Probabilistic Encryption
   HOME

TheInfoList



Click Here for Items Related To - Probabilistic Encryption
OR:
Probabilistic Encryption on:   [Wikipedia]   [Google]   [Amazon]

Probabilistic encryption is the use of
randomness In common usage, randomness is the apparent or actual lack of definite pattern or predictability in information. A random sequence of events, symbols or steps often has no order and does not follow an intelligible pattern or combination. ...
in an
encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
algorithm, so that when encrypting the same message several times it will, in general, yield different
ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...
s. The term "probabilistic encryption" is typically used in reference to
public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
encryption algorithms; however various symmetric key encryption algorithms achieve a similar property (e.g., block ciphers when used in a chaining mode such as
CBC CBC may refer to: Media * Cadena Baja California or Grupo Cadena, a radio and television broadcaster in Mexico * Canadian Broadcasting Corporation, Canada's radio and television public broadcaster ** CBC Television ** CBC Radio One ** CBC Music ** ...
), and stream ciphers such as Freestyle which are inherently random. To be semantically secure, that is, to hide even partial information about the
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...
, an encryption algorithm must be
probabilistic Probability is a branch of mathematics and statistics concerning events and numerical descriptions of how likely they are to occur. The probability of an event is a number between 0 and 1; the larger the probability, the more likely an e ...
.


History

The first provably-secure probabilistic public-key encryption scheme was proposed by
Shafi Goldwasser Shafrira Goldwasser (; born 1959) is an Israeli-American computer scientist. A winner of the Turing Award in 2012, she is the RSA Professor of Electrical Engineering and Computer Science at the Massachusetts Institute of Technology; a professor o ...
and
Silvio Micali Silvio Micali (born October 13, 1954) is an Italian computer scientist, professor at the Massachusetts Institute of Technology and the founder of Algorand, a proof-of-stake blockchain cryptocurrency protocol. Micali's research at the MIT Compu ...
, based on the hardness of the
quadratic residuosity problem The quadratic residuosity problem (QRP) in computational number theory is to decide, given integers a and N, whether a is a quadratic residue modulo N or not. Here N = p_1 p_2 for two unknown primes p_1 and p_2, and a is among the numbers which a ...
and had a message expansion factor equal to the public key size. More efficient probabilistic encryption algorithms include Elgamal, Paillier, and various constructions under the
random oracle model In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every tim ...
, including OAEP.


Security

Probabilistic encryption is particularly important when using
public key cryptography Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
. Suppose that the adversary observes a ciphertext, and suspects that the plaintext is either "YES" or "NO", or has a hunch that the plaintext might be "ATTACK AT CALAIS". When a
deterministic encryption A deterministic encryption scheme (as opposed to a probabilistic encryption scheme) is a cryptosystem which always produces the same ciphertext for a given plaintext and encryption key, key, even over separate executions of the encryption algorithm ...
algorithm is used, the adversary can simply try encrypting each of their guesses under the recipient's public key, and compare each result to the target ciphertext. To combat this attack, public key encryption schemes must incorporate an element of randomness, ensuring that each plaintext maps into one of a large number of possible ciphertexts. An intuitive approach to converting a deterministic encryption scheme into a probabilistic one is to simply pad the plaintext with a random string before encrypting with the
deterministic algorithm In computer science, a deterministic algorithm is an algorithm that, given a particular input, will always produce the same output, with the underlying machine always passing through the same sequence of states. Deterministic algorithms are by fa ...
. Conversely, decryption involves applying a deterministic algorithm and ignoring the random padding. However, early schemes which applied this naive approach were broken due to limitations in some deterministic encryption schemes. Techniques such as Optimal Asymmetric Encryption Padding (OAEP) integrate random padding in a manner that is secure using any trapdoor permutation.


Examples

Example of probabilistic encryption using any trapdoor permutation: * ''x'' - ''single bit'' plaintext * ''f'' - trapdoor permutation (deterministic encryption algorithm) * ''b'' - hard core predicate of ''f'' * ''r'' - random string (x) = (f(r), x \oplus b(r)) (y, z) = b(f^(y)) \oplus z This is inefficient because only a single bit is encrypted. In other words, the message expansion factor is equal to the public key size. Example of probabilistic encryption in the random oracle model: * ''x'' - plaintext * ''f'' - trapdoor permutation (deterministic encryption algorithm) * ''h'' -
random oracle In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every ''unique query'' with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every tim ...
(typically implemented using a publicly specified
hash function A hash function is any Function (mathematics), function that can be used to map data (computing), data of arbitrary size to fixed-size values, though there are some hash functions that support variable-length output. The values returned by a ...
) * ''r'' - random string (x) = (f(r), x \oplus h(r)) (y, z) = h(f^(y)) \oplus z


See also

*
Deterministic encryption A deterministic encryption scheme (as opposed to a probabilistic encryption scheme) is a cryptosystem which always produces the same ciphertext for a given plaintext and encryption key, key, even over separate executions of the encryption algorithm ...
* Efficient Probabilistic Public-Key Encryption Scheme * Strong secrecy


References

{{Reflist


External links

* Shafi Goldwasser and Silvio Micali
Probabilistic Encryption
Special issue of Journal of Computer and Systems Sciences, Vol. 28, No. 2, pages 270-299, April 1984 *Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attack

Theory of cryptography