[Cryptography] List of Proven Secure Ciphers / Hashes
Jerry Leichter
leichter at lrw.com
Mon Sep 8 13:21:54 EDT 2014
On Sep 8, 2014, at 12:17 AM, R. Hirschfeld <ray at unipay.nl> wrote:
>> Suppose S(x,k) is AES(x || R, k), where R is a random bit string of the same length as x. (This is a simplified version of the randomness you need to add to get semantic security anyway.) You can try all the keys you like, but you're unlikely to every get back a value that equals y.
>
> Since you have access to nondeterminism anyway, why not just go ahead
> and guess R too while you're at it?
R can be arbitrarily large. In fact, I deliberately made it so in my example: It's the same size as the message. Why bother guessing R? Why not just guess the message?
Again, if you want to talk about formal matters, you have to do it formally and exactly. I mentioned in an earlier post that you need to watch out what "n" is ... which is exactly what's gone wrong here: The size of the search space is arbitrarily larger than the security parameter. That won't do.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140908/5ccab9f7/attachment.bin>
More information about the cryptography
mailing list