proposed in 1970<br>
authentication: sig for software update<br>
textbookRSA<br>
OWF: exponentiation modulo
trapdoor: sk d<br>
three simple attacks<br>
online vote: deterministic
cube roots: padding scheme<br>
Jacobi symbol: Semantic security
not security<br>
no IND-CPA security
no OWE-CCA security
formal defination<br>
kappa: security parameter
not necessarily<br>the same as the “key length
KeyGen, En: O(k^c) for c \in N<br>
De: polynomial-time
benchmark
M_kappa and C_kappa (not only depend on kappa)<br>
Security of Encryption
attack goals
total break
One way encryption (OWE)
Semantic security
Indistinguishability (IND)
success probability: function of kappa<br>
noticable
perfect adversary<br>
attack models<br>
Passive attack/chosen plaintext attack (CPA)
Lunchtime attack (CCA1)
Adaptive chosen-ciphertext attack (CCA)
security notion
strongest: IND-CCA security
Security of Signatures
attack goals
Total break
Selective forgery
Existential forgery
strong forgery
attack models<br>
Passive attack
Known message attack
Adaptive chosen-message attack (CMA)
security notion<br>
UF-CMA security
