Answered step by step
Verified Expert Solution
Question
1 Approved Answer
( ( ( ( ( ( Slide 4 . | K | < | M | , so no perfect secrecy . Ideally | K
Slide
KM so no perfect secrecy Ideally K M
Efficient adversary: will equate to Probabilistic Polynomial Time PPT
Single cipher text c leaks information about plaintext
def
Mcmm Deckc for some k K
Such brute force computation requires O K time so not efficient
Question In slide of module it is claimed that McK Explain why we cannot replace by in this assertion.
Slide
DEFINITION Let G be a deterministic polynomialtime algorithm such that for any n and any input s E n
the result Gs is a string of
length ln G is a pseudorandom generator if the following conditions hold:
Expansion For every n it holds that ln n
Pseudorandomness For any PPT algorithm D there is a negligible function negl such that
Pr DGs PrDr negln
where the first probability is taken over uniform choice of s n and the randomness of D and the second probability is taken over uniform choice of r en and the randomness of D
We call ln the expansion factor of G
Question A pseudorandom generator is defined to be a deterministic algorithm slide module Consider the use case for pseudorandom generators in Figure slide module For this use case would it be appropriate to consider pseudorandom generators to be randomized rather than deterministic? Explain.
Question The pseudorandomness criteria item in the definition of a pseudorandom generator is defined with respect to a PPT distinguisher D slide module Slide of module shows that an exponential time distinguisher can carry out a brute force search. What can you say about the value of the security parameter n to make this attack computationally infeasible?
Slide
CONSTRUCTION
Let G be a pseudorandom generator with expansion factor ln Define a fixedlength privatekey encryption scheme for messages of length ln
as follows:
Gen: on input
choose uniform ki E and output it as
the key.
Enc: on input a key ki and a message m n output the ciphertext
c: Gk Om
Dec: on input a key k and a ciphertext c n output the message
m: Gk @ c
A privatekey encryption scheme based on any pseudorandom generator.
Question Consider Construction slide module and the indistinguishability experiment on slide module Suppose we relax the requirement of fixed length in Construction and allow messages of length ln Further we allow adversaries in slide to choose messages m and m of unequal length. Explain why such an adversary can succeed with probability
PLZ ANS BY QUESTION THANK YOU
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started