But you can not say that “ A is the trouble on which the cryptosystem is based ” : for a given cryptosystem, different security notions can be based on different assumptions. For example, take the subject of ElGamal : it is IND-CPA secure under the DDH presumption, and ( a flimsy variant of ) it was besides prove IND-CCA1 secure ( CCA1 indicates that the adversary can make decoding queries merely before receiving the challenge ciphertext – this is besides known as security system against lunchtime attacks ), but lone under a very different and less standard assumption ( see this paper for exemplar, or some of the refer papers it mentions in the presentation ) .
so when a cryptosystem is said to be IND-CCA impregnable, it does not tell anything about the assumption on which it is based.
Read more: A Few Thoughts on Cryptographic Engineering
Read more: Track Your Lost iPhone, iPad, or Mac Even When Its Offline — As Long as This Feature Is Enabled
Reading: Are the definitions of IND-CCA secure and of IND-CCA secure under standard model identical?
The condition “ in the standard model ” relates to a completely unlike things ( it does not say anything either on the particular computational assumption to which a security system impression for the scheme can be reduced ) : it is common in crypto, when dealing with a hard trouble, to consider simplified “ worlds ” in which the players could have access to some ideal primitive, and then to instantiate this primitive “ in practice ” with something which seems a effective candidate for this ideal primitive, based on our stream understand of it .
The most common case is that of the random prophet model : we assume that the players are in a worldly concern in which they have access to an oracle which acts as a sincerely random function, and then we prove that some cryptosystem is impregnable ( e.g. IND-CCA secure ) under some computational assumption in this simplify world. This does however not prove that in the veridical universe, the cryptosystem would be impregnable ; using SHA-256, for exercise, as a random oracle seems to work in commit, but SHA-256 is not a random oracle .
Saying that something is secure in the standard exemplar is just a way to say that no such idealized earth is considered : the proof is “ in the real populace ” and does not assume any idealize primitive .