Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [indistinguishability]

Ciphertext indistinguishability is property of randomised encryption schemes where it is computationally infeasible to tell if two ciphertexts are encryptions of the same plaintext.

Ciphertext indistinguishability is a property of randomised encryption schemes where each possible plaintext has a large number of possible encryptions. For indistinguishability, it should be computationally infeasible to tell if two encryptions were created from the same plaintext. More specifically, given a plaintext and a choice of two ciphertexts (one of which is an encryption of the plaintext and the other which is not) it should be computationally infeasible to guess the correct ciphertext with probability significantly bigger than 1/2.

55 questions
3
votes
1 answer

Hybrid argument without efficient samplability

Let's say I have $k$ distributions, where $k$ is polynomially large, $D_1, D_2, \ldots, D_k$ such that each $D_i$ is computationally indistinguishable from the uniform distribution. Is it true that the distribution $D_1 D_2 \ldots D_k$ is also…
BlackHat18
  • 377
  • 1
  • 9
1
vote
2 answers

What does the syntax Pr[D = 1] mean?

I'm looking at this PDF to understand the hybrid argument: http://www.cs.columbia.edu/~tal/4261/F14/hybrid.pdf The first few lines go as follows: Suppose you have two oracles, or input distributions, $O_0,O_1$, and you want to prove that they're…
Foobar
  • 247
  • 1
  • 7
1
vote
0 answers

What is the reduction between "random challenge" version of indistinguishability and the more "formal" version?

The main definition of computational indistinguishability is that, for any ppt $A$, and distribution ensembles $\{C_n\}, \{D_n\}$, $$\bigg| \Pr_{x\sim C_n}[A(x) = 1] - \Pr_{x\sim D_n}[A(x) = 1] \bigg| \le negl(n)$$ Sometimes, one sees the following…
akjsdhas
  • 21
  • 1
1
vote
0 answers

If the distinguishing advantage of A wrt distribution D_n, E_n is 1/poly(n) with probability .1, then are they not computationally indistinguishable?

As in the title, but to make more clear: If, with probability 0.1, an algorithm A can distinguish between two ensembles D_n, E_n (indexed by sec. paramater n), then are D_n, E_n not computationally indistinguishable? More generally, is it true that,…
akjsdhas
  • 21
  • 1
1
vote
1 answer

Definition of Polynomial-Time Indistinguishability

We call two ensembles $X$ and $Y$ indistinguishable in polynomial time if for every probabilistic polynomial-time algorithm $D$ and for every positive polynomial $p(\cdot)$, and all sufficiently large n's we have…
killertoge
  • 299
  • 1
  • 8
1
vote
1 answer

Security Goal Indistinguishability

I am currently reading a book called Serious Cryptography written by Aumasson to learn about Security. There was a paragraph talking about the security goal named indistinguishability (attached below), which reads in the section "Security…
John Pham
  • 85
  • 4
0
votes
0 answers

How Can Indistinguishability be Proven?

I'm curious on how computational indistinguishably is proved. For instance, would the following be computational indistinguishable? If it is, how do we prove it? Let $P_a$ be a probabilistic machine which knows a secret $a$ and generates a sequence…
Sean
  • 99
  • 9
0
votes
1 answer

Computational indistinguishability

Given a multiplicative group of order $q$ and modulus $p$. Given two constants $a$ and $b$ randomly sampled from $Z_q$. Let random variable $x_a$ be a pair $(x, x^a \mod p)$ and random variable $x_b$ be a pair $(x, x^b \mod p)$. Would the…
Sean
  • 99
  • 9