## 数学代写|密码学作业代写Cryptography代考|CS355

2023年2月1日

couryes-lab™ 为您的留学生涯保驾护航 在代写密码学Cryptography方面已经树立了自己的口碑, 保证靠谱, 高质且原创的统计Statistics代写服务。我们的专家在代写密码学Cryptography代写方面经验极为丰富，各种代写密码学Cryptography相关的作业也就用不着说。

• Statistical Inference 统计推断
• Statistical Computing 统计计算
• (Generalized) Linear Models 广义线性模型
• Statistical Machine Learning 统计机器学习
• Longitudinal Data Analysis 纵向数据分析
• Foundations of Data Science 数据科学基础
couryes™为您提供可以保分的包课服务

## 数学代写|密码学作业代写Cryptography代考|Non-Malleability

Since anyone can encrypt anything they want with a public key cryptosystem, there is no notion of security for public key cryptosystems corresponding to integrity. However, there are some underlying ideas that do translate.

One thing that integrity is designed to protect against is tampering with a ciphertext to create a new ciphertext whose decryption is somehow related to the decryption of the original ciphertext. This property is called malleability, which we usually do not want (except when we do, see Section 8.3).

The adversary’s goal is now, based on a target ciphertext with an unknown decryption, to create a new ciphertext that decrypts to something related. The decryption of the target ciphertext must be unknown, because if it is known it is very easy to get a ciphertext with a related decryption.

It is convenient to define some language. Given any relation on the set of plaintexts, we define a relation on the set of ciphertexts by saying that the ciphertexts are related if and only if the decryptions are not $\perp$ and related.
The adversary’s goal is then to present a relation on the set of plaintexts and a valid ciphertext that is related to the target ciphertext. When considering applications, there seems to be no reason why the adversary will only want to create a single related ciphertext. There could be applications where the goal is to create many ciphertexts that are related to the target ciphertext. Individually, each of the ciphertexts may not be meaningfully related, but as a collection, they could have a meaningful relationship. We therefore allow the target ciphertext to be related to a collection of ciphertexts.

To summarise, the adversary must first get an encryption of a target message that was at least partially chosen by the experiment. The adversary must then present a relation and a collection of ciphertexts. These ciphertexts must then be related to the target ciphertext.

Just as confidentiality, where anyone can answer correctly with probability $1 / 2$, for malleability anyone can come up with a relation and some ciphertexts such that any target ciphertext is related to the proffered ciphertext collection. It is too easy for the adversary unless we correct.

We correct by measuring how easy it was for the adversary to find the related ciphertexts in the first place. We do this by having the experiment choose a second message in the same way that the target message was chosen, but keep this second message secret. If this second message is often related to the adversary’s ciphertext collection, then it is easy to create a related message. The adversary has no information about the second message, so it cannot choose the relation to take it into account.

## 数学代写|密码学作业代写Cryptography代考|Multiple Key Pairs

In practice a system that uses public key encryption will not confine itself to a single key pair. There will be many key pairs. Studying systems with more than one key pair is therefore important. The second exercise shows that it is in some sense sufficient to study a single key pair. The third exercise shows that sometimes we can do better than that.

Exercise 8.11. Define multi-key variants of the security notions semantic security, indistinguishability, real-or-random and non-malleability.

Exercise $8.12$. Use a hybrid argument to prove that for any adversary against multi-key indistinguishability, there is an adversary against indistinguishability with essentially the same runtime whose advantage is equal to the multi-key adversary’s advantage divided by the number of key pairs.

Exercise 8.13. Consider the ElGamal cryptosystem as discussed in Example 8.3. Use the techniques from that example to prove that for any chosen plaintext multi-key adversary against ElGamal, there is a solver for Decision Diffie-Hellman with the same advantage and essentially the same runtime.

Remark. The main difficulty with multi-key adversaries against public key cryptosystems is that it is natural to allow the adversary to ask for decryption keys. However, once the adversary has gotten a challenge ciphertext for some key pair, asking for that decryption key reveals the challenge plaintext, allowing the adversary to win trivially. This means that we must forbid the adversary from asking for the decryption key of a key pair after getting challenge ciphertexts for that key pair. In practice, we often use a stronger limitation and say that the adversary must ask for all the decryption keys before asking for any challenge ciphertexts. (This is often called non-adaptive corruption, and should not be confused with non-adaptive chosen ciphertext attack.)
This sounds reasonable, but in certain applications of public key cryptography, we would like to guarantee that encryptions are secure until the adversary asks for the decryption key. The security level changes with time.
One approach that has been used is to have multiple challenge bits, either one for each key pair or even one for each challenge ciphertext. In some sense, this captures the appropriate security notion for public key encryption. But in some applications, encryptions under different keys may contain related information. This is then not a satisfactory solution. There are many other approaches that are unsatisfactory for applications.

The above problem is real and serious, but it should probably not be seen as a problem with our definitions, but rather as indicative of a fundamental limitation of public key encryption: If a decryption key leaks, the secrecy of everything encrypted under that key is lost, retroactively. Preventing this loss of secrecy is called forward secrecy. A significant part of modern cryptographic research deals with this issue, and we shall return to it in Chapters 10 and 13.

# 密码学代写

## 有限元方法代写

tatistics-lab作为专业的留学生服务机构，多年来已为美国、英国、加拿大、澳洲等留学热门地的学生提供专业的学术服务，包括但不限于Essay代写，Assignment代写，Dissertation代写，Report代写，小组作业代写，Proposal代写，Paper代写，Presentation代写，计算机作业代写，论文修改和润色，网课代做，exam代考等等。写作范围涵盖高中，本科，研究生等海外留学全阶段，辐射金融，经济学，会计学，审计学，管理学等全球99%专业科目。写作团队既有专业英语母语作者，也有海外名校硕博留学生，每位写作老师都拥有过硬的语言能力，专业的学科背景和学术写作经验。我们承诺100%原创，100%专业，100%准时，100%满意。

## MATLAB代写

MATLAB 是一种用于技术计算的高性能语言。它将计算、可视化和编程集成在一个易于使用的环境中，其中问题和解决方案以熟悉的数学符号表示。典型用途包括：数学和计算算法开发建模、仿真和原型制作数据分析、探索和可视化科学和工程图形应用程序开发，包括图形用户界面构建MATLAB 是一个交互式系统，其基本数据元素是一个不需要维度的数组。这使您可以解决许多技术计算问题，尤其是那些具有矩阵和向量公式的问题，而只需用 C 或 Fortran 等标量非交互式语言编写程序所需的时间的一小部分。MATLAB 名称代表矩阵实验室。MATLAB 最初的编写目的是提供对由 LINPACK 和 EISPACK 项目开发的矩阵软件的轻松访问，这两个项目共同代表了矩阵计算软件的最新技术。MATLAB 经过多年的发展，得到了许多用户的投入。在大学环境中，它是数学、工程和科学入门和高级课程的标准教学工具。在工业领域，MATLAB 是高效研究、开发和分析的首选工具。MATLAB 具有一系列称为工具箱的特定于应用程序的解决方案。对于大多数 MATLAB 用户来说非常重要，工具箱允许您学习应用专业技术。工具箱是 MATLAB 函数（M 文件）的综合集合，可扩展 MATLAB 环境以解决特定类别的问题。可用工具箱的领域包括信号处理、控制系统、神经网络、模糊逻辑、小波、仿真等。