My understanding are these steps are necessary for symmetric cryptography to be

Question

My understanding are these steps are necessary for symmetric cryptography to be IND-CPA:

1. The adversary submits two distinct M0, M1 plain-texts to the challenger.
2. The challenger selects one of them at random and encrypts it with the symmetric key and gives cipher-text C.
3. The adversary has to guess which message was encrypted based on C with a probability greater than 1/2 for the cipher-text to be distinguishable.

If the adversary wants to play the game again can he do M0 and M2? Or do they have to be new plain-texts?

Also I have an encryption algorithm that I am trying to apply IND-CPA test on it. How do I go about finding the probability mathematically, any hints or steps should I take?

Explanation / Answer

First off, your definition is not IND-CPA: In the IND-CPA setting, the adversary has access to an encryption oracle. As you have already determined, no deterministic encryption scheme can be IND-CPA secure. I don't think IND-CPA is widely used for symmetric encryption though (although I might be wrong), semantic security might be a better option. For public key schemes, this is the same thing, but for symmetric schemes, it is not.

Semantic security informally says that you can't derive any information from a ciphertext about the underlying plaintext. Formally (from Katz and Lindell: Introduction to Modern Cryptography):

A private-key encryption scheme is semantically secure if for every PPT (= probabilitsitc polynomial-time) algorithm A there exists a PPT algorithm A? such that for all efficiently sampleable distributions X=(X1,

Related Questions

Navigate

• Browse (All)
• Browse M
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.