online cryptography course
‘4
dan boneh
stream ciphers
stream ciphers are
semantically secure
goal: secure prg semantically secure stream cipher
stream ciphers are semantically secure
thm: g:k —{o,1} is a secure prg =
stream cipher e derived from g is sem. sec.
v sem. sec. adversary a, a prg adversary b s.t. radvss[a,ei 2 advprg[b,
dn boneb
stream ciphers are semantically secure
thm: g:k —{o,1} is a secure prg =
stream cipher e derived from g is sem. sec.
v sem. sec. adversary a,
aa prg adversary b
adv55[a,ej 2•advprg[b,gj
s.t.
d,nboneh
stream ciphers are semantically secure
1
thm: g:k—{o,1} isasecureprg =
stream cipher e derived from g is sem. sec.
vsem. sec. adversarya,
adv55[a, e]
2’advprg[b,g}
drn boneb
proof:
let a be a sem. sec. adversary.
for b=o,1:
wb := [event that b’=l 1. adv[a,e]
i pr[w01— pr[w1]
i
dan boneh
proof: let a be a sem. sec. adversary.
c—mbej3g(k)
e {o,1}
for b=o,1: wb := [event that b’=l 1.
adv[a,e] =
i pr[vv0j— pr[w1] i
m0,m1em: 1m01=1m11
adv. a
—
dn bone),
proof:
let a be a sem. sec. adversary.
for b=o,1:
wb := [event that b’=l 1. adv[a,e] =
pr[w01—
b’ e {o,1}
pr[w1j
for b=o,1:
rb := [event that b’=l]
o3i boneh
proof: let a be a sem. sec. adversary.
claimi: ipr[ro1—prlr1ii = jo1 (ii, r”o
i
i i i
0 pr[w0] pr[rb] pr[w1j 1
darn boneh
proof: let a be a sem. sec. adversary.
claimi: ipr[ro1—prlr1ii = 1101 v ‘“°
ciaim2: ]b: ipr[wbl—pr[rb]i =
1 1
0 pr[w0] pr[rb] pr[w1]
03n boneb
proof: let a be a sem. sec. adversary.
claimi: ipr[ro1—prlr1ii = fjo1vs (‘1,
ciaim2: eib: ipr[wbl—pr[rb]i =
0 pr[w0] pr[rb] pr[w1j
dan bone),
proof: let a be a sem. sec. adversary.
claimi: ipr[ro1—prlr1ii = ,lolv5 (‘1, pr,”jo
ciaim2: b: ipr[wbl—pr[rbli = .# k,
i i
0 pr[w ] pr[r ] pr[w]
ajv(43
dn boneh
proof: let a be a sem. sec. adversary.
claimi: ipr[ro1—prlr1ii = /jav5 (i, @r,”.?o
ciaim2: b: ipr[wbl—pr[rb]i = 4fr j,,,
1• i i
0 pr[w ] pr[r ] pr[wj
= adv[a,e] = i pr[w0] — pr[w1] 2 advprg[b,g]
don bonch
proof of claim 2: 3b: pr[w0] — pr[r0] i = advprg[b,g]
algorithm b:
ye{o,1}
prgadv.b (us) i
(gi veil)
>
b’
(
c
{o,1}
dan boneb
proof of claim 2: 9b: pr[w0] — pr[r0] i = advprg[b,g]
algorithm b:
‘j c {o,1}”
prg adv. b (us)
(gwen).
>
b’
(
c
{o,1}
can bonch
proof of claim 2: b: pr[w0] — pr[r0] i = advprg[b,g]
algorithm b:
‘j e
{o,1}
prg adv. b (us)
m0,
m1
adv.a (given)
(
b’€{o,l}
drn boneb
proof of claim 2:3b:i pr[w0] — pr[r0j i = advprg[b,g] algorithm b:
“a
y
c {o,1}’
prg adv. b (us)
=
.
m0,
m1
b’
c
>
{o,1}
4
adv. a (given)
c
—
m0@
y
advprg[b,g] =
dan boneh
proof of claim 2: b: pr[w0] — pr[r0j i = advprg[b,g]
algorithm b:
y
e {o,1}
prg adv. b (us)

m0,
k—
m1
m0e
adv. a h (given)
b’
e
{o,1}
4
c
y
advprg[b,g] =
dui boneh
proof: let a be a sem. sec. adversary.
claim 1: pr[r0] — pr[r11 i = fjj1v (t p—r,”j c
is
claim2: sib: ipr[wbl—pr[rb]i = pfr k,
7
f
0 pr[w0j pr[rb] pr[w j
1
adv5[a,e] =w0j—prw1ji 2 advprg[b,g]
drn boneh