Symbolic Encryption with Pseudorandom Keys
نویسنده
چکیده
We give an efficient decision procedure that, on input two (acyclic) cryptographic expressions making arbitrary use of an encryption scheme and a (length doubling) pseudorandom generator, determines (in polynomial time) if the two expressions produce computationally indistinguishable distributions for any pseudorandom generator and encryption scheme satisfying the standard security notions of pseudorandomness and indistinguishability under chosen plaintext attack. The procedure works by mapping each expression to a symbolic pattern that captures, in a fully abstract way, the information revealed by the expression to a computationally bounded observer. We then prove that if any two (possibly cyclic) expressions are mapped to the same pattern, then the associated distributions are indistinguishable. At the same time, if the expressions are mapped to different symbolic patterns and do not contain encryption cycles, there are secure pseudorandom generators and encryption schemes for which the two distributions can be distinguished with overwhelming advantage.
منابع مشابه
To Collude Or Not To Collude: The Case of Broadcast and Multicast Encryption
We analyze group key distribution protocols for broadcast and multicast scenarios that make blackbox use of symmetric encryption and a pseudorandom generator (PRG) in deriving the group center’s messages. We first show that for a large class of such protocols, in which each transmitted ciphertext is of the form EK1(K2) (E being the encryption operation; K1,K2 being random or pseudorandom keys),...
متن کاملConstrained PRFs for Unbounded Inputs with Short Keys
A constrained pseudorandom function (CPRF) F : K×X → Y for a family T of subsets of X is a function where for any key k ∈ K and set S ∈ T one can efficiently compute a short constrained key kS , which allows to evaluate F (k, ·) on all inputs x ∈ S; while the outputs on all inputs x / ∈ S look random even given kS . Abusalah et al. recently constructed the first constrained PRF for inputs of ar...
متن کاملBounded Key-Dependent Message Security
We construct the rst public-key encryption scheme that is proven secure (in the standard model, under standard assumptions) even when the attacker gets access to encryptions of arbitrary e cient functions of the secret key. Speci cally, under either the DDH or LWE assumption, and for arbitrary but xed polynomials L and N , we obtain a public-key encryption scheme that resists key-dependent mess...
متن کاملOn the Optimality of Non-Linear Computations of Length-Preserving Encryption Schemes
It is well known that three and four rounds of balanced Feistel cipher or Luby-Rackoff (LR) encryption for two blocks messages are pseudorandom permutation (PRP) and strong pseudorandom permutation (SPRP) respectively. A block is n-bit long for some positive integer n and a (possibly keyed) block-function is a nonlinear function mapping all blocks to themselves, e.g. blockcipher. XLS (eXtended ...
متن کاملConstrained PRFs for Unbounded Inputs
A constrained pseudorandom function F : K×X → Y for a family T ⊆ 2X of subsets of X is a function where for any key k ∈ K and set S ∈ T one can efficiently compute a constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while even given this key, the outputs on all inputs x / ∈ S look random. At Asiacrypt’13 Boneh and Waters gave a construction which supports the most genera...
متن کامل