Score:0

Adversaries knowledge of the encryption algorithms internal workings in CPA

pe flag

If I want to prove that an encryption algorithm is CPA secure (or that it isn't), then how much am I allowed to assume the attacker to know about the internal workings of the algorithm? Do I need to assume that the encryption algorithm is just a "black box" from the point of view of the attacker i.e. they can only query it for encryptions of different plaintexts but don't know anything about how it works? Or do I need to assume that the attacker knows everything about the internal workings except for possible secret values like keys?

kelalaka avatar
in flag
Welcome to [cryptography.se] Do you know the [Kerckhoffs's principle](https://en.wikipedia.org/wiki/Kerckhoffs's_principle)? Did you read the basics of the [Ind-CPA game](https://crypto.stackexchange.com/q/26689/18298)? Attacker knows everything except the key..
Score:2
my flag

Or do I need to assume that the attacker knows everything about the internal workings except for possible secret values like keys?

This one - that they have detailed knowledge of the algorithm (and the implementation if we are considering side channel attacks).

Assuming that they don't is known as "Security Through Obscurity"; that isn't greatly thought of...

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.