----

JustinT wrote: |

(i.e., think "semantic" security (IND-CPA), and other notions, such as IND-CCA, IND-CCA2, NM-CPA, NM-CCA, NM-CCA2, et cetera) |

Justin, I'm not familiar with these terms; Could you point to where I can find out the definitions of these terms?

(And thanks for your response to my previous post, which was very clear and helpful, as always.)

----

Dwonis wrote: |

Justin, I'm not familiar with these terms; Could you point to where I can find out the definitions of these terms? |

Sure. I've researched this a bit, for the purpose of finding the necessary references that I'll cite, in a moment, which meticulously discuss these terms, which are referred to as "notions of security", collectively; they are basically definitions used for the purpose of formalizing security, in a strong sense, for a particular scheme or service. Primarily, these have been formalized for asymmetric (public-key) primitives, but they can be generalized, and extended, to adapt to symmetric primitives, as well; this was done, for example, in an analysis by Bellare, Desai, Jokipii, and Rogaway, entitled, "A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation."

If you have access to a college or university that can obtain scientific publications, that might greatly aid in finding a lot of material to research. First, for an introduction into semantic security, which corresponds to IND-CPA, or [polynomial] Indistinguishable Chosen-Plaintext Attack, study Goldwasser and Micali's "Probabilistic Encryption", in the Journal of Computer and System Sciences, 28:270-299, 1984.

After such, you'll move into stronger notions of security, beginning with the model IND-CCA, or Indistinguishable Chosen-Ciphertext Attack; I would recommend studying a "game", of cryptanalytical attack, affectionately referred to as the "lunchtime attack", oftentimes, which is a product of Naor and Yung's work, entitled, "Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks", which you can obtain in multiple formats, here.

Next, we'll take this even further, using a new attack "game", referred to as the small-hours attack. This scenario entails the model IND-CCA2, or Indistinguishable Adaptive Chosen-Ciphertext Attack, which Rackoff and Simon propose in their paper entitled, "Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen-Ciphertext Attack", in (editor, J. Feigenbaum) Advances in Cryptology - Proceedings of CRYPTO '91, Lecture Notes in Computer Science 576, pages 433-444, Springer-Verlag, 1992.

When dealing with indistinguishable security, as in the above schemes, we're usually dealing with decisional-based problems; with NM, or Non-Malleable, security, we're dealing with computational-based problems, more so, which suggest obvious differences. For an extensive look into this branch of security notions, refer to "Non-Malleable Cryptography", by Dolev, Dwork, and Naor, which can be obtained, also, in multiple formats, here.

Also, keep in mind that there is a level of equivalence (i.e., relations, reductions, et cetera), between NM-based and IND-based security, and much of that is discussed in, "Relations Among Notions of Security for Public-Key Encryption Schemes", in (editor, H. Krawczyk) Advances in Cryptology - Proceedings of CRYPTO '98, Lecture Notes in Computer Science 1462, pages 26-45, Springer-Verlag, 1998, by Bellare, Desai, Pointcheval, and Rogaway; it is also extended, by Bellare and Sahai, here.

Thanks to Citeseer, I was able to find the above papers, available online; it is, by far, one of the best online repositories for cryptographic publication referencing. As you view the page, pay close attention to the similar and related documents, as you may find many other interesting papers that correlate in some manner. I'm in a bit of a hurry, at the moment, so I wasn't able to find the other papers, although I did provide the bibliography entries, in hopes that they'll come in handy. Again, a college or university may have access to such publications.

This was just a very brief overview of what the terminology stands for, as well as references to where they are torrentially discussed. I say this, for the simple reason that this study of formalizing notions of security is vast, to say the least, and there is a plethora of other notions, pertaining to both symmetric and asymmetric primitives and protocols. Finally, for a decent textbook treatment of the information I just provided, I'd suggest giving "Modern Cryptography", by Wenbo Mao, a look. Otherwise, feel free to inquire on any other aspects that need clarification or elaboration, and I'll reply as soon as possible.

On a side note, if, for some reason, the papers above are not sufficient enough in describing the different notions, or you haven't access to the particular ones I didn't find copies of, I can define the terms a little deeper, if need be. But beware, it will be a long, long post.

Quote: |

(And thanks for your response to my previous post, which was very clear and helpful, as always.) |

Awesome. I'm glad it did. You're quite welcome.

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Powered by phpBB 2.0.x © 2001 phpBB Group