[122527] in cryptography@c2.net mail archive
RE: New result in predicate encryption: disjunction support
daemon@ATHENA.MIT.EDU (Scott Guthery)
Mon May 5 19:48:22 2008
From: "Scott Guthery" <sbg@acw.com>
To: "'Jonathan Katz'" <jkatz@cs.umd.edu>,
<cryptography@metzdowd.com>
Date: Sun, 4 May 2008 20:21:48 -0400
In-Reply-To: <Pine.GSO.4.64.0805041318490.11680@ringding.cs.umd.edu>
[Moderator's Note: Top posting is discouraged. --Perry]
What I meant was that the crypogram decrypted with a correct f(I)=1 key
yields the encrypted message "Meet you at Starbucks at noon 0000000000000"
whereas decryption with a wrong, f(I)=0, key yields "Let's go down to Taco
Bell at midnight". Padding with 0's doesn't help.
Cheers, Scott
-----Original Message-----
From: owner-cryptography@metzdowd.com
[mailto:owner-cryptography@metzdowd.com] On Behalf Of Jonathan Katz
Sent: Sunday, May 04, 2008 1:20 PM
To: cryptography@metzdowd.com
Subject: RE: New result in predicate encryption: disjunction support
On Sun, 4 May 2008, Scott Guthery wrote:
> One useful application of the Katz/Sahai/Waters work is a counter to
> traffic analysis. One can send the same message to everyone but
> ensure that only a defined subset can read the message by proper key
> management. What is less clear is how to ensure that decrytion with
> the wrong key doesn't yield an understandable (and actionable) message.
This is actually pretty easy to do by, e.g., padding all valid messages with
sufficiently-many 0s. Decryption with an incorrect key will result in
something "random" that is unlikely to end with the requisite number of 0s
(and so will be discarded).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
