Question

What is the definition for KPA - Game, CPA- game, and CCA- game?

And what is the definition for KPA- IND, CPA- IND and CCA- IND?

Answer 1

KPA stands for Known Plain Text attack.

CPA stands for Chosen Plain Text attack.

CCA stands for Chosen Cipher Text attack.

(Game-based security)

Game refers to a protocol in which an interaction between challenger and an adversary takes place where the challenger puts out public information for a cryptosystem and an adversary tries to break into the cryptosystem .All the three are defined as a game in which a cryptosystem is considered secure when no attacker or adversary can win the game with higher probability by randomly guessing the outcome.

Suppose there is an Encryption Algorithm E , a message to be encrypted M and a key used for encyption K.We want to create Cipher text for M , so C = E(K,M). Now if K remains secret from the attacker, he/she cannot guess the message M but that is not possible to achieve so in Cryptography we have defined certain notions in which an attacker is given certain privileges to break the cryptosystem. This game is called the IND- Game in which if the attacker is able to successfully breaks the cryptosystem then he/she wins.

(1) IND-KPA - INDistinguishability under Known Plain Text attack.

In IND-KPA the attacker or adversary is given the privilege to ask the Oracle or challenger to encrypt a polynomial bound number of messages which he/she can decrypt and get the plain text.

The adversary sends to two messages M1,M2 to the challenger,out of which the challenger chooses either one and encrypts it with a key K and sends the cipher text C back to adversary. Now the adversary has to guess if C corresponds to M1,M2.

If the attacker guesses with a probability > 1/2 then the encryption scheme is not IND-KPA.

(2) IND-CPA- INDistinguishability under Chosen Plain Text attack.

The IND-CPA is similar to IND-KPA expect the fact that the advesary does not know the plain text beforehand.

The advesary sends two messages M1,M2 of same length to the challenger and the challenger selects a either one of the message and encrypts it with a key K and sends the cipher text C back to adversary. Adversary perfoms polynomial decryption techniques on the cipher text and guesses which message M1 or M2 the cipher text relates to.

If the adversary correctly guesses then the adversary wins.

(Note: Polynomial bound decryptions are introduced in this game.)

(3) IND-CCA - INDistinguishability under Chosen Cipher Text attack.

In IND-CCA the adversary has the privilege to call the decryption and encryption algorithm of the challenger which means that the adversary can send messages to the challenger to encrypt and decrypt random messages for him even before the game begins.

After sending random plain text and cipher text for encryption and decryption,the advesary sends two messages M1,M2 of same length to the challenger and the challenger selects a either one of the message and encrypts it with a key K and sends the cipher text C back to adversary. Adversary perfoms polynomial decryption techniques on the cipher text and guesses which message M1 or M2 the cipher text relates to.

If the adversary correctly guesses then the adversary wins.

There are several type of CCA (IND-CCA1,IND-CCA2,IND-CCA3).