函数加密体制（二） (7-7)

While the simple example above may seem to be“abusing”the role of the trivial key ϵ，it is easy to modify the functionality example F above so that there is exacty one non-trivial key k∈K that outputs π(x). The only difference to the construction above would be that the functional encrvption algorithm would outout a public-key encryptior⁵ of either π(x) (in the “correct”implementation) or x (in the“incorrect"implementation), and the secret key for key k would be the secret key of the public-key encryption scheme. Again, it is easy to verify that the incorrect implementation satisfies the game-based definition.

Discussion. What does this separation show? While this is a subjective question, our view is that it shows that if the output of the functionality is supposed to have some

computational hiding properties – that is, security of your application is not only based on the information-theoretic properties of the function, but also on the computational properties of the function – then there is a real problem with the game-based formulation of security. The game-based formulation essentially ignores any computational hiding properties of the function, and therefore offers no security guaraices that could be meaningfully combined with such computational considerations.

数学联邦政治世界观提示您：看后求收藏（同人小说网http://tongren.me），接着再看更方便。