Bit Security as Cost to Demonstrate Advantage
Authors
Abstract
We revisit the question of what the definition of bit security should be, previously answered by Micciancio-Walter (Eurocrypt 2018) and Watanabe-Yasunaga (Asiacrypt 2021). Our new definition is simple, but (i) captures both search and decision primitives in a single framework like Micciancio-Walter, and (ii) has a firm operational meaning like Watanabe-Yasunaga. It also matches intuitive expectations and can be well-formulated regarding Hellinger distance. To support and justify the new definition, we prove several classic security reductions with respect to our bit security. We also provide pathological examples that indicate the ill-definedness of bit security defined in Micciancio-Walter and Watanabe-Yasunaga.
References
How to cite
Keewoo Lee, Bit Security as Cost to Demonstrate Advantage. IACR Communications in Cryptology, vol. 1, no. 1, Apr 09, 2024, doi: 10.62056/an5txol7.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.