Lecture 17 : Constructions of Public - Key Encryption

In the previous lecture, we defined Public-Key Encryption system. We now proceed to define security in these systems. Intuitively, we would like the encryptions of different messages to be indistinguishable, even when the public key is known by the adversary. be a Public-Key Encryption system over the message space M. (Gen, Enc, Dec) is said to be secure, if for all p.p.t. A there exists a negligible function ǫ(n) such that, ∀m 0 , m 1 ∈ M, |m 0 | = |m 1 | = n it holds that P r[(pk, sk) ← Gen(1 k) : A(pk, Enc pk (m 0)) = 1] − P r[(pk, sk) ← Gen(1 k) : A(pk, Enc pk (m 1)) = 1] < ǫ(k) Theorem 1 If One-Way Trapdoor permutations exist, we can construct 1-bit secure Public-Key Encryption system. Proof: In Lecture 11, it was shown that if OWP exist, then we can construct a OWP with a hard-core bit. Therefore, (f i , t i) i∈I be a family of One-Way trapdoor permutation and let b i be the hard-core bit corresponding to f i. Let Gen T DP be the p.p.t that samples from I. We construct a Public-Key Encryption as follows. The message space M = {0, 1}.