## CryptoDB

### Yusi Zhang

#### Publications

Year
Venue
Title
2018
CRYPTO
Often the simplest way of specifying game-based cryptographic definitions is apparently barred because the adversary would have some trivial win. Disallowing or invalidating these wins can lead to complex or unconvincing definitions. We suggest a generic way around this difficulty. We call it indistinguishability up to correctness, or IND$\vert$C. Given games ${{\text {G}}}$ and ${{\text {H}}}$ and a correctness condition ${{\text {C}}}$ we define an advantage measure ${\mathbf {Adv}_{{{\text {G}}},{{\text {H}}},{{\text {C}}}}^{{\text {indc}}}}$ wherein ${{{\text {G}}}}$/${{{\text {H}}}}$ distinguishing attacks are effaced to the extent that they are inevitable due to ${{\text {C}}}$. We formalize this in the language of oracle silencing, an alternative to exclusion-style and penalty-style definitions. We apply our ideas to a domain where game-based definitions have been cumbersome: stateful authenticated-encryption (sAE). We rework existing sAE notions and encompass new ones, like replay-free AE permitting a specified degree of out-of-order message delivery.

#### Coauthors

Phillip Rogaway (1)