I know that the OTP is considered to have perfect secrecy, but I haven't seen anything about its security against chosen ciphertext attacks, and I was wondering about its secrecy in this regard. My intuition is that it shouldn't be since I'd imagine it has the same issues as CTR$ against a chosen ciphertext attack, but I am not certain.
Asked
Active
Viewed 62 times
0
-
3OTP cannot be IND-CCA secure because it is not even IND-CPA secure. – Mikero Feb 23 '24 at 04:21
-
1Oh I see, from here -- it doesn't fit the definition of IND-CPA well https://crypto.stackexchange.com/questions/25683/is-one-time-pad-considered-chosen-plaintext-attack-secure – chemN00b Feb 23 '24 at 05:34
-
1Wow, the answers to that question are crazy to me. I wasn't aware there was such a variety of interpretations of a statement that is (to me) 100% unambiguous. – Mikero Feb 23 '24 at 06:43
-
No! See Easy explanation of "IND-" security notions?. For beyond Ind-CPA we need integrity. – kelalaka Feb 24 '24 at 22:35