Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

bitlength of a , ( 3 ) a i is the i - th bit of a , ( 4 ) a [ i ,

bitlength of a,(3)ai is the i-th bit of a,(4)a[i,j] is a substring ai|dots|aj of a(if 1ij|a|),
(5) if |a|=n for some even n then aL and aR stand for respectively a[1,n2] and a[n2+1,n].
1 How safe are negligible attacks if attack resources grow?
Adversarial advantage in breaking some cryptographic scheme is a function of the security
parameter used to instantiate the scheme ( is typically the length of the key) and of the
adversary's computational resources. Assume that the adversarial advantage grows linearly
with adversary's resources, i.e. if adversary's computing power grows by a factor of then his
chance of breaking a cryptosystem will grow by the same factor of . Assume that if you fix
adversary's computing power then his adversarial advantage against a given cryptographic
scheme is a decreasing function lon() of the security parameter . Assume that advantage
lon1=2-20 is considered safe in the context of some application. Whatever function lon() is,
this maps to some threshold value 1 which is the smallest value s.t.lon(1)lon1, but since we
can assume that lon is strictly decreasing, you can just define 1 as the value s.t.lon(1)=lon1.
Consider the possibility that adversary's resources grow by a factor of , e.g. because
of continuing decrease in computational costs. To achieve the same security bound of 2-20
against such stronger attacks we need to increase the security parameter to a new threshold
value 2 s.t.lon(2)=lon2 where lon2=(1)**lon1. To see why, note that if the adversary has lon
advantage using x computation, then if he can perform **x computation instead, then
one thing he can do is to repeat the x-computation attack times, which will bump up his
probability of attack to 1-(1-lon), which for small lon comes very close to **lon. This is why
if adversary's resources grow by a factor of and we need to maintain the 2-20 security
bound then we need to set s.t.lon() satisfies **lon()2-20.
Consider the following functions lon(), and in each case do the following: (a) compute
1 s.t.lon(1)=lon1=2-20,(b) express 2 as a function of (note that 2 should satisfy
{:lon(2)=lon2=(1)**lon1=(1)**2-20),(c) compute 2 for =230.
lon()=2-
lon()=2-2
lon()=14
Assume that the computational cost of the cryptographic scheme used in this application
is T()=2.(The cost of an efficient scheme must be at most some polynomial in .) For
each of the above three cases of function lon, do the following: (a) compute T1=T(1),(b)
state what T2=T(2) is as
image text in transcribed

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Intelligent Image Databases Towards Advanced Image Retrieval

Authors: Yihong Gong

1st Edition

1461375037, 978-1461375036

More Books

Students also viewed these Databases questions

Question

What is the logic of H0 and Ha in all procedures for ranked data?

Answered: 1 week ago