crypto.graphics
IND-CCA2 Security Game
(Indistinguishability under Chosen Ciphertext Attack, Adaptive)
{genKeys, E, D} is the candidate public cryptosystem.
Unlike IND-CCA1, the adversary may make additional decryption queries. This difference is outlined in red.
| b = 0 | b = 1 | Adversary | ||
| sk, pk = genKeys() | → | pk | ||
| c | ← | c ∈ Ciphertexts | ||
| p = D(sk, c) | → | p | ||
| c | ← | c ∈ Ciphertexts: c ≠ c* | ||
| p = D(sk, c) | → | p | ||
| m0, m1 | ← | m0, m1 ∈ Inputs | ||
| c* = E(pk, m0) | c* = E(pk, m1) | → | c* | |
| c | ← | c ∈ Ciphertexts | ||
| p = D(sk, c) | → | p | ||
| c | ← | c ∈ Ciphertexts: c ≠ c* | ||
| p = D(sk, c) | → | p | ||
| bguess ∈ {0, 1} | ||||
| bguess ↓ |
||||