Scribd
Upload
76 views2 pages

89-656: Introduction To Cryptography Exercise 1: Gilad Asharov October 17, 2021 Due Date: October 31

This document contains an assignment on cryptography with 5 questions. The document was originally posted on October 17, 2021 but was updated on October 24, 2021 with changes appearing in blue. The questions cover topics like perfectly secret encryption schemes, pseudo-random generators, and constructing new generators from existing ones.

Uploaded by

חיים שפירא
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
76 views2 pages

89-656: Introduction To Cryptography Exercise 1: Gilad Asharov October 17, 2021 Due Date: October 31

This document contains an assignment on cryptography with 5 questions. The document was originally posted on October 17, 2021 but was updated on October 24, 2021 with changes appearing in blue. The questions cover topics like perfectly secret encryption schemes, pseudo-random generators, and constructing new generators from existing ones.

Uploaded by

חיים שפירא
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

89-656: Introduction to Cryptography

Exercise 1
Gilad Asharov

October 17, 2021


Due Date: October 31

Update: October 24, 2021. Changes appear in blue.

Question 1: For each of the following encryption schemes, state whether the scheme is perfectly secret.
Justify your answer in each case.
1. The message space is M = {0, . . . , 4}. Algorithm Gen chooses a uniform key from the key space
{0, . . . , 5}. Enck (m) returns [k + m mod 5] and Deck (c) returns [c − k mod 5].
2. The message space is M = {m ∈ {0, 1}` | the last bit of m is 0}. Gen chooses a uniform key from
{0, 1}`−1 . Enck (m) returns ciphertext m ⊕ (kk0), and Deck (c) returns c ⊕ (kk0).

Question 2: Prove or refute: for every encryption scheme that is perfectly secret it holds that for
every distribution over the message space M, every m, m0 ∈ M and every c ∈ C:

Pr [M = m | C = c] = Pr M = m0 | C = c
 

Question 3: Let  ≥ 0 be a constant. Say an encryption scheme is -perfectly secret if for every
adversary A it holds that
 1
Pr PrivKeav

A,Π = 1 ≤ +
2
Show that -perfect secrecy can be achieved with |K| < |M| when  > 0. Prove a lower bound on the
size of K in terms of .

Hint: Consider one-time pad over M = C = {0, 1}n where K = {0, 1}n \ 0n as we saw in
class. Analyze this scheme and find the appropriate  for this scheme.

Question 4: Assume that G : {0, 1}n → {0, 1}`(n) with `(n) > n. Prove that the two definitions of
pseudo-randomness are equivalent.

Definition 1 For every ppt distinguisher D, there exists a negligible function negl such that

|Pr [D(G(s)) = 1] − Pr [D(r) = 1]| ≤ negl(n)

1
Definition 2 For every adversary ppt adversary A, there exists a negligible function negl
such that
1
Pr [DistPRGG,A (n) = 1] ≤ + negl(n) ,
2
where DistPRGG,A is defined as follows:
1. Choose a bit b ← {0, 1} uniformly at random.
2. If b = 0 then choose s ← {0, 1}n uniformly at random, and run the adversary A on
input G(s)).
3. If b = 1 then choose r ← {0, 1}`(n) uniformly at random, and run the adversary A on r.
4. Let b0 be the output of A. The output of the experiment is 1 if and only if b = b0 .

Question 5: Let G be a pseudorandom generator with expansion factor `(n) > 2n + 1. In each of
the following cases, say whether G0 is necessarily a pseudorandom generator. If yes, give a proof; if not,
show a counterexample.
1. Define G0 (s) = G(s1 , . . . , sbn/2c ), where s = s1 , . . . , sn .
2. Define G0 (s) = G(0|s| ks).
3. Define G0 (s) = G(s)kG(s + 1).

You might also like