slides - Stanford Crypto Group
slides - Stanford Crypto Group
slides - Stanford Crypto Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
KDM-secure encryption [CL01,BRS02]<br />
Definition of security for keydependent<br />
messages<br />
[BRS02] in which this<br />
is chosen by the adversary<br />
BRS02 scheme:<br />
Instantiated scheme, first try:<br />
Encryption key<br />
1/9/13 Bellare, <strong>Stanford</strong> RWC Workshop<br />
g<br />
Symmetric encryption.<br />
Randomized.<br />
Theorem [BRS02]: If is a<br />
RO then is KDM-secure.<br />
This won’t work!<br />
For UCE, M cannot depend on K.<br />
But for KDM, it must.<br />
41