Questions tagged [chosen-plaintext-attack]
The attacker can specify his own plain text and encrypt or sign it.
309 questions
2
votes
0
answers
75
views
Building symmteric-key encryption from a weak PRF
I encountered the following question:
Prove that given a weak PRF $F:\{0,1\}^*\times\{0,1\}^*\mapsto\{0,1\}^*$ that doubles the length of each input (that is, if ...
- 121
1
vote
3
answers
360
views
Insecure variants of Even-Mansour
This question comes from exercise 4.20 of Boneh and Shoup's "Graduate Course in Applied Cryptography [ver. 0.6]:"
Let $\pi: X\rightarrow X$ be a permutation, where $X=\{0,1\}^n$. Recall that ...
- 193
2
votes
1
answer
93
views
CPA Security: Does there exist a ciphertext shared by 2 or more plaintexts in randomized encryption
I am taking the Online cryptography course by Dan Boneh.
There is a segment that talks about CPA (Chosen Plaintext Attack) Security.
I understand that to prevent CPA, we want the encryptions of the ...
3
votes
2
answers
408
views
Why CPA-secure implies with overwhelming probability, there will be no repeated ciphertext?
5.12 (Repeating ciphertexts). Let $\mathcal{E} = (E, D)$ be a cipher defined over $(\mathcal{K}, \mathcal{M}, \mathcal{C})$. Assume
that there are at least two messages in $\mathcal{M}$, that all
...
- 33
0
votes
1
answer
93
views
Chosen-plaintext attack on Stream cipher
Now we have a stream cipher algorithm that works by using a series of obfuscation and diffusion functions to obtain a highly secure key stream, thereby using plaintext XOR key stream to obtain highly ...
- 169
0
votes
1
answer
65
views
Is this CPA-secure encryption with EUF-CMA MAC scheme IND-CCA secure?
Let $(\operatorname{Gen}_1, \operatorname{Enc}, \operatorname{Dec})$ be a CPA-secure (IND-CPA) encryption scheme, and $(\operatorname{Gen}_2, \operatorname{Mac},\operatorname{Vrfy})$ be an ...
- 131
1
vote
2
answers
138
views
Prove that this Modified CBC-MAC is not secure
In the following problem:
Prove that the following modifications of basic CBC-MAC do not yield a secure
MAC (even for fixed-length messages):
(b) A random initial block is used each time a message ...
1
vote
0
answers
43
views
Proving that deterministic and stateless encryption scheme cannot achieve indistinguishability of multiple encryptions
Typically a deterministic encryption scheme is characterized by the lack of randomness: a message $m$ will alawys be encrypted to the same ciphertext $c$.
A stateful encryption scheme keeps track of a ...
- 39
2
votes
1
answer
105
views
Can we construct a CPA-secure scheme with a PRNG and a random key?
I'm going through Katz and Lindell, currently at the part where they introduce pseudorandom permutations, and I was wondering this: given a PRNG, could we construct a CPA-secure scheme as follows?
...
- 163
0
votes
1
answer
121
views
Prove that this RSA based encryption scheme is not IND-CPA secure
It seems like c2 and c3 kinda reveal something but I cannot put my finger on how exactly we can get it.
Edit:
0
votes
0
answers
88
views
Can we construct a CPA-secure scheme using a PRG?
Proving CPA security using a PRG in place of a PRF
I was reading this question, and was wondering what will happen if the pseudorandom generator $G$ is not known publicly (only known to the sender and ...
- 21
1
vote
1
answer
215
views
Preventing BEAST by using authorisation header instead of cookies
Historical question as BEAST is mitigated in TLS 1.1 and earlier TLS is deprecated.
BEAST is a chosen plaintext attack, possible in web browsers because cross-origin requests have cookies ...
- 125
1
vote
2
answers
244
views
Real-or-Random Security (IND$-CPA) for Homomorphic Encryption?
I am reading papers about homomorphic encryption recently. To my knowledge, all of them opts for the Left-or-Right security i.e. distinguish between $M_0$ and $M_1$ given $\mathcal{E}_K(M_b)$ for $b \...
- 13
2
votes
1
answer
90
views
Question about Security proof of Gentry's Anonymous IBE
In Gentry's paper "Practical Identity-Based Encryption without Random Oracles", I have a little difficulty understanding the security proof part.
The paper claims that in the Challenge phase:...
- 21
0
votes
2
answers
287
views
About IND-CPA security of Homomorphic Encryption
I am trying to understand IND-CPA security in (Partially) Homomorphic Encryption schemes. However, the result of the proofs is usually something stating that a ciphertext does not expose anything ...
