Entropic security

Entropic security

Entropic security is a security definition for encryption for specific message spaces. Standard security definitions such as semantic security permit the adversary a great deal of knowledge about the messages being encrypted--- for example, the adversary is often allowed to specify a two-element message space. It is well known that certain types of encryption algorithm cannot satisfy such a strong definition: for example, deterministic encryption algorithms cannot be semantically secure. Entropic security definitions relax these definitions to cases where the message space has substantial entropy (from an adversary's point of view). As a result, it is possible to satisfy this definition using e.g., deterministic encryption algorithms.

Note that in practice entropically-secure encryption algorithms are only "secure" provided that the message distribution possesses high entropy from any reasonable adversary's perspective. This is an unrealistic assumption for a general encryption scheme, and therefore stronger definitions (such as semantic security or indistinguishability under adaptive chosen ciphertext attack) are appropriate. However, there are special-purpose encryption schemes that can reasonably meet this requirement. For example, encryption schemes that encrypt only secret key material (e.g., key encapsulation or Key Wrap schemes) can be considered under an entropic security definition. A practical application of this result is the use of deterministic encryption algorithms for secure encryption of secret key material.

Russell and Wang formalized a definition of "entropic security" for encryption. Their definition resembles the semantic security definition when message spaces have highly-entropic distribution. In one formalization, the definition implies that an adversary given the ciphetext will be unable to compute any predicate on the ciphertext with (substantially) greater probability than an adversary who does not possess the ciphertext. Dodis and Smith later proposed alternate definitions and showed equivalence.

References

* [http://www.springerlink.com/content/121d44ek922dgnyq/ A. Russell and Y. Wang. "How to fool an unbounded adversary with a short key."] Appeared at "Advances in Cryptology -- Eurocrypt 2002".
* [http://eprint.iacr.org/2004/219 Y. Dodis and A. Smith. "Entropic Security and the encryption of high-entropy messages."] Appeared at the "Theory of Cryptography Conference (TCC) 2005".


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Information theoretic security — A cryptosystem is information theoretically secure if its security derives purely from information theory. That is, it is secure even when the adversary has unbounded computing power. An example of an information theoretically secure cryptosystem …   Wikipedia

  • Mutually unbiased bases — In quantum information theory, mutually unbiased bases in Hilbert space Cd are two orthonormal bases and such that the square of the magnitude of the inner product between any basis states and equals the inverse of the dimension d …   Wikipedia

  • Cryptographically secure pseudorandom number generator — A cryptographically secure pseudo random number generator (CSPRNG) is a pseudo random number generator (PRNG) with properties that make it suitable for use in cryptography. Many aspects of cryptography require random numbers, for example: Key… …   Wikipedia

  • List of mergers and acquisitions by Microsoft — Microsoft s headquarters in Redmond, Washington Microsoft Corporation (NASDAQ:  …   Wikipedia

  • Perfect Dark Zero — Perfect Dark Entwickler: Rare Verleger: Nintendo Publikation: 22. Mai 2000 Plattform(en) …   Deutsch Wikipedia

  • PaX — In computer security, PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least privilege approach allows computer programs to do only what they have to do in order to be able to execute properly …   Wikipedia

  • Acetone peroxide — Acetone peroxide …   Wikipedia

  • Key Wrap — constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. The Key Wrap algorithms are intended for applications such as (a) protecting keys while in untrusted storage, or (b)… …   Wikipedia

  • Marc Stiegler — Contents 1 Bibliography 1.1 Books 1.2 Collection 1.3 Anthologies containing storie …   Wikipedia

  • Wilhelm Reich — Born March 24, 1897(1897 03 24) Dobzau, Kingdom of Galicia and Lodomeria (present day Dobrzanica, Ukraine) …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”