Skip to main content
Cryptography

Questions tagged [security-definition]

Ask Question

Questions about formal definitions of "security" for various cryptographic schemes (e.g. perfect secrecy, semantic security, ciphertext indistinguishability, etc.)

64 questions
Newest Active Bountied Unanswered
34 votes
1 answer
12k views

From time to time, one stumbles across formal security definitions. This includes security definitions for signature schemes. The most common ones are the *UF-* ...
SEJPM's user avatar
  • 46.8k
15 votes
2 answers
2k views

In a recent comment a doubt was voiced about my answer, which claims GCM to requires $2^{128}$ for a successful forgery. The doubt was that the square root needs to be taken meaning the security would ...
SEJPM's user avatar
  • 46.8k
42 votes
4 answers
55k views

What is "preimage resistance", and how can the lack thereof be exploited? How is this different from collision resistance, and are there any known preimage attacks that would be considered feasible?
John Gietzen's user avatar
  • 1,515
8 votes
2 answers
4k views

I'm having a hard time pinning down an exact definition of the difference between information-theoretic and perfect types of security. A rigorous definition seems elusive... A. Wikipedia puts the ...
Paul Uszak's user avatar
  • 16k
42 votes
8 answers
59k views

I would like to ask for a clear (but maybe not so deep) explanation of what the term "perfect secrecy" means. As far as I have researched and understood, it has to do with probabilities of assuming ...
Emyr's user avatar
  • 571
11 votes
2 answers
2k views

I am interested in what conditions are necessary and sufficient to define a cryptographically secure pseudo-random number generator (CSPRNG). Wikipedia lists two defining characteristics: It ...
Dave White's user avatar
  • 213
31 votes
1 answer
2k views

The Wikipedia article on RLWE mentions two methods of sampling "small" polynomials namely uniform sampling and discrete Gaussian sampling. Uniform sampling is clearly the simplest, involving simply ...
Morty's user avatar
  • 639
23 votes
2 answers
7k views

The security of RSA is based on the integer factorization problem, which is a very well defined and understood mathematical problem. This problem must be solved in order to fundamentally break RSA. ...
Eiver's user avatar
  • 333
6 votes
1 answer
6k views

I often encounter the term “security parameter” when I read crypto related stuff. My basic understanding is that it just denotes some bit-length however, I'm not so sure. For example, when it says ...
SpiderRico's user avatar
  • 461
3 votes
2 answers
1k views

The two main security definitions for signatures are EUF-CMA and the strong version of it sEUF-CMA. What I see that their difference is that in EUF-CMA experiment, the adversary needs to produce a ...
user avatar
9 votes
1 answer
4k views

I'm trying to understand the "Invalid-curve attacks against ladders" section of SafeCurves Twist Security page and I have difficulties to apply it to short Weierstrass curves. That section claims ...
Ruggero's user avatar
  • 7,429
6 votes
1 answer
973 views

What does $1^\lambda$ mean when you pass it as a parameter to the functions of a cryptosystem. The cryptosystem in question is this and a picture reference is this. I have been told it signifies the ...
Papa Delta's user avatar
  • 273
5 votes
2 answers
857 views

This question concerns the conditioning and output of true random number generators. It refers to NIST Special Publication 800-90C, Recommendation for Random Bit Generator (RBG) Constructions. It ...
Paul Uszak's user avatar
  • 16k
16 votes
6 answers
3k views

Especially in relation to stream ciphers, I frequently read about (sometimes theoretical, sometimes practical) attacks that are able to "distinguish a ciphertext from a truly random stream". What's ...
Mike Edward Moras's user avatar
  • 18.2k
3 votes
3 answers
4k views

We've all read how some people claim AES is broken because there was supposedly a way to get the plain text from a cipher text faster than brute-force. But is this the definition? Is a cipher broken ...
Vincent's user avatar
  • 996

15 30 50 per page
1
2 3 4 5