currently finishing an essay on constructing a security solution focused on identity anonymity. However, I'm unclear about the formal definition of anonymity in the cryptography, as well as the proof methods used to establish it. Could anyone…

terminology security-definition anonymity proof

asked Nov 03 '24 at 09:19

zhou jay_z

23
2

2

votes

0 answers

Prove equivalence of definitions of statistical distance

Let $P$ and $Q$ be two distributions over a finite set $U$. Given I already proved the following definitions are equilivant: $$ SD(P, Q) = \underset{S⊆U}{max} \ \left\{ \underset{x←P}{Pr} [x ∈ S] − \underset{x←Q}{Pr}[x ∈ S] \right\} $$ $$ SD(P,Q) =…

proof statistical-distance

asked Jun 17 '24 at 14:27

qqq

33
4

2

votes

1 answer

Is semantic security equvalent to IND-CPA?

Is semantic security equivalent to IND-CPA? If a PKE scheme like ElGamal is semantically secure, can we say it is IND-CPA? What's the relationship between semantic security and IND-CPA?

encryption chosen-plaintext-attack semantic-security proof

asked Apr 25 '24 at 10:09

Jeffrey

137
5

2

votes

1 answer

Semantic security of ElGamal

On pages 9-11 of the paper Sequence of games, Shoup provides a detailed proof of the semantic security of a hashed EleGamal. However, he only claims security goals. I would like to know what the attack/adversary model is: EVA, CPA or CCA.

encryption proof

asked Apr 24 '24 at 02:04

Jeffrey

137
5

1

vote

1 answer

How to complete security definition

I am a beginner and I am constructing a security model for the public key scheme I built. I have only come into contact with classic models such as IND-CPA or IND-CCA. My scheme cannot reach IND, so I want to adopt the security model of OW-CPA. Can…

encryption public-key proof

asked Apr 25 '25 at 09:01

zixiao xu

163
8

1

vote

1 answer

Has the Regev PKE pseudorandom ciphertexts?

I was wondering if the following claim is true. Claim. Under decisional ${\sf LWE}_{q,m,n,\chi}$, the Regev PKE scheme $\Pi=(\sf KG,Enc,Dec)$ has pseudorandom ciphertexts. Suppose for contradiction that there exists an adversary ${\cal A}$ that can…

lwe probability reduction proof

asked Mar 08 '25 at 15:48

Chris

266
2
11

1

vote

1 answer

Prefix Free secure PRF Security strength

This question is in regards to "A Graduate Course in Applied Cryptography" by Boneh-Shoup, section 6.4.1 "The CBC prefix-free secure PRF". In the proof for the security strength of prefix free CBC construction, they introducing the component…

block-cipher cbc modes-of-operation collision-attack proof

asked Feb 28 '25 at 05:42

Evgeni Vaknin

1,155
8
20

1

vote

1 answer

What does Balloon's theorem really mean?

Balloon's theorem says: Questions: Am I understanding the variables correctly? $n$ is number of blocks the user chooses. $r$ is number of rounds the user chooses. $\delta$ is number of pseudorandom dependencies the user chooses per-round…

brute-force-attack memory-hard proof balloon balloon-hashing

asked Jan 22 '25 at 13:47

caveman

721
3
15

1

vote

1 answer

Why does iO imply OWF according to Gentry's explanation?

I bumped into this presentation from Craig Gentry in which he explains why iO implies OWF under the assumption that NP is not in BPP. Can you help me understand the proof he provides? I especially don't get why the adversary would succeed in…

one-way-function proof io

asked Nov 30 '24 at 12:36

Enrico Bottazzi

33
3

Questions tagged [proof]