Cryptology ePrint Archive: Report 2018/558

Simplifying Game-Based Definitions: Indistinguishability up to Correctness and Its Application to Stateful AE

Phillip Rogaway and Yusi Zhang

Abstract: Often the simplest way of specifying game-based cryptographic definitions is apparently barred because the adversary would have some trivial win. Disallowing or invalidating these wins can lead to complex or unconvincing definitions. We suggest a generic way around this difficulty. We call it indistinguishability up to correctness, or IND|C. Given games G and H and a correctness condition C we define an advantage measure Adv_{G,H,C}^indc wherein G/H distinguishing attacks are effaced to the extent that they are inevitable due to C. We formalize this in the language of oracle silencing, an alternative to exclusion-style and penalty-style definitions. We apply our ideas to a domain where game-based definitions have been cumbersome: stateful authenticated-encryption (sAE). We rework existing sAE notions and encompass new ones, like replay-free AE permitting a specified degree of out-of-order message delivery.

Category / Keywords: indistinguishability, oracle silencing, provable security, stateful authenticated encryption

Original Publication (in the same form): IACR-CRYPTO-2018

Date: received 3 Jun 2018

Contact author: rogaway at cs ucdavis edu, ysizhang@ucdavis edu

Available format(s): PDF | BibTeX Citation

Version: 20180604:224333 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]