Security definition for IND-CPA of public key encryption

us flag

In the security game between the challenger and the adversary for the security definition of public key encryption, the challenger creates and gives the public key pk to the adversary. The adversary chooses two messages of equal length $m_0$ and $m_1$ and asks the challenger to encode these. Finally, the adversary has to guess which message was encoded.

Isn't it always possible for the adversary to do this, since she knows the public key and can simply use the encryption algorithm to create the ciphertexts for both the messages and output the one which matches the challenger's reply?

I was using Dan Boneh's course to study crypto: enter image description here

us flag
I understand now. You can post this as an answer if you want, I'll accept it
kelalaka avatar
in flag
[Easy explanation of "IND-" security notions?](
ng flag

In public-key cryptography, the adversary is indeed able to create encryptions of their chosen messages $m_1$ and $m_2$ on their own.

This is why any IND-CPA-secure public-key cryptosystem cannot be deterministic. That is, two encryptions of the same plaintext must produce different ciphertexts with overwhelming probability. Otherwise an adversary could, as you noted, easily win the IND-CPA game with an advantage of 1.


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.