Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 1-7: Short Recap

2 Semantically Secure Encryption E I don’t know anything about x I couldn’t guess before! x y Equivalent notion: Indistinguishability E x1x1 y x2x2 I can’t guess if it was x 1 or x 2 with prob better than half Both satisfied with one-time pad if we allow |key| ¸ |message|

3 Pseudorandom Generators G I can’t tell if I’m seeing G(s) or just lots of random coins! s y $$$$$$$$$$$$$$ We conjecture that they exist. (Axiom 1) If we’re right, can get encryption with |key| < |message length|

4 CPA Secure Encryption E They gave me encryption box to play with and I still don’t know anything about x I couldn’t guess before! x y Indistinguishability is still equivalent E x1x1 y x2x2 E E

5 Pseudorandom Functions (PRF) fsfs x y I don’t know what’s inside this box! Axiom 1 ( 9 PRG) ) 9 PRF ) 9 CPA-secure encryption

6 Security of PRF-based Constructions E fsfs Encryption scheme using PRF. Can adversary succeed? Ideal scheme using random function E 1) Prove that ideal scheme is secure. 2) Show this implies security for real scheme: Otherwise all system is one big adversary for the PRF.