Lecture 5: IND-CPA, OTP and Block Ciphers

Intro to Cryptography


(True/False) Cryptography only reasons about defending against known attacks


(True/False) One difference between symmetric and asymmetric key cryptography is that in the former one key is held by both parties, while in the latter both parties have different keys




Kerckhoff’s Principle/Security Through Obscurity


What are three reasons cryptographic schemes should be public? Which part of a cryptosystem must be kept private?




Intro to Symmetric Encryption Schemes


Why do we allow the ciphertext to leak the length of the message in our definition of confidentiality?




Defining Security for Symmetric Encryption


What did our original idea of security fail to account for?




Security Games and IND-CPA


What is the adversary's goal in the IND-CPA game?




IND-CPA Examples


Is Enc(K, M) = 3*K +2*M, IND-CPA secure?




IND-CPA Intuition


If we modify IND-CPA such that the messages sent in the challenge phase can't be queried during either of the query phases, which type of undesirable encryption scheme will now be considered IND-CPA?




OTP


Consider a variant of IND-CPA, IND-CPA', where an attack can only make one query before submitting their challenge and no queries after. Is the OTP IND-CPA' secure?