Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Suppose some database manager wants to encrypt his database, but at the same tim

ID: 3715171 • Letter: S

Question

Suppose some database manager wants to encrypt his database, but at the same time, she wants to maintain the search functionality. She came up with an idea: she will use a deterministic public key encryption (with the encryption algorithm to be denoted by Enc) to encrypt all the data entries in the database. More concretely, suppose the data entries are m1,...,mn, and the public key is pk, she encrypts each message and generates the encrypted database c1, . . . , cn, where

for each ci = Enc(pk, mi) for i = 1, . . . , n.

Then whoever wants to search for a message m?, the querier simply encrypts it to get c? = Enc(pk, m?) and compare whether c? equals to any of c1, . . . , cn.

Explain why such a pubic encryption scheme can never be IND-CPA secure. Explain the reason following the IND-CPA definition.

Explanation / Answer

Solution:

Public-key encryption schemes allow anyone to take a plaintext and create a corresponding ciphertext that carries little or no information about the encrypted plaintext, in the eyes of everyone else but the owner of the secret key.

Sometimes, IND-CPA security is insufficient. For example, there are use cases where the adversary can send arbitrary ciphertexts to Bob, and learn whether Bob was able to successfully decrypt. There may also be settings where the adversary can learn some information about the plaintext underlying ciphertexts it made up. To conservatively model such attacks, we would like to additionally allow the adversary to query the challenger on aribtrary ciphertexts; in response the challeger decrypts and gives the plaintext back to the adversary.

For IND-CPA security it is sufficient if an adversary can distinguish between encryptions of two messages m0 and m1. That is, an adversary gets to see an encryption c?Enc(pk,mb) for a random bit b together with the public key pk. Now in order to figure out if c is an encryption of m0 all the adversary has to do is to recompute Enc(pk,m0) and check whether or not this value matches the given ciphertext thus breaking IND-CPA security .

Hence a pubic encryption scheme can never be IND-CPA secure.

Related Questions

Suppose point A is 75.2 V higher potential than point B A)How much work must be
Question #1382304
Suppose policy makers pass a budget that results in an increase in the budget de
Question #2721399
Suppose prices are given by p 1 = 2 and p 2 = 4. Which of the following consumpt
Question #1149586
Suppose professor Will Fail has been murdered at XXX University. The professor w
Question #3461999
Suppose program P has been executed against a test suite T consisting of five te
Question #3685008
Suppose program contains the following class definition. Please please indi whet
Question #3554323
Suppose public opinion is split 65% against and 35% for increasing taxes to help
Question #3131707
Suppose pure water flows into Gibraltar at a rate of r_g = 1 trillion L/mo; wate
Question #3109898
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Suppose small aircraft arrive at a certain airport according to a Poisson proces
Next
Suppose some nucleus undergoes alpha decay, releasing 5.6 MeV of energy. If the

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.