Timeline for how to prove that given cryptosystem is not IND-CCA secure?
Current License: CC BY-SA 4.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 20, 2019 at 7:03 | comment | added | Marc Ilunga | Never mind, I was confused by the notation and thought $x$ was literally a couple. It might be worthwhile to modify the question and clarify the notation just in case anyone is confused like I was. | |
| Apr 18, 2019 at 17:18 | comment | added | Squeamish Ossifrage | @MarcIlunga The plaintext $x$ is an $m$-bit string, and the range of $G$ is $m$-bit strings—what's the issue? | |
| Apr 18, 2019 at 15:30 | answer | added | Askhat | timeline score: 1 | |
| Apr 17, 2019 at 19:36 | comment | added | Marc Ilunga | Just checking the operations. Seems like encryption should be different.. $G(r) \oplus x$ isn't correct because the the output of $G$ and $x$ are in different spaces | |
| Apr 16, 2019 at 15:20 | comment | added | Askhat | yes, can selectively modify ciphertexts | |
| Apr 16, 2019 at 15:16 | comment | added | Askhat | @SqueamishOssifrage I would like to show that cryptosystem is not semantically secure against a chosen ciphertext attack. As usually given x1,x2, a ciphertext (y1,y2) that is an encryption of xi (i=1 or i=2). Also we have access to a decryption oracle DECRYPT for this cryptosystem, which decrypts with any input except for given ciphertext, and will output the corresponding plaintext | |
| Apr 16, 2019 at 14:39 | history | edited | Squeamish Ossifrage | CC BY-SA 4.0 | \times |
| Apr 16, 2019 at 14:39 | comment | added | Squeamish Ossifrage | Hint: How is IND-CCA related to NM-CCA? Can you selectively modify ciphertexts? | |
| Apr 16, 2019 at 14:34 | history | edited | AleksanderCH | CC BY-SA 4.0 | Improved formatting |
| Apr 16, 2019 at 14:25 | review | First posts | |||
| Apr 16, 2019 at 14:35 | |||||
| Apr 16, 2019 at 14:21 | history | asked | Askhat | CC BY-SA 4.0 |