Princeton University COS 433 Cryptography Fall 2007 Boaz Barak COS 433: Cryptography Princeton University Fall 2007 Boaz Barak Lectures 1-6: Short Recap

2 Perfectly Secure Encryption E x0x0 y x1x1 I can’t guess if it was x 0 or x 1 with prob better than ½ One time pad achieves this for unbounded adversary with |key| ¸ |message| Pseudorandom Generators G I can’t tell if I’m seeing G(s) or just lots of random coins! s y $$$$$$$$$$$$$$ We conjecture that they exist. (PRG Axiom) If we’re right, can get encryption with |key| < |message length|

3 Pseudorandom Functions (PRF) fkfk x y I don’t know what’s inside this box! Theorem: PRG Axiom ) 9 PRF

4 Ideal scheme using random function E Security of PRF-based Constructions E fkfk Encryption scheme using PRF. Can adversary succeed? 1) Prove that ideal scheme is secure. 2) Show this implies security for real scheme: Otherwise all system is one big adversary for the PRF.

5 CPA Secure Encryption E x0x0 y x1x1 E They gave me encryption box to play with and I still can’t guess if it’s x 0 or x 1 w/ prob > ½ + ² Theorem: 9 PRF ) 9 CPA-secure encryption Construction: E k (x) = choose r 2 R {0,1} n send (r, f k (r) © x)