敌手-挑战者博弈模型的写作模式

Posted on In , Views:

在密码学或网络空间安全领域的学术论文写作中,当采用“敌手 - 挑战者博弈模型”进行安全性论述,应该遵循规范、逻辑清晰、术语准确的写作方式。
以下是常见的论述结构、语言风格、段落组织方式与建议用语

一、整体结构(适用于博弈模型分析部分)

1
2
3
4
5
6
3. Security Model
   3.1 Threat Model
   3.2 Security Goals
   3.3 Security Game Definition
   3.4 Definition of Security
   3.5 Theorem and Proof Sketch

二、各部分写作方式示例

1. 威胁模型(Threat Model)

作用: 明确敌手的能力和限制,给出假设前提。

写法示例:

We consider a probabilistic polynomial-time (PPT) adversary A\mathcal{A} who is allowed to make the following queries: …

The adversary has access to a signing oracle / decryption oracle, but is restricted from querying the challenge ciphertext/message.

The adversary may adaptively choose queries based on previously received answers.

术语参考:

  • PPT adversary(多项式时间敌手)
  • adaptive queries(自适应查询)
  • chosen-message attack(选择消息攻击)

2. 安全目标(Security Goals)

作用: 明确要证明的安全性质(保密性、不可伪造性等)。

写法示例:

The security goal is to ensure the indistinguishability of ciphertexts under chosen plaintext attack (IND-CPA). Informally, this means that no efficient adversary can distinguish the encryption of two chosen messages with non-negligible advantage.

3. 安全游戏定义(Security Game Definition)

作用: 形式化地刻画挑战者 - 敌手之间的交互过程。

写法模板:

The IND-CPA game is defined as follows:

  1. The challenger runs (pk,sk)KeyGen(1λ)(pk, sk) \leftarrow \textsf{KeyGen}(1^\lambda), and sends pkpk to the adversary A\mathcal{A}.
  2. A\mathcal{A} may query an encryption oracle OEnc\mathcal{O}_{\textsf{Enc}} on messages of its choice.
  3. A\mathcal{A} submits two messages m0,m1m_0, m_1 of equal length.
  4. The challenger samples b{0,1}b \leftarrow \{0,1\}, computes c=Enc(pk,mb)c^* = \textsf{Enc}(pk, m_b), and sends cc^* to A\mathcal{A}.
  5. A\mathcal{A} continues to query the oracle, but not on cc^*.
  6. Finally, A\mathcal{A} outputs a guess bb'. The adversary wins if b=bb' = b.

4. 安全定义与优势(Definition of Security)

作用: 用数学方式定义“安全性”判定标准。

写法示例:

We define the advantage of the adversary A\mathcal{A} in the above game as:

AdvAIND-CPA(λ)=Pr[b=b]12.\text{Adv}_{\mathcal{A}}^{\textsf{IND-CPA}}(\lambda) = \left| \Pr[b' = b] - \frac{1}{2} \right|.

A scheme is said to be IND-CPA secure if AdvAIND-CPA(λ)\text{Adv}_{\mathcal{A}}^{\textsf{IND-CPA}}(\lambda) is negligible in λ\lambda for any PPT adversary A\mathcal{A}.

关键词推荐:

  • negligible function(可忽略函数)
  • advantage(优势函数)
  • indistinguishability(不可区分性)

5. 定理与安全性证明(Theorem and Proof Sketch)

作用: 给出安全性主张,提供证明思路(或完整证明)。

写法示例:

Theorem 1. The proposed encryption scheme is IND-CPA secure under the Decisional Diffie-Hellman (DDH) assumption.

Proof Sketch. Suppose there exists an adversary A\mathcal{A} that breaks the IND-CPA security of our scheme with non-negligible advantage ϵ\epsilon. We construct a simulator B\mathcal{B} that uses A\mathcal{A} to break the DDH assumption, which leads to a contradiction.

形式化证明建议:

  • 用 reduction 方法构造攻击者 B\mathcal{B}
  • 分别模拟游戏中的每一个步骤;
  • 显示若 A\mathcal{A} 成功,则 B\mathcal{B} 可解决某计算问题;
  • 推导出优势关系:AdvBDDH(λ)AdvAIND-CPA(λ)\text{Adv}_{\mathcal{B}}^{\textsf{DDH}}(\lambda) \geq \text{Adv}_{\mathcal{A}}^{\textsf{IND-CPA}}(\lambda)

三、写作语言风格建议

目标 建议表达方式
说明敌手行为 “The adversary is allowed to…”, “The adversary may adaptively query…”
描述挑战者行为 “The challenger responds by…”, “The challenger randomly chooses…”
定义游戏流程 “The game proceeds as follows:”, “At the end of the game…”
表达成功条件 “The adversary wins the game if…”, “The scheme is considered secure if…”
引出证明 “We prove the theorem by reduction to…”, “Assume there exists an adversary…”

四、完整例段参考(论文级别表达)

In this section, we formally define the security model for our encryption scheme. The adversary A\mathcal{A} is modeled as a probabilistic polynomial-time (PPT) algorithm that interacts with a challenger in the IND-CPA game. The game is parameterized by the security parameter λ\lambda, and proceeds as follows:

  1. The challenger runs (pk,sk)KeyGen(1λ)(pk, sk) \leftarrow \textsf{KeyGen}(1^\lambda), and sends pkpk to A\mathcal{A}.
  2. A\mathcal{A} can access an encryption oracle OEnc()\mathcal{O}_{\textsf{Enc}}(\cdot).
  3. A\mathcal{A} submits a challenge pair (m0,m1)(m_0, m_1) of equal length.
  4. The challenger selects b{0,1}b \in \{0,1\} uniformly at random and returns c=Enc(pk,mb)c^* = \textsf{Enc}(pk, m_b).
  5. A\mathcal{A} continues to query OEnc\mathcal{O}_{\textsf{Enc}}, but not on mbm_b.
  6. Finally, A\mathcal{A} outputs a guess bb', and wins if b=bb' = b.

The adversary’s advantage in this game is defined as:

AdvAIND-CPA(λ)=Pr[b=b]12.\text{Adv}_{\mathcal{A}}^{\textsf{IND-CPA}}(\lambda) = \left| \Pr[b' = b] - \frac{1}{2} \right|.

The scheme is IND-CPA secure if AdvAIND-CPA(λ)\text{Adv}_{\mathcal{A}}^{\textsf{IND-CPA}}(\lambda) is negligible in λ\lambda for any PPT adversary A\mathcal{A}.

五、参考术语与关键词总结

  • adversary A\mathcal{A}, challenger C\mathcal{C}
  • security parameter λ\lambda
  • negligible function negl(λ)\text{negl}(\lambda)
  • indistinguishability (IND-CPA, IND-CCA)
  • unforgeability (EUF-CMA)
  • reduction, simulator
  • game-based proof