Skip to main content
Cryptography

Questions tagged [adversarial-model]

Ask Question

An adversary model formally defines the power of the adversary. It includes specifics whether the adversary is deterministic/randomized, uniform/non-uniform, interactive/non-interactive and how he interacts with the security game.

79 questions
Newest Active Bountied Unanswered
0 votes
0 answers
46 views

In the context of secure multi-party computation (MPC), I often see different assumptions about the adversary. What is the difference between the non-colluding assumption and the assumption that the ...
rzxh's user avatar
  • 73
4 votes
1 answer
354 views

The term "type 1 adversary" was used and I was curious as to what determines the adversarial type's category? Is it a well defined term within the cryptographic community? Please note that I'...
user128897's user avatar
  • 41
1 vote
1 answer
78 views

I was reading a SMPC paper, and it writes that "non-uniform adversary A of size $\text{poly}(λ)$". What is the size of adversary in secure multiparty computation, and where can I find some ...
Xeno's user avatar
  • 11
2 votes
0 answers
54 views

Where can I find a formal security definition for Perfect Forward Secrecy (PFS) and Post-Compromise Security (PCS) that includes a cryptographic game model and a challenge-response structure, ...
l_a's user avatar
  • 31
1 vote
1 answer
142 views

My previous question define a security game, advantage $\mathsf{Adv}$ and two probability distributions $P_{m_0}$ and $P_{m_1}$, representing $Enc_k(m_0)$ and $Enc_k(m_1)$ separately. There, my main ...
EddyLiu's user avatar
  • 75
1 vote
1 answer
135 views

Suppose I have defined a security game in a private-key (symmetric) encryption scheme. Remark: Note that encryption algorithm is probabilistic, so for a specific message m, $Enc_k(m)$ might output a ...
EddyLiu's user avatar
  • 75
2 votes
2 answers
149 views

In the ideal cipher model, a block cipher is modeled by a different, independent random permutation for every key. Let $$ \mathcal{A}_{q}^{\text{IC-EKS}} $$ be a ( q )-query exhaustive key-search ...
CrypticPotato's user avatar
  • 21
4 votes
1 answer
252 views

In the Wikipedia article on Certificateless Public Key Cryptography https://en.wikipedia.org/wiki/Certificateless_cryptography, it states, "For tight security, a certificateless system has to ...
Rabindra Moirangthem's user avatar
  • 99
2 votes
1 answer
150 views

Recently I read some papers related to RSA Brown16,AM09,BNPS01 and I learned that there is a variant problem of RSA is The oracle RSA problem (or one more RSA Problem) is $m+1$ copies of the classic ...
constantine's user avatar
  • 313
0 votes
0 answers
46 views

I'm currently studying the different adversarial settings for digital signatures. In Goldwasser, Micali and Rivests paper they propose three different chosen message attack settings, which are vastly ...
limeeattack's user avatar
  • 253
2 votes
1 answer
122 views

I have been thinking about this question: if I directly replace the hash function with the message in the BLS signature, does the security of the BLS degenerate from existential unforgeability(EUF) to ...
X.H. Yue's user avatar
  • 540
2 votes
1 answer
366 views

In university, I'm currently learning how to use Scyther to model security protocols. Currently I am trying to understand what is happening in an example protocol given to me which is: ...
hasin's user avatar
  • 77
2 votes
0 answers
117 views

Are there any automated security protocol verification tools that model algebraic operations; specifically addition. I am familiar with AVISPA and Verifpal, and they are both great and user-friendly ...
Mona's user avatar
  • 347
2 votes
1 answer
274 views

I am trying to show that by breaking the Computational Diffie-Hellmann (CDH) assumption one also breaks the Diffie-Hellmann inverse assumption. Unfortunately, I am a bit stuck and do not know where to ...
Rory's user avatar
  • 353
0 votes
0 answers
79 views

Proposition Let π be a protocol that securely computes a functionality f in the presence of malicious adversaries. Then π securely computes f in the presence of augmented semi-honest adversaries. ...
Peng Nie's user avatar
  • 1

15 30 50 per page
1
2 3 4 5 6