Skip to main content
Cryptography

Questions tagged [chosen-plaintext-attack]

Ask Question

The attacker can specify his own plain text and encrypt or sign it.

310 questions
Newest Active Bountied Unanswered
2 votes
1 answer
105 views

I'm working on a problem where an encryption scheme like OTP leaks the r-th bit of the key each query where r is a random integer. If an attacker can do an infinite number of queries before the ...
Rexurtiser Skyick's user avatar
  • 21
2 votes
0 answers
75 views

I encountered the following question: Prove that given a weak PRF $F:\{0,1\}^*\times\{0,1\}^*\mapsto\{0,1\}^*$ that doubles the length of each input (that is, if ...
someone235's user avatar
  • 121
1 vote
3 answers
363 views

This question comes from exercise 4.20 of Boneh and Shoup's "Graduate Course in Applied Cryptography [ver. 0.6]:" Let $\pi: X\rightarrow X$ be a permutation, where $X=\{0,1\}^n$. Recall that ...
Nathan Lowry's user avatar
  • 193
2 votes
1 answer
96 views

I am taking the Online cryptography course by Dan Boneh. There is a segment that talks about CPA (Chosen Plaintext Attack) Security. I understand that to prevent CPA, we want the encryptions of the ...
Continuous Improvement's user avatar
  • 55
3 votes
2 answers
422 views

5.12 (Repeating ciphertexts). Let $\mathcal{E} = (E, D)$ be a cipher defined over $(\mathcal{K}, \mathcal{M}, \mathcal{C})$. Assume that there are at least two messages in $\mathcal{M}$, that all ...
FiniteField's user avatar
  • 33
0 votes
1 answer
95 views

Now we have a stream cipher algorithm that works by using a series of obfuscation and diffusion functions to obtain a highly secure key stream, thereby using plaintext XOR key stream to obtain highly ...
S-N's user avatar
  • 169
0 votes
1 answer
69 views

Let $(\operatorname{Gen}_1, \operatorname{Enc}, \operatorname{Dec})$ be a CPA-secure (IND-CPA) encryption scheme, and $(\operatorname{Gen}_2, \operatorname{Mac},\operatorname{Vrfy})$ be an ...
Ferran Gonzalez's user avatar
  • 131
1 vote
2 answers
149 views

In the following problem: Prove that the following modifications of basic CBC-MAC do not yield a secure MAC (even for fixed-length messages): (b) A random initial block is used each time a message ...
Hesham Abdelgawad's user avatar
  • 13
1 vote
0 answers
48 views

Typically a deterministic encryption scheme is characterized by the lack of randomness: a message $m$ will alawys be encrypted to the same ciphertext $c$. A stateful encryption scheme keeps track of a ...
KSI's user avatar
  • 39
2 votes
1 answer
106 views

I'm going through Katz and Lindell, currently at the part where they introduce pseudorandom permutations, and I was wondering this: given a PRNG, could we construct a CPA-secure scheme as follows? ...
MuchToLearn's user avatar
  • 163
0 votes
1 answer
126 views

It seems like c2 and c3 kinda reveal something but I cannot put my finger on how exactly we can get it. Edit:
Aye Ledder's user avatar
  • 1
0 votes
0 answers
92 views

Proving CPA security using a PRG in place of a PRF I was reading this question, and was wondering what will happen if the pseudorandom generator $G$ is not known publicly (only known to the sender and ...
John's user avatar
  • 21
1 vote
1 answer
215 views

Historical question as BEAST is mitigated in TLS 1.1 and earlier TLS is deprecated. BEAST is a chosen plaintext attack, possible in web browsers because cross-origin requests have cookies ...
paj28's user avatar
  • 125
1 vote
2 answers
251 views

I am reading papers about homomorphic encryption recently. To my knowledge, all of them opts for the Left-or-Right security i.e. distinguish between $M_0$ and $M_1$ given $\mathcal{E}_K(M_b)$ for $b \...
gan's user avatar
  • 13
2 votes
1 answer
91 views

In Gentry's paper "Practical Identity-Based Encryption without Random Oracles", I have a little difficulty understanding the security proof part. The paper claims that in the Challenge phase:...
jhf's user avatar
  • 21

15 30 50 per page
1
2 3 4 5
21