Randomness in Cryptography February 14 , 2013 Lecture 6 : Encryption / Extraction
نویسنده
چکیده
Let K ∈ {0, 1}n be a key distribution and let K ∈ S, where S is a family of distributions. From now on we call S a source. We want to use K as a secret key for some encryption scheme (Enc,Dec) to encrypt message m ∈ {0, 1}b. We take two approaches. Approach 1: Extract a traditional key R and use R to encrypt. R = Ext(K) where Ext is an extractor for distribution K. For example, if |R| = b set C = m ⊕ R, (One-Time pad). This approach is modular but can possibly be restrictive. Approach 2: Encrypt directly using K and bypass extraction. In particular, can we encrypt better without extraction?
منابع مشابه
Randomness in Cryptography January 21 , 2013 Lecture 7 : Privacy ⇒ Extraction Continued
These steps will be useful when we consider other privacy primitives. We can use this proof as a blueprint with other primitives, as long as they have similar properties we can use in the security and correctness steps. The main question we will answer today is: to what extent can we generalize this result from encryption to other privacy primitives? We will also explore the limits of this proo...
متن کاملRandomness in Cryptography January 10 , 2013 Lecture 1 : One - Time MACs , ( XOR ) Universal hashing , Weak Keys
In today’s lecture we study one-time message authentication codes (MACs) which are secure in an information-theoretic sense. We will see that, compared to informationtheoretically secure encryption, significantly better parameters can be achieved. We will also study such MACs in the setting of imperfect randomness, i.e. when the secret key is not drawn from the uniform distribution but rather i...
متن کاملRandomness in Cryptography Lecture 7: Privacy ⇒ Extraction Continued
These steps will be useful when we consider other privacy primitives. We can use this proof as a blueprint with other primitives, as long as they have similar properties we can use in the security and correctness steps. The main question we will answer today is: to what extent can we generalize this result from encryption to other privacy primitives? We will also explore the limits of this proo...
متن کاملRandomness in Cryptography January 24 , 2013 Lecture 3 : Privacy and Weak Sources
Let’s quickly review some results from previous lectures. Definition 1 Let (Enc,Dec) denote an encryption scheme where Enc : {0, 1}m×{0, 1}n → {0, 1}λ and Dec : {0, 1}m × {0, 1}λ → {0, 1}n are functions. A correct encryption scheme satisfies ∀r, x Decr(Encr(x)) = x. Let R and X denote distributions on r and x respectively. (Enc,Dec) is said to be (k, ε)-secure if it is (R, ε)-secure for every k...
متن کاملRandomness in Cryptography April 6 , 2013 Lecture 12 : Computational Key Derivation
In the previous lecture, we discussed methods of key derivation, in particular, how to beat the RT bound for square-friendly applications and defined the notion of unpredictability extractors. In this question, we’ll ask if we can do any better by allowing computational assumptions. Such notions may be helpful for beating information-theoretic bounds for applications that consider only computat...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013