PR-CPA advantage
The plaintext-recovery-under-chosen-plaintext-attack advantage (PR-CPA advantage) is defined as the probability that an algorithm with fixed computational resources can use a chosen-plaintext attack to decrypt a randomly selected message that has been encrypted with a symmetric cipher.[1]:99 It is regarded as a fundamental quantity in cryptography since every symmetric encryption scheme must obviously must have a very low PR-CPA advantage to be secure. Though having a low susceptibility to this sort of attack is a necessary condition for an encryption scheme's security, it is not sufficient to ensure security. This is because partial information about the plaintext can often be recovered (for example the least significant bit of the message).[1]:14
References
- 1 2 Goldwasser, S. and Bellare, M. "Lecture Notes on Cryptography". Summer course on cryptography, MIT, 1996-2001