• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Authentication, the Forgotten, Should-be Predominant.

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
Dwonis
Just Arrived
Just Arrived


Joined: 27 Jul 2003
Posts: 0
Location: Canada

Offline

PostPosted: Thu Mar 24, 2005 4:13 am    Post subject: Re: Elaborate, please. Reply with quote

JustinT wrote:
(i.e., think "semantic" security (IND-CPA), and other notions, such as IND-CCA, IND-CCA2, NM-CPA, NM-CCA, NM-CCA2, et cetera)


Justin, I'm not familiar with these terms; Could you point to where I can find out the definitions of these terms?

(And thanks for your response to my previous post, which was very clear and helpful, as always.)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Thu Mar 24, 2005 12:13 pm    Post subject: Notions of security. Reply with quote

Dwonis wrote:

Justin, I'm not familiar with these terms; Could you point to where I can find out the definitions of these terms?


Sure. I've researched this a bit, for the purpose of finding the necessary references that I'll cite, in a moment, which meticulously discuss these terms, which are referred to as "notions of security", collectively; they are basically definitions used for the purpose of formalizing security, in a strong sense, for a particular scheme or service. Primarily, these have been formalized for asymmetric (public-key) primitives, but they can be generalized, and extended, to adapt to symmetric primitives, as well; this was done, for example, in an analysis by Bellare, Desai, Jokipii, and Rogaway, entitled, "A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation."

If you have access to a college or university that can obtain scientific publications, that might greatly aid in finding a lot of material to research. First, for an introduction into semantic security, which corresponds to IND-CPA, or [polynomial] Indistinguishable Chosen-Plaintext Attack, study Goldwasser and Micali's "Probabilistic Encryption", in the Journal of Computer and System Sciences, 28:270-299, 1984.

After such, you'll move into stronger notions of security, beginning with the model IND-CCA, or Indistinguishable Chosen-Ciphertext Attack; I would recommend studying a "game", of cryptanalytical attack, affectionately referred to as the "lunchtime attack", oftentimes, which is a product of Naor and Yung's work, entitled, "Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks", which you can obtain in multiple formats, here.

Next, we'll take this even further, using a new attack "game", referred to as the small-hours attack. This scenario entails the model IND-CCA2, or Indistinguishable Adaptive Chosen-Ciphertext Attack, which Rackoff and Simon propose in their paper entitled, "Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen-Ciphertext Attack", in (editor, J. Feigenbaum) Advances in Cryptology - Proceedings of CRYPTO '91, Lecture Notes in Computer Science 576, pages 433-444, Springer-Verlag, 1992.

When dealing with indistinguishable security, as in the above schemes, we're usually dealing with decisional-based problems; with NM, or Non-Malleable, security, we're dealing with computational-based problems, more so, which suggest obvious differences. For an extensive look into this branch of security notions, refer to "Non-Malleable Cryptography", by Dolev, Dwork, and Naor, which can be obtained, also, in multiple formats, here.

Also, keep in mind that there is a level of equivalence (i.e., relations, reductions, et cetera), between NM-based and IND-based security, and much of that is discussed in, "Relations Among Notions of Security for Public-Key Encryption Schemes", in (editor, H. Krawczyk) Advances in Cryptology - Proceedings of CRYPTO '98, Lecture Notes in Computer Science 1462, pages 26-45, Springer-Verlag, 1998, by Bellare, Desai, Pointcheval, and Rogaway; it is also extended, by Bellare and Sahai, here.

Thanks to Citeseer, I was able to find the above papers, available online; it is, by far, one of the best online repositories for cryptographic publication referencing. As you view the page, pay close attention to the similar and related documents, as you may find many other interesting papers that correlate in some manner. I'm in a bit of a hurry, at the moment, so I wasn't able to find the other papers, although I did provide the bibliography entries, in hopes that they'll come in handy. Again, a college or university may have access to such publications.

This was just a very brief overview of what the terminology stands for, as well as references to where they are torrentially discussed. I say this, for the simple reason that this study of formalizing notions of security is vast, to say the least, and there is a plethora of other notions, pertaining to both symmetric and asymmetric primitives and protocols. Finally, for a decent textbook treatment of the information I just provided, I'd suggest giving "Modern Cryptography", by Wenbo Mao, a look. Otherwise, feel free to inquire on any other aspects that need clarification or elaboration, and I'll reply as soon as possible.

On a side note, if, for some reason, the papers above are not sufficient enough in describing the different notions, or you haven't access to the particular ones I didn't find copies of, I can define the terms a little deeper, if need be. But beware, it will be a long, long post. Wink

Quote:

(And thanks for your response to my previous post, which was very clear and helpful, as always.)


Awesome. I'm glad it did. You're quite welcome.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Goto page Previous  1, 2
Page 2 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register