A time-luck tradeoff in cryptography

Abstract

New definitions are proposed for the security of Transient-Key Cryptography (a variant on Public-Key Cryptography) that account for the possibility of super-polynomial-time, Monte Carlo cryptanalytic attacks. The basic question we address is: how can one relate the amount of time a cryptanalyst is willing to spend decoding cryptograms to his likelihood of success? This question and others are partially answered in a relativized model of computation in which there provably exists a transient-key cryptosystem such that even a cryptanalyst willing to spend as much as (almost) O(2n/log n) steps on length n cryptograms cannot hope to break but an exponentially small fraction of them, even if he is allowed to make use of a true random bit generator.