Vidéo pédagogique
Notice
Sous-titrage
Anglais
Langue :
Anglais
Crédits
Irene Marquez-Corbella (Intervention), Nicolas Sendrier (Intervention), Matthieu Finiasz (Intervention)
Conditions d'utilisation
Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.
DOI : 10.60527/2297-mn62
Citer cette ressource :
Irene Marquez-Corbella, Nicolas Sendrier, Matthieu Finiasz. Inria. (2015, 5 mai). 2.2. Security-Reduction Proof , in 2: McEliece Cryptosystem. [Vidéo]. Canal-U. https://doi.org/10.60527/2297-mn62. (Consultée le 28 mai 2024)
logo Inria
Inria - Institut national de recherche en sciences et technologies du numérique
S'abonner
Contacter

2.2. Security-Reduction Proof

Réalisation : 5 mai 2015 - Mise en ligne : 20 février 2017
  • document 1 document 2 document 3
  • niveau 1 niveau 2 niveau 3
Descriptif

Welcome to the second session. We will talk about thesecurity-reduction proof. The security of a given cryptographic algorithm is reduced to the securityof a known hard problem. To prove that acryptosystem is secure, we select a problem which we know ishard to solve, and we reduce the problem to thesecurity of the cryptosystem. Since the problem is hard to solve,the cryptosystem is hard to break. A security reduction is aproof that an adversary able to attack the scheme is ableto solve some presumably hard computational problem,with a similar effort. For the given parameters n,k, let G be the public-keyspace, K be the apparentpublic-key space. In theoriginal McEliece scheme Gis the set of all generator matrices of a family of binary Goppacodes of length n and dimension k. K is the set of binarymatrices of a size (k x n). A distinguisher is a mappingthat takes as input a binary matrix of size (k x n), andreturns true if the matrixis distinguishable. We define the followingsample space, the set of all matrices of size(k x n) uniformly distributed,and we define the event: theset of binary matrices such that the distinguisherreturns true, that is the matrices which are distinguishable.The advantage of adistinguisher for the subset D, measures how such adistinguisher could be used as a characterization for G;formally, the probability that the event will occur,minus the probability that the  event happensrestricted to the subset G.In other words, it is theprobability that the distinguisher detects a matrix from G, from arandomly picked up binary matrix. We will denote the running time ofa distinguisher by this formula.An algorithm is a (T, ε)-distinguisher for G against K, ifit runs in time at most T, and theadvantage for G is greater than ε. So, for givenparameters n, k and t, we definethis, the message space,this, the apparent public key space, and W the error vector space.

Intervention
Thème
Disciplines :
Documentation
Support de présentation au format PDF

Dans la même collection

Voir tout

Avec les mêmes intervenants et intervenantes

Sur le même thème