Score:1

Computability of the messages of the Adversary for Semantic Security

cn flag

Semantic Security may be defined using the distinguishability experiment/game, which we recall as follows:

Let $(E,D)$ be an encryption scheme. After the challenger chooses a security parameter $n$ and random key $k$, the (semantic security) adversary choosing two messages $m_0, m_1$ that depend on $n$. The challenger randomly chooses a bit $b \in \{0,1\}$, provides $E_k(m_b)$ to the adversary who then must decide whether $b$ is $0$ or $1$.

Question: The messages $m_0$ and $m_1$ are of polynomial length in $n$, but are they actually computable functions of $n$? i.e., does the adversary compute $m_0$ and $m_1$ using some Turing machine that runs in polynomial time?

I suspect that the answer is no, they are not computable (but still polynomial length). I base this from trying to prove properties of semantic security such as impossibility of bit guessing and message recovery etc. I also think this is precisely stated in Goldreich's book where there is no generation of the messages and only specification of their polynomial length (but he uses circuit families instead which I am not familiar with) but in the Katz-Lindell it seems that there is ambiguity in this definition.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.