0

I know counter mode can be CPA secure, when used with block ciphers modeled as random permutations. If we use pseudo-random permutations, is it still CPA secure? Is there a proof?

How about CBC mode? When used with block ciphers modeled as pseudo-random permutations, will it be CPA secure? Again, is there a proof?

Jens Erat
  • 1,333
  • 10
  • 17
user3754216
  • 19
  • 4

1 Answers1

3

Standard security proofs for CTR and CBC deal with pseudo-random permutations (or pseudo-random functions). Relevant references can be found in Sections 4 and 5 of Rogaway's survey. However, it is unclear what you mean by a proof with random permutations. Where is the key then?

Dmitry Khovratovich
  • 5,647
  • 21
  • 24