Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [semantic-security]

produces ciphertext that, by itself, does not reveal information about the original message besides its length

A semantically secure encryption scheme produces ciphertext that, by itself, does not reveal information about the original message besides its length.

119 questions
75
votes
1 answer

Easy explanation of "IND-" security notions?

There are many schemes that can advertise themselves with certain security notions, usually IND-CPA or IND-CCA2, for example plain ElGamal has IND-CPA security but doesn't provide IND-CCA security. The most common ones are the "IND-" ones,…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
14
votes
7 answers

Possibility of Chosen Plaintext Attack (CPA) in real-world scenario?

In CPA, it is said that the adversaries get ciphertext for the choice of plaintext of adversaries through an encryption oracle. Is this a realistic assumption in real-world, in which the adversaries get ciphertext for the choice of their plaintexts?…
Siva Kumar
  • 299
  • 2
  • 5
11
votes
1 answer

Proof that IND$-CPA implies IND-CPA?

I've read a few papers recently that used a notion of security called "indistinguishability from random bits/strings" under chosen plaintext attack, also called IND\$-CPA. See e.g.…
J.D.
  • 4,455
  • 18
  • 22
9
votes
2 answers

Definition and meaning of "semantic security"

I'm taking a Coursera cryptography course. The definition of semantic security is hard to understand. I tried to restate it with some slight changes (the word "efficient" was in the original definition). Have I gotten it right? The adversary…
koddo
  • 191
  • 1
  • 1
  • 4
9
votes
1 answer

Is SHA-1 secure when used to implement a PRNG

I read SHA-1 is still a secured hashing function with no collision found as of now. However, it's just a matter of time for someone to come up with such a collision or attack. Therefore, in new projects, it is recommended to use SHA-256. SHA-512 is…
Saptarshi Basu
  • 528
  • 5
  • 17
9
votes
1 answer

Why is "semantically secure" important for cryptosystems?

The first question: what is the exact definition of semantically secure? Basically, a cryptosystem is semantically secure if given the public key and the ciphertext, an adversary cannot learn any partial information of the plaintext. However, the…
Paradox
  • 487
  • 3
  • 9
9
votes
1 answer

Attacks on elliptic-curve based cryptosystems through solving the Decisional Diffie-Hellman Problem with the Weil Pairing

Are there any examples of practical attacks on cryptosystems set over elliptic curves which utilize the easiness of DDH for certain choices of curves $E(\textbf{F}_q)$, and as such their lack of semantic security? I'm looking for something along the…
sju
  • 373
  • 3
  • 11
9
votes
2 answers

Proving the semantic security of the One Time pad

Currently hearing a lecture on cryptography, and the professor gave us the definition of semantic security, which is roughly the following (formally not quite complete, but you get the idea): Given a function $INFO(1^n,m)$ which determines the…
malexmave
  • 1,461
  • 2
  • 14
  • 26
8
votes
2 answers

Practical necessity of semantic security under chosen plain text attack (CPA) in CBC mode

I was not able to understand why we practically need a CPA security in Cipher Block Chaining, which insist on having a random IV. Let's say if the encryption is not CPA secure, i.e. the adversary can identify two ciphertext are same and conclude the…
David
  • 443
  • 1
  • 4
  • 6
7
votes
1 answer

Why is encrypting a key under itself dangerous?

I'm currently self-studying to try and understand more about cryptography for work. I'm on question 2.16 on A Graduate Course in Applied Cryptography . For part a), we're given a cipher $E$ that's semantically secure and asked to create $\hat{E}$…
AeonNeo
  • 171
  • 3
7
votes
4 answers

Can a shift cipher attain perfect secrecy?

On a practice question for my intro cryptography exam, it asks the following: Assuming that keys are chosen with equal likelihood, the shift cipher provides:    A) computational security    B) perfect secrecy    C) semantic security    D) none of…
Cat
  • 173
  • 1
  • 1
  • 5
7
votes
4 answers

Is there a public key semantically secure cryptosystem for which one can prove in zero knowledge the equivalence of two plaintexts?

If Alice encrypts two messages $a$ and $b$, such that $x=E(a)$, $y=E(b)$. Can Alice prove (without revealing $a$, $b$ or the private key) that $a = b$? Obviously the proof must not be too long and it should be practical to compute and verify (either…
SDL
  • 1,927
  • 13
  • 25
6
votes
2 answers

Is semantic security important in a hybrid cryptosystem?

RSA doesn't provide semantic security when used unmodified, and neither does the commonly used PKCS#1 v.1.5 padding scheme for encryption. Is this a problem for hybrid cryptosystems at all? My suspicion is that it isn't, since the plaintext message…
lxgr
  • 1,798
  • 1
  • 13
  • 22
6
votes
1 answer

Designing Secure Multi-Party Computation Sub-Protocols Based on Homomorphic Encryption

When designing SMPC protocols using secret-sharing, it is a common approach to compose a protocol from several sub-protocols (each proven secure under the formal definition of security w.r.t. semi-honest or malicious adversaries) by applying the…
Zalander
  • 101
  • 4
6
votes
1 answer

Message space in security definitions

What is the message space in the following example and how does a message space relate to a security definition? I mean, what difference does it make to such a definition if your message space is $\{0,1\}^n$ or if it is $\{0,1\}$? We say…
mixkat
  • 505
  • 1
  • 4
  • 8
1
2 3 4 5 6 7 8