Beating Shannon requires BOTH efficient adversaries AND non-zero advantage
نویسنده
چکیده
In this note we formally show a well known (but not well documented) fact that in order to beat the famous Shannon lower bound on key length for one-time-secure encryption, one must simultaneously restrict the attacker to be efficient, and also allow the attacker to break the system with some non-zero (i.e., negligible) probability. Our proof handles probabilistic encryption, as well as a small decryption error.
منابع مشابه
Efficient Two Party and Multi Party Computation Against Covert Adversaries
Recently, Aumann and Lindell introduced a new realistic security model for secure computation, namely, security against covert adversaries. The main motivation was to obtain secure computation protocols which are efficient enough to be usable in practice. Aumann and Lindell presented an efficient two party computation protocol secure against covert adversaries. They were able to utilize cut and...
متن کاملQuantum-Secure Coin-Flipping and Applications
In this paper, we prove classical coin-flipping secure in the presence of quantum adversaries. The proof uses a recent result of Watrous [20] that allows quantum rewinding for protocols of a certain form. We then discuss two applications. First, the combination of coin-flipping with any non-interactive zero-knowledge protocol leads to an easy transformation from non-interactive zero-knowledge t...
متن کاملOn Constant-Round Concurrent Zero-Knowledge
Loosely speaking, an interactive proof is said to be zeroknowledge if the view of every “efficient” verifier can be “efficiently” simulated. An outstanding open question regarding zero-knowledge is whether constant-round concurrent zero-knowledge proofs exists for nontrivial languages. We answer this question to the affirmative when modeling “efficient adversaries” as probabilistic quasi-polyno...
متن کاملTrading Static for Adaptive Security in Universally Composable Zero-Knowledge
Adaptive security, while more realistic as an adversarial model, is typically much harder to achieve compared to static security in cryptographic protocol design. Universal composition (UC) provides a very attractive framework for the modular design of cryptographic protocols that captures both static and adaptive security formulations. In the UC framework, one can design protocols in hybrid wo...
متن کاملThreshold Decryption and Zero-Knowledge Proofs for Lattice-Based Cryptosystems
We present a variant of Regev’s cryptosystem first presented in [Reg05], but with a new choice of parameters. By a recent classical reduction by Peikert we prove the scheme semantically secure based on the worst-case lattice problem GapSVP. From this we construct a threshold cryptosystem which has a very efficient and non-interactive decryption protocol. We prove the threshold cryptosystem secu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012