sci.crypt archive
Re: Collision resistant encryption scheme
From: David Wagner <daw@taverner.cs.berkeley.edu>
Date: Tue Feb 07 2006 - 03:03:47 CET
Date: Tue Feb 07 2006 - 03:03:47 CET
David Wagner wrote:
>No, it is not possible for an IND-CPA scheme to have non-negligible
>probability of this happening. [...]
>
>So the IND-CPA condition is not sufficient to ensure that your bad case
>cannot happen. [..]
Sorry, I got confused at the end there. The last sentence is wrong.
What I should have said is that, assuming my analysis is correct, the
IND-CPA condition is sufficient to ensure that collisions will be rare
(in the sense you described). So all you need to do is pick a scheme
that is IND-CPA secure.
I really need to proofread my message more carefully before posting.
My apologies.
Received on Tue Feb 7 21:00:11 2006