Novels2Search
Sign In
GenresTagsLibrary
The Daily Lives of Ordinary High Schoolers
Chapter 3: Eric chats up Ilyssa, part 2

Chapter 3: Eric chats up Ilyssa, part 2

Teacher: [some math]...And that's why the one-time-pad has perfect secrecy.

Eric: Amazing! The one-time pad is a perfectly secure encryption scheme! Cryptography is solved.

Ilyssa: Lolwut? OTP is not an encryption scheme.

Eric: Say what? How is it not an encryption scheme?

Ilyssa: Look up the definition of an encryption scheme under Katz & Lindell. An encryption scheme is a tuple of probabilistic polynomial-time algorithms (Gen, Enc, Dec) where Gen(1^n) outputs a key k of length >= n, Enc(k,m) produces c, and Dec(k,c) produces m. Now, OTP requires 2 things: the "key" to be the same length as input and the "key" to never be reused. The K&L definition implicitly allows for the key to be shorter than the message and for the key to be reused. Hence OTP is not an encryption scheme.

Eric: That's the dumbest argument I've ever heard. So just because the key can't be reused that means it's not an encryption scheme?

Ilyssa: Yes, consider what would happen if the key was reused: in the IND-KPA game, the attacker knows a pair (m,c) so obtains the key k = m XOR c. Since he has the key now he can decrypt any c to obtain its corresponding plaintext.

Stolen content warning: this tale belongs on Royal Road. Report any occurrences elsewhere.

Eric: Except that's not OTP. In OTP you never reuse the key.

Ilyssa: Which is why it's not an encryption scheme.

Eric: Wait so you're saying, any encryption scheme must allow the key to be reused?

Ilyssa: That's implicit in K&L's definition.

Eric: That makes zero sense how you're interpreting it. You're saying OTP is not IND-KPA secure because in the IND-KPA game the adversary knows a pair of m,c, and all the messages (including the one the adversary wants to know) are encrypted using the same key, but in OTP you never reuse the key, so the IND-KPA game cannot happen. You don't have another message-ciphertext pair where the message is encrypted using the same key.

Ilyssa: Right, you can't even play the IND-KPA game with OTP. Because OTP is not an encryption scheme.

Eric: OTP clearly is an encryption scheme. Nobody else in the world thinks that OTP isn't an encryption scheme just because you can't reuse keys. Just because you can't play the IND-KPA game with it does not mean that it's not an encryption scheme.

Ilyssa: I'm using the definition of an encryption scheme which is the commonly accepted one.

Eric: You are a pedant.

Ilyssa: Try again.

Previous ChapterNext Chapter