0

I'm curious on how computational indistinguishably is proved.

For instance, would the following be computational indistinguishable? If it is, how do we prove it?

Let $P_a$ be a probabilistic machine which knows a secret $a$ and generates a sequence of $n$ tuples: $(x_1,{x_1}^a),...,(x_n,{x_n}^a)$ where the $x_i$ for each tuple is randomly sampled from a prime order cyclic group. Similarly, let a PPT $P_b$ be defined. Now let a challenger randomly pick two sequences generated by $P_a$ and $P_b$ (they could be both from $P_a$, or one from $P_a$ and one from $P_b$). Can one efficient algorithm tell if the two sequences are generated by two different PPTs?

We'll assume that the standard assumptions on groups apply, e.g., difficulty of discrete logarithm or decision Diffie-Hellman.

Sean
  • 99
  • 9
  • Are those exponentiations over the integers? If yes, just compute the logarithms and check whether they are the same. – Maeher Jul 24 '21 at 13:11
  • Forgot to mention that $x_i$ belongs to a prime order cyclic group – Sean Jul 24 '21 at 16:22
  • 2
    We prove indistinguishablity by showing a reduction between the distibguisher and some problem believed to be hard. – Meir Maor Jul 24 '21 at 17:00
  • You likely have more information about that group. In $(\mathbb{Z}_p,+)$ the two are trivially distinguishable. – Maeher Jul 24 '21 at 17:19
  • Thanks for the inputs. Let's say this is a prime order group where the discrete logarithm is assumed to be hard? My guess is that this can be somehow related to decision Diffie-Hellman but not very sure. – Sean Jul 25 '21 at 00:57
  • The question seems generic as it mentions DL-problem just as an example, but I'm not sure if you can prove any kind of indistinguishability without choosing a specific scheme. – Maarten Bodewes Jul 25 '21 at 16:52

0 Answers0