Active Adversary: Standard PKC [RS]
Chosen Cipher-text Attacks (CCA)
-Adversary chooses m0 m1
-Adversary receives c either in E(m0) or E(m1) at random
-Adversary may ask
c’ = c
A scheme is secure against CCA if adversary still cannot tell whether c in E(m0) or in E(m1) better than 50-50
Decoding
Equipment
c’
m
comes
up in
protocols
Previous slide
Next slide
Back to first slide
View graphic version