Following are steps to conduct Chosen Plaintext Attack (CPA) indistinguishibility experiment $PrivK_\mathcal{A,E}^{eav}(n)$.
$\mathcal{A}$ is the adversary $\mathcal{E}$ is the encryption scheme (Gen, Enc, Dec), $n$ is the length of the input.
- a secret key SK is generated using Gen($1^n)$
- $\mathcal{A}$ is given input of $1^n$ and oracle access to $Enc_{sk}(.)$ and outputs a pair of messages $m_0$ and $m_1$ of the same length.
- A random bit $b$ is chosen. $Enc_{sk}(m_b)$ is computed to form $challenge$ ciphertext $C$ given to $\mathcal{A}$.
- $\mathcal{A}$ continues to have oracle access to $Enc_{sk}(.)$ and outputs another bit $b'$.
- If $b'== b$ then $\mathcal{A}$ succeeded, otherwise $\mathcal{A}$ lost the game.
To better understand the experiment above, I decided to run it with simple values of my choosing:
- secret key SK 10101010 generated with length n=8 by defender (one who wants security)
- $\mathcal{A}$ is given an input $1^n$ = 11101110 by defender. Using the length of this input, $\mathcal{A}$ comes up with $m_0 = 11111111 $ and $m_1$ = 00000000
- Defender randomly selects $b$ = 0 and encrypts $Enc_{sk}(m_b)$ = $Enc_{sk}(m_0)$ = $Enc_{sk}(11111111)$ = 10111011 = $C$ challenge and given to $\mathcal{A}$
- Using $C$ = 10111011 $\mathcal{A}$ tries to guess if it came from $m_0$ or $m_1$. Guesses $b'$ = 1. This means $\mathcal{A}$ lost the game.
My understanding is the adversary continues to pick different $m_0$ and $m_1$ values and has the defender encrypt them until he starts guessing correctly over 1/2 the time.
Is this a correct understanding or am I missing something?
