[Cryptography] List of Proven Secure Ciphers / Hashes
R. Hirschfeld
ray at unipay.nl
Mon Sep 8 00:17:25 EDT 2014
> From: Jerry Leichter <leichter at lrw.com>
> Date: Sun, 7 Sep 2014 12:45:52 -0400
>
> On Sep 7, 2014, at 8:09 AM, R. Hirschfeld <ray at unipay.nl> wrote:
> >>> Once you allow known-plaintext attacks, symmetric-key crypto is also in NP.
> >> This is a meaningless statement. NP has an exact, technical definition. There's nothing to "allow" or "disallow".
> > Although the OP was perhaps not very precise, I think something along
> > the lines of the following is meant: if S is a (polynomial-time)
> > symmetric encryption function, then {<x,y> | exists k: S(x,k) = y} is
> > in NP (just nondeterministically guess the key k and verify that the
> > plaintext x yields the ciphertext y).
> Suppose S(x,k) is AES(x || R, k), where R is a random bit string of the same length as x. (This is a simplified version of the randomness you need to add to get semantic security anyway.) You can try all the keys you like, but you're unlikely to every get back a value that equals y.
Since you have access to nondeterminism anyway, why not just go ahead
and guess R too while you're at it?
Ray
More information about the cryptography
mailing list