Professional Documents
Culture Documents
FOC Lecture 18 19
FOC Lecture 18 19
A Ks Prime in P
with Error
CLEE LPN EW R
Learning
As B t
fief noise
h gn
Cheat
Gey Reza
tsk h Sk N
EncCtkimyyezqhY_gn l
EHCgt.gnsy.F
sq.EE
ct
Dec
ca G sk
K H Ci Ci
Cz
M
Deesym Ck
M
Read it News
Pay forthat
in 1
in
Replace this an interactivetrotoed
TTI using
Oblivious Transfer OT
I out ofnot
Alice Bol
i Protocol
em mm
that
instantiate
m
For
t.FI
mI
Ideal
world
ene to instantiate
we can use
Samal wantsto learn
For y MI
m tt me3 it e
KE
Ze YE 29
e
Hj e i
i
ni
Uj Dai g
ie Ui
Enesym
Kjin
Ej
T.ci ce
In the it index I g
i
Bob
t
cam ni g ni got
correctly
Deaf
Ki Hga ga
to learn I Eisenesymchitmi
deity a But
94.0 y eZq
V Bob
Alice
s me
man
then we can
mi mi
If Bob learns in G
CDH assumption
use Bob to break
a s
Bob learns tooo Mi mi
Cu v
xfu.mil
i i se
re
ED got
E y
variant at
IIA
CD H
mp
TÉF IÉIÉtam
BEI gamal Enc is homomorphic
EI.LI m.e h tk
g Y
EZ MzE
qtr MIM
CTz b e Ze
91 22 Y 192
GT Cta g h
I
gath gong's
h g Ig g
mi Mu
IIe
vqfa gamaisadiveytomomoru.ie
Homo the
gt k gm Additively
h g
r
e g atgm ga h gm
2
12 gmitm
gm tm's solve DW
Ep d
DL is hand inn G
small messages
for
IIIIIIIIti PRE is inefficient
mane
it is better to
USE PRE ASKE
CT Ce
is to use
A more direct Approach
keyencapsulation
keyprimitive
public
KEM
mechanism
Gen En caps Decafs
KEM
KE 013
Pk.sk Gen in
K Encaps cpk
Sk
ing
C
be Decafs
Atami
GK m
G Enesym
e e
DechI k c Decaps
SK c
K G
m E Decsgm
tf gÉ Encapsulating abitkey
ter bit of
B Cost of sym
ene
plaintext
lml n
atfiimf.EE I
large enough
Cost approach to B
PKE th
Cost per bit for
for SKE
Cost per bit
kensth.I.gg e
ocpEncat
G
EnesD Ct size
SKE of Me say
is tM
I Examt
off
let L t nt lml
b
PRE Assume the Ct size to be
Use
let L
Ting
Thy
not
is
T.sk eT
t
Csk.tk Gencin
cc is e Enable's
imy
KE 0,13
be 0,1
b
b
o
l
I
I e
K
91
F
b b
KEMI n l if
secure if F PPT A
A KEM is CPA
I neglen 7
Pr KEM a a sttnegeens
G 0,131
KE
Ze h ga H
Pk L G q g h H
Sk L G q g
x
Encaps Pk
y e
Zar
g't H Ch
I T H ga
Decatscsk.gg
K H C gay
Secure
II
KEM is CPA Secure W r t weaker
CDH Model H as a
assumption
Random Oracle
YE.IE or
be on
I
df.AIEIID.cat7
t
EncatspaCM
I I o
n
I
G
God a g
0,18
KE Za h g H G
h H
t Bk G q g
Sk G a NY
g
Engap.lt be 2g
2 go Cho
T T so
Decapsest k H C
KEM is CPA Secure CDH is Hard in G
H is modeled as a R
DEH EEH DL
than Ddt
Italy is harder
IT is CPA secure
If CD It is hand in G
negeens
Pr KEMI n I z It
C gY É
G K
got
Élh
Has a Randomac
Hen is uniform
A B
To
it
jiffy
ga
20,1327
K
y
Et
94 H KY
h g
K H h
QI
At 9ms
A
Ight
is going to use this
CDH
Query to solve
Yi Ye
4 outpt I
W gig
I
Pr A'C oh s gas Piqued
P Ques I E Practise
Poly n
Po Query I neg n
Pr KEM
4 n I
A Quins
Pr I
Pr A guy
a n guns
Potage en
1
Pr I I Quit Pr I aim
s e I
iigm FEE
iktt.ee
IÉ
cpx.si
GucMft
F
boo
Enc Iy
Mb
Pr I Pubka n i
It negeen
T
T
CA
PKE
Secure IE
CEA Secure EA secure