- #1
msell2
- 15
- 0
Prove that the following definition cannot be satisfied if Π can encrypt arbitrary-length messages and the adversary is not restricted to outputting equal-length messages in experiment PrivKeavA,∏.
A prive-key encryption scheme ∏=(Gen, Enc, Dec) has indistinguishable encryptions in the presence of an eavesdropper if for all probabilistic polynomial-time adversaries A there exists a negligible function negl such that: Pr[PrivKeavA,∏(n) = 1] ≤ (1/2) + negl(n), where the probability is taken over the random coins used by A, as well as the random coins used in the experiment (for choosing the key, the random bit b, and any random coins used in the encryption process).
Hint. Let q(n) be a polynomial upper-bound on the length of the ciphertext when Π is used to encrypt a single bit. Then consider an adversary who outputs m0 ∈ {0, 1} and a random m1 ∈ {0, 1}q(n)+2.
I don't really understand the hint. Does anyone have any ideas on what it means and how it helps with the problem?
A prive-key encryption scheme ∏=(Gen, Enc, Dec) has indistinguishable encryptions in the presence of an eavesdropper if for all probabilistic polynomial-time adversaries A there exists a negligible function negl such that: Pr[PrivKeavA,∏(n) = 1] ≤ (1/2) + negl(n), where the probability is taken over the random coins used by A, as well as the random coins used in the experiment (for choosing the key, the random bit b, and any random coins used in the encryption process).
Hint. Let q(n) be a polynomial upper-bound on the length of the ciphertext when Π is used to encrypt a single bit. Then consider an adversary who outputs m0 ∈ {0, 1} and a random m1 ∈ {0, 1}q(n)+2.
I don't really understand the hint. Does anyone have any ideas on what it means and how it helps with the problem?