Questions tagged [distinguisher]

A distinguisher describes an adversary's advantage. In cryptography, an adversary's advantage is a measure of how successfully it can attack a cryptographic algorithm, by distinguishing it from an idealized version of that type of algorithm.

A distinguishing attack is any form of cryptanalysis on data encrypted by a cipher that allows an attacker to distinguish the encrypted data from random data.

To prove that a cryptographic function is safe, it is often compared to a random oracle. If a function would be a random oracle, then an attacker is not able to predict any of the output of the function. If a function is distinguishable from a random oracle, it has non-random properties. That is, there exists a relation between different outputs, or between input and output, which can be used by an attacker for example to find (a part of) the input.

This information might then reveal the encryption method used, some information about the encrypted message, or refine the potential key space.

84 questions

votes

2 answers

Is there a formal definition of what a distinguisher is?

I've often been reading about (polynomially bounded) distinguishers in books or papers. Although by name and intuition it is somewhat clear what a distinguisher is and does, but i am asking myself whether there is a concrete formal definition.…

distinguisher

asked Aug 17 '15 at 15:49

foobar

votes

4 answers

Computation indistinguishability questions

The definition I have is: Two probability ensembles $X = \{X_n\}_{n \in \mathbf{N}}$ and $X = \{Y_n\}_{n \in \mathbf{N}}$ are computationally indistinguishable if for every probabilistic polynomial-time algorithm $D$, every positive polynomial…

distinguisher

asked Nov 25 '14 at 20:58

Dramal

votes

1 answer

How to define the statistical distance between two functions?

The statistical difference between two families of distributions of random variables: Let $\mathrm{\mathbf{X}} = \{ X_{l} \}_{l}$ and $\mathrm{\mathbf{Y}} = \{ Y_{l} \}_{l}$ be two families of distributions of random variables, the statistical…

distinguisher

asked Nov 15 '18 at 07:52

Blanco

1,622
1
10
20

votes

1 answer

why do we take computational distinguishability over ensembles

In the Cornell lecture notes, computational indistinguishability is defined as Definition 69.4 (Computational Indistinguishability). Let $\{X_n\}_n$ and $\{Y_n\}_n$ be ensembles where $X_n$,$Y_n$ are distributions over $\{0, 1\}^{l(n)}$ for some…

distinguisher

asked Feb 13 '21 at 14:53

user185887

votes

1 answer

Example of not computationally indistinguishable

All the examples that I see for proving that two distributions are not computationally indistinguishable involve a pattern: choose a Distinguisher $D(\cdot)$ such that $D(x)$ is $1$ if $x$ satisfies some certain properties. For example, consider the…

distinguisher

asked Feb 13 '21 at 14:45

user185887

votes

1 answer

Distinguishing joint probability distributions

Assume that we have a probability distribution $P(X,Y)$ for the joint probability of random variables $X$ and $Y$. Let $P(Y, Z)$ be analogous distribution for $Z$ and $Y$. Based on these we can define a joint probability distribution of…

distinguisher

asked Oct 28 '13 at 14:49

student

vote

1 answer

Given an input x, can a distinguisher D output 1/2?

Consider a PPT distinguisher $D$. Now if I give it an input (a bit string) $x$, it outputs 1 if $x$ ends with $1$ and $0$ otherwise. We know such a distinguisher exists and is often given as an example many times. Now consider another distinguisher…

distinguisher

asked Feb 14 '21 at 08:33

user185887

vote

1 answer

How to define the statistical distance between two probabilistic algorithms?

Let $$ \begin{aligned} F_{i} \colon \{\, 0,1 \,\}^* \times \{\, 0,1 \,\}^* &\to \{\, 0,1 \,\}^* \\ (k, x) &\mapsto y \\ \end{aligned} $$ for $i \in \{\, 1,2 \,\}$. As we known, for every oracle algorithm $\mathcal{D}$ the distance between $F_{1}$…

distinguisher

asked Apr 25 '19 at 11:49

Blanco

1,622
1
10
20

vote

0 answers

proving indistinguishability of joint distribution using hybrid argument

Using Hybrid Argument, I want to prove following equivalence: $$\{X,Y,Z\}\equiv \{X',Y',Z'\}$$ by proving following equivalences: $\{X,Y,Z\}\equiv \{X,Y,Z'\}$(1) $\{X,Y,Z'\}\equiv \{X,Y',Z'\}$(2) $\{X,Y',Z'\}\equiv \{X',Y',Z'\}$ (3) I know how to…

distinguisher

asked Jul 15 '16 at 19:22

Mhy

vote

1 answer

Distinguishing between two probabilities and the uniform probability

Say I have a polynomial adversary $A$ that can distinguish with a non-negligible adventage between $x$ generated from a probability $X$ and $y$ generated from a probability $Y$. Obviously, this implies that it is possible to either efficiently…

distinguisher

asked Jun 13 '15 at 07:16

zvisofer

-1

votes

1 answer

Probability distribution of bitwise-&

Does the bitwise-& between two uniformly distributed input produce an output that seems uniformly distributed ? To be more specific, assume to take x and y uniformly from {0,1}^n and compute z = x & y. Assume then to uniformly choose a w from…

distinguisher

asked Jul 06 '19 at 17:32

Bruce Wayne