$ \begingroup $ A cryptosystem is not “ based on an premise ” ; it is based on some mathematical social organization ( e.g. prime ordain elliptic curves, or prime holy order fields ). Informally, a cryptosystem is said IND-CCA secure ( which means : it satisfies the identity security notion, against adversaries which are given access to a decoding prophet ) under some assumption A if given access to an adversary that breaks the IND-CCA security of the dodge, one can construct an algorithm breaking A .
But you can not say that “ A is the trouble on which the cryptosystem is based ” : for a given cryptosystem, different security notions can be based on different assumptions. For example, take the subject of ElGamal : it is IND-CPA secure under the DDH presumption, and ( a flimsy variant of ) it was besides prove IND-CCA1 secure ( CCA1 indicates that the adversary can make decoding queries merely before receiving the challenge ciphertext – this is besides known as security system against lunchtime attacks ), but lone under a very different and less standard assumption ( see this paper for exemplar, or some of the refer papers it mentions in the presentation ) .
so when a cryptosystem is said to be IND-CCA impregnable, it does not tell anything about the assumption on which it is based.

The condition “ in the standard model ” relates to a completely unlike things ( it does not say anything either on the particular computational assumption to which a security system impression for the scheme can be reduced ) : it is common in crypto, when dealing with a hard trouble, to consider simplified “ worlds ” in which the players could have access to some ideal primitive, and then to instantiate this primitive “ in practice ” with something which seems a effective candidate for this ideal primitive, based on our stream understand of it .
The most common case is that of the random prophet model : we assume that the players are in a worldly concern in which they have access to an oracle which acts as a sincerely random function, and then we prove that some cryptosystem is impregnable ( e.g. IND-CCA secure ) under some computational assumption in this simplify world. This does however not prove that in the veridical universe, the cryptosystem would be impregnable ; using SHA-256, for exercise, as a random oracle seems to work in commit, but SHA-256 is not a random oracle .
Saying that something is secure in the standard exemplar is just a way to say that no such idealized earth is considered : the proof is “ in the real populace ” and does not assume any idealize primitive .

Leave a Reply

Your email address will not be published.