Entropic Security
   HOME

TheInfoList



Click Here for Items Related To - Entropic Security
OR:
Entropic Security on:   [Wikipedia]   [Google]   [Amazon]

{{More citations needed, date=September 2022Entropic security is a security definition used in the field of
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
. Modern
encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
schemes are generally required to protect communications even when the attacker has substantial information about the messages being encrypted. For example, even if an attacker knows that an intercepted
ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...
encrypts either the message "Attack" or the message "Retreat", a
semantically secure In cryptography, a semantically secure cryptosystem is one where only negligible information about the plaintext can be feasibly extracted from the ciphertext. Specifically, any PP (complexity), probabilistic, polynomial-time algorithm (PPTA) that ...
encryption scheme will prevent the attacker from learning which of the two messages is encrypted. However, definitions such as
semantic security In cryptography, a semantically secure cryptosystem is one where only negligible information about the plaintext can be feasibly extracted from the ciphertext. Specifically, any probabilistic, polynomial-time algorithm (PPTA) that is given the ci ...
are too strong to achieve with certain specialized encryption schemes. Entropic security is a weaker definition that can be used in the special case where an attacker has very little information about the messages being encrypted. It is well known that certain types of encryption algorithm cannot satisfy definitions such as
semantic security In cryptography, a semantically secure cryptosystem is one where only negligible information about the plaintext can be feasibly extracted from the ciphertext. Specifically, any probabilistic, polynomial-time algorithm (PPTA) that is given the ci ...
: for example,
deterministic encryption A deterministic encryption scheme (as opposed to a probabilistic encryption scheme) is a cryptosystem which always produces the same ciphertext for a given plaintext and encryption key, key, even over separate executions of the encryption algorithm ...
algorithms can never be semantically secure. Entropic security definitions relax these definitions to cases where the message space has substantial entropy (from an adversary's point of view). Under this definition it is possible to prove security of deterministic encryption. Note that in practice entropically-secure encryption algorithms are only "secure" provided that the message distribution possesses high entropy from any reasonable adversary's perspective. This is an unrealistic assumption for a general encryption scheme, since one cannot assume that all likely users will encrypt high-entropy messages. For these schemes, stronger definitions (such as semantic security or indistinguishability under adaptive chosen ciphertext attack) are appropriate. However, there are special cases in which it is reasonable to require high entropy messages. For example, encryption schemes that encrypt only secret key material (e.g., key encapsulation or
Key Wrap In cryptography, key wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. The Key Wrap algorithms are intended for applications such as protecting keys while in untrusted ...
schemes) can be considered under an entropic security definition. A practical application of this result is the use of
deterministic encryption A deterministic encryption scheme (as opposed to a probabilistic encryption scheme) is a cryptosystem which always produces the same ciphertext for a given plaintext and encryption key, key, even over separate executions of the encryption algorithm ...
algorithms for secure encryption of secret key material. Russell and Wang formalized a definition of ''entropic security'' for encryption. Their definition resembles the
semantic security In cryptography, a semantically secure cryptosystem is one where only negligible information about the plaintext can be feasibly extracted from the ciphertext. Specifically, any probabilistic, polynomial-time algorithm (PPTA) that is given the ci ...
definition when message spaces have highly-entropic distribution. In one formalization, the definition implies that an adversary given the ciphertext will be unable to compute any predicate on the ciphertext with (substantially) greater probability than an adversary who does not possess the ciphertext. Dodis and Smith later proposed alternate definitions and showed equivalence.


References


A. Russell and Y. Wang. ''How to fool an unbounded adversary with a short key.''
Appeared at ''Advances in Cryptology – Eurocrypt 2002''.
Y. Dodis and A. Smith. ''Entropic Security and the encryption of high-entropy messages.''
Appeared at the ''Theory of Cryptography Conference (TCC) 2005''. Cryptography