Probabilistic encryption

Probabilistic encryption is the use of randomness in an encryption algorithm, so that when encrypting the same message several times it will, in general, yield different ciphertexts. The term "probabilistic encryption" is typically used in reference to public key encryption algorithms; however various symmetric key encryption algorithms achieve a similar property (e.g., block ciphers when used in a chaining mode such as CBC), and stream ciphers such as Freestyle[1] which are inherently random. To be semantically secure, that is, to hide even partial information about the plaintext, an encryption algorithm must be probabilistic.

History

The first provably-secure probabilistic public-key encryption scheme was proposed by Shafi Goldwasser and Silvio Micali, based on the hardness of the quadratic residuosity problem and had a message expansion factor equal to the public key size. More efficient probabilistic encryption algorithms include Elgamal, Paillier, and various constructions under the random oracle model, including OAEP.

Security

Probabilistic encryption is particularly important when using public key cryptography. Suppose that the adversary observes a ciphertext, and suspects that the plaintext is either "YES" or "NO", or has a hunch that the plaintext might be "ATTACK AT CALAIS". When a deterministic encryption algorithm is used, the adversary can simply try encrypting each of his guesses under the recipient's public key, and compare each result to the target ciphertext. To combat this attack, public key encryption schemes must incorporate an element of randomness, ensuring that each plaintext maps into one of a large number of possible ciphertexts.

An intuitive approach to converting a deterministic encryption scheme into a probabilistic one is to simply pad the plaintext with a random string before encrypting with the deterministic algorithm. Conversely, decryption involves applying a deterministic algorithm and ignoring the random padding. However, early schemes which applied this naive approach were broken due to limitations in some deterministic encryption schemes. Techniques such as Optimal Asymmetric Encryption Padding (OAEP) integrate random padding in a manner that is secure using any trapdoor permutation.

Examples

Example of probabilistic encryption using any trapdoor permutation:

x - single bit plaintext
f - trapdoor permutation (deterministic encryption algorithm)
b - hard core predicate of f
r - random string

${\rm {Enc}}(x)=(f(r),x\oplus b(r))$

${\rm {Dec}}(y,z)=b(f^{-1}(y))\oplus z$

This is inefficient because only a single bit is encrypted. In other words, the message expansion factor is equal to the public key size.

Example of probabilistic encryption in the random oracle model:

x - plaintext
f - trapdoor permutation (deterministic encryption algorithm)
h - random oracle (typically implemented using a publicly specified hash function)
r - random string

${\rm {Enc}}(x)=(f(r),x\oplus h(r))$

${\rm {Dec}}(y,z)=h(f^{-1}(y))\oplus z$

gollark: IPC and clock speed didn't improve much, core count did.

gollark: Past 8th gen Intel added a bunch more cores to the U-series CPUs.

gollark: Although those 4 cores generally clock really low if you use them for any sustained period of time because of awful cooling.

gollark: Although the thinkpad T460s there has a dual-core CPU and most recent devices will have 4 cores.

gollark: I mean, Ice Lake is moderately better GPU-wise, but Intel hasn't really done much for CPU perf.

References

Puthuparambil, Arun Babu; Thomas, Jithin Jose (2019-12-01). "Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks". Journal of Information Security and Applications. 49: 102396. arXiv:1802.03201. doi:10.1016/j.jisa.2019.102396. ISSN 2214-2126.

External links

Shafi Goldwasser and Silvio Micali, Probabilistic Encryption, Special issue of Journal of Computer and Systems Sciences, Vol. 28, No. 2, pages 270-299, April 1984
Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks .

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] Puthuparambil, Arun Babu; Thomas, Jithin Jose (2019-12-01). "Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks". Journal of Information Security and Applications. 49: 102396. arXiv:1802.03201. doi:10.1016/j.jisa.2019.102396. ISSN 2214-2126.