0

Let $F$ be a strong pseudo random permutation and define a fixed-length encryption scheme $(\operatorname{Enc,Dec})$ as follows:

On input $m \in \{0,1\}^{\frac{n}{2}}$ and key $k\in \{0,1\}^{n}$, algorithm $\operatorname{Enc}$ chooses a uniform string $r \in \{0,1\}^{\frac{n}{2}}$ of length $r/2$ and computes $c:=\operatorname{F}(k,r\mathbin\|m)$. Prove that this scheme is $\text{CCA}$-secure.

How can I show that strong Pseudorandom permutation implies $\text{CCA}$ security? I don't know how to do the reduction.

SEJPM
  • 45,265
  • 7
  • 94
  • 199
Pippo Pluto
  • 123
  • 3
  • Question: show that this scheme is CCA-secure for message length $n/2$ – kelalaka Jan 17 '19 at 18:51
  • 2
    There is a [similar question](https://crypto.stackexchange.com/questions/27172/cpa-security-of-a-pseudorandom-permutation-encryption-scheme) here. You might find the comments very helpful for your cause. – kelalaka Jan 17 '19 at 19:46
  • 1
    [Indeed Mikero's book from the other question has the full proof](http://web.engr.oregonstate.edu/~rosulekm/crypto/). – SEJPM Oct 26 '19 at 22:38
  • Take a look at 3rd question in [here (Homework solution PDF)](https://cdn.inst-fs-iad-prod.inscloudgate.net/ae3e7319-ffde-4e81-a80f-27411b6543ea/hw4solutions.pdf?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii9hZTNlNzMxOS1mZmRlLTRlODEtYTgwZi0yNzQxMWI2NTQzZWEvaHc0c29sdXRpb25zLnBkZiIsInRlbmFudCI6ImNhbnZhcyIsInVzZXJfaWQiOm51bGwsImlhdCI6MTYxOTE3NTg5MywiZXhwIjoxNjE5MjYyMjkzfQ.JJQ-GzgM_sBTBXZ4KlNYFVMn9fYakJ5nve9ieT6tBd64fzH0tZSyzOsSWfnLlNhctFzNPFPmZCXQhwNzwoALYg&download=1&content_type=application%2Fpdf) – The UMA Apr 23 '21 at 22:49

0 Answers0