Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [chosen-plaintext-attack]

The attacker can specify his own plain text and encrypt or sign it.

The attacker can specify his own plain text and encrypt or sign it. He can carefully craft it to learn characteristics about the algorithm.

For example he can provide an empty text, a text which consists of one "a", two "aa", ...

If Vigenère cipher is used for example, it is very easy to extract the key length and recover the key by repeating one letter.

295 questions
7
votes
3 answers

Is it possible to build a CPA-secure encryption scheme which remains secure even when the encryption of secret key is given?

How can I design a CPA-secure encryption scheme which is secure even after the encryption of secret key is given in the training phase? I.e., in the training phase, $\mathit{Enc}_{\mathit{pk}}(\mathit{sk})$ is given to the attacker, where…
kiran
  • 73
  • 4
6
votes
1 answer

Why is asymmetric encryption IND-CPA?

According to Wikipedia, the IND-CPA game is: The challenger generates a key pair PK, SK based on some security parameter k (e.g., a key size in bits), and publishes PK to the adversary. The challenger retains SK. The adversary may perform a …
Clash
  • 163
  • 1
  • 4
6
votes
3 answers

Understanding the definition of polynomially CPA (IND-CPA) security

I just started on encryption schemes and have some trouble in understanding the following definition of IND-CPA security: $E$ is polynomially CPA (IND-CPA) secure, if for all adversaries $A$ and all polynomials $p$, we have: $Adv_a <=…
rzdzc2WUQKJeB6GS
  • 267
  • 1
  • 2
  • 8
6
votes
1 answer

How to show CPA attacker does not need access to encryption oracle after receiving cyphertext

In the private key CPA game, the attacker has access to an encryption oracle anytime during the attack. However, I have seen this statement in lecture notes I downloaded "You can prove that for every polynomial time attacker that uses the…
hsgubert
  • 161
  • 1
6
votes
2 answers

Security game oracle queries

Concerning private key (symmetric) IND-CPA game definition: Attacker $A$ queries the encryption oracle polynomial number of times. $A$ sends the challenger $C$ a message pair $m_0$ and $m_1$. $C$ picks a random bit $b$ and sends back to $A$ a…
Ainz Titor
  • 163
  • 6
4
votes
2 answers

Challenge-Response Phases in IND-CPA

The IND-CPA game has two challenge-response phases A key is generated by running $Gen(1^n)$ and challenger selects a bit b {0,1} uniformly at random. Adversary gets input $1^n$. Can query the oracle a polynomial number of times with messages and…
foo19
  • 41
  • 1
4
votes
3 answers

What is the difference between chosen-plaintext attack and adaptive-chosen-plaintext attack?

I've just dived in cryptography and would like to learn basics of this science. Currently I can't understand the difference between these two types of attacks. As I understood from Bruce Schneier's book "Applied Cryptography",…
Dmitry Papka
  • 41
  • 1
  • 2
3
votes
1 answer

Why do the messages in IND-CPA have to be of same length

I understand the general idea of IND-CPA, however I fail to understand why the messages the adversary chooses have to be of same length. I guess that with variable length messages there would always exist a successful attack and therefore CPA…
Gilrich
  • 133
  • 2
3
votes
0 answers

Proving CPA security using a PRG in place of a PRF

I am stuck on a question involving a security proof. Any Hints on how to approach this is helpful and greatly appreciated. Question is: State whether the following scheme has indistinguishable encryptions in the presence of an eavesdropper and…
hlcrypto123
  • 131
  • 1
2
votes
1 answer

Relationship among secrecy-constant, key space and message space

Here scheme $\Pi$ is $\epsilon $ - perfectly secret. Given that encryption scheme $\Pi$ = $(\mathrm{Gen}, \mathrm{Enc}, \mathrm{Dec})$ over $(\mathcal K,\mathcal M,\mathcal C)$ is called $\epsilon $ - perfectly secret if for any distribution over…
Zeeshan Noorani
  • 21
  • 4
2
votes
1 answer

How do I prove that an encryption based on a multiplicative cyclic group is IND-CPA?

Consider the following encryption and decryption functions where $\mathbb{Z}_{N}^{*}$ is a cyclic multiplicative group, $g$ is a generator for the group and $F$ is a keyed PRF. $E(m, i, k) = m \times g^{F_k(i)} \bmod N$ $D(c, i, k) = c \times…
savx2
  • 431
  • 1
  • 3
  • 10
2
votes
0 answers

IND-CPA game with a state-dependent Encryption Function that is insecure once

in the context of another setting I was asked the following question. Suppose the IND-CPA game is played with a symmetric encryption function $E$ that keeps a state of how many encryptions have already been requested by the adversary $A$ during the…
Aares
  • 21
  • 3
2
votes
1 answer

What happens if five messages are generated in IND-CPA security?

I am wondering why in IND-CPA security game, the adversary generates two random messages. What happens if for example 5 messages are generated? What would be the advantage for the adversary?
COLD ICE
  • 123
  • 4
2
votes
0 answers

Prove that the given scheme is CPA secure or not

Given: F is a length preserving PRP. Encryption scheme $\Pi$ for messages of n/2 bits where: $m\in\{0,1\}^{n/2}$ $k\in\{0,1\}^n$ Enc: Select a random string $r\in\{0,1\}^{n/2}$ and output $c\leftarrow F_k(r||m)$ Prove: If this scheme is CPA…
vik-y
  • 121
  • 3
2
votes
1 answer

CPA and pseudorandom generator

Just started learning about Cryptography and Network Security in general, and I can't seem to grasp the understanding of the following question. Please correct me if I am misunderstanding anything. Imagine that there exists a Pseudorandom Generator…
user3277633
  • 231
  • 1
  • 3
  • 8
1
2