J. Herzog. Computational Soundness of Formal Adversaries. PhD thesis, MIT, 2002.  Home/Search   Document Details and Download   Summary   Related Articles   Check

No context found.

Herzog, J.: Computational soundness for formal adversaries. Master's thesis, Massachusetts Institute of Technology (2002)

....scheme (G; E; D) is ideal if 8APPT ; 8S A; 8M 62 C [S] 8 polynomials q; 8 suciently large n : Here, supp(D) means the support of distribution D. However, our results are subject to one technical limitation: S must be acyclic. A formal de nition of an acyclic set can be found in [13]. Informally, it means that if K 1 encrypts K 2 in S K 2 encrypts K 3 , and so on, this sequence never loops back on itself. Hence, we revise the security condition: De nition 3. An encryption scheme (G; E; D) is ideal if the adversary cannot create something outside the closure: 8APPT ....

....not in C [S] Consider the parse tree of M . Each node in this tree is a message. Furthermore, if the adversary can create an encoding of an internal node of this tree with some probability p, then either This is a reasonable assumption for most real world protocols, for reasons discussed in [13] Encryption now uses both of the sender s public and private keys, in addition to the recipient s public key, so that it has access to the sender s signature generation key. 1. That node is in C [S] or 2. The adversary can, with probability almost p, create encodings of both children. To ....

Jonathan Herzog. Computational soundness for formal adversaries. Master's thesis, Massachusetts Institute of Technology, October 2002.

.... String [ f g is the decryption algorithm. Note that the key generation and encryption algorithms are randomized. It is possible to strengthen the adversary by allowing it to pick the values of its own nonces and keys. This technical issue contains no interesting details, and is discussed in [9]. algorithm are not taken from the tape. Hence, encrypt(M ; K) remains a distribution even if t is xed. Now that we have introduced the security parameter, we can re ne our notion of small probabilities. By this, we mean negligible: De nition 4 (Negligible) A function f : N R ....

....in some element of S, and K 2 encrypts K 3 , and so on, this sequence of keys encrypting keys never loops back on itself. A rigorous de nition can be found in [1] Our results build on those of Abadi and Rogaway [1] and we require acyclic sets simply because they do. However, as discussed in [9], this is a realistic assumption for the trac of most real world protocols. Hence, we arrive at our nal security condition: De nition 5 (Ideal Encryption) An encryption scheme (G; E; D) is ideal if, when used in [ 8 APPT ; 8 acyclic S A; 8M 62 C [S] 8 polynomials q; 8 ....

[Article contains additional citation context not shown here]

Jonathan Herzog. Computational soundness for formal adversaries. Master's thesis, Massachusetts Institute of Technology, October 2002.

No context found.

J. Herzog. Computational Soundness of Formal Adversaries. PhD thesis, MIT, 2002.

No context found.

J. Herzog. Computational soundness of formal adversaries. Master Thesis, MIT, 2002.

No context found.

J. Herzog. Computational soundness of formal adversaries. Master's thesis, MIT, 2002.

No context found.

Jonathan Herzog. Computational Soundness of Formal Adversaries. Master's thesis, Massachusetts Institute of Technology, September 2002.

No context found.

Jonathan Herzog. Computational soundness for formal adversaries. Master's thesis, Massachusetts Institute of Technology, October 2002.

No context found.

J. Herzog, "Computational Soundness of Formal Adversaries," Master's thesis, Massachusetts Institute of Technology, Sept. 2002.

No context found.

Jonathan Herzog. Computational soundness for formal adversaries. Master's thesis, MIT, 2002.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC