now we want to define security
for an encryption scheme there are multiple
flavours of security so for today
we will talk about eavesdropper
security
in another words
this is called ciphertext only security first
let us define again an experiment
as a probablity so the experiment will be
as follows:
we're going to generate a key again so
we will use this Gen function with the security parameter
we're going to generate this key but remember
these key is secret so we're not going to
give it to the adversary
What we're going to give
to the adversary is that security parameter
so we will let the adversary know the security parameter
and he is going to
give us two messages let's call them
m0 and m1 and I will allow the adversary to
keep some state
because it will need this later
given these messages
we're going to pick a random bit that is
either 0 or 1
where are we going to use this random bit
we will encrypt using the key that we
generated one of the messages
the bit message mb and this is going to
give us
some ciphertext C
what we're going to do is
we will give this ciphertext back
to the adversary so the adversary
now can continue from
its state that it left of and in addition it will know the ciphertext
it will know the ciphertext that we give it to
and eventually it will output
some b' that's his guess
he's guessing which message we picked and
the adversary wins
if at the end this b' is indeed
equal to the b that we choose 
now we may think about this probabilty
since this b
is just a single bit you can
always find it correctly
with one over two probabilty so this
is natural there's nothing interesting
if the adversary wants to actually break
this encryption scheme he needs to do
something more but
we don't want him to do much more then
let's say plus a negligible in the security parameter
note that for most of the schemes
that are used today the length of the
message
is not hidden the ciphertext therefore and extra requirement we have
is that this m0 and m1
sent by the adversary must have
equal length because otherwise the adversary can
easily win this game with probability 1
actually
now we want that such a negligible
function should exist and we didn't
define the adversary
we will define it as for all
probabilistic polynomial time PPT adversaries
A we want that there exists
a negligible function let's call it
neg(n) in the security parameter such that
this probabilty so the adversary
giving us m0, m1 and we're
encrypting back one of these and giving it
to the adversary
such that the adversary can guess which
message we encrypted this probably should
be most one over two
plus this negligible function we can
also define it as a game
between a challenger
let's say
and an adversary
when you visualize this probability
as a game it will look
like this so this challenger needs to
generate
using the security parameter this key k
and it needs to give to the adversary
the security parameter then the
adversary we have no idea what it does
but eventually it will give us m0
and m1
now since here we are visualizing 
the adversary as a whole
we don't need to get the state and
give it back
the adversary can keep it completely.
We are going to know
pick a bit so this will be
the challenger's bit and then the
challenger
will encrypt using the key he generated
here mb and this will
give the challenger a cipher text
the challenger will send this ciphertext to the
adversary so whatever is the adversary's input
except the state we are providing it
in the game here and the adversary's
outputs are provided to the challenger so
here m0,m1 were the
the outputs again don't worry about
the state here
because the adversary is single and
this b' is an output so
the adversary is going to send this b'
to the challanger OK, or it is going to output
remember this is a game
we call that adversary
wins if
b' is equal to
b in this game now
if I want to redefine this whole
probability
I can say for all PPT adversaries
there exists a negligible function on n
such that probability
that the adversary wins
the game that we defined here
needs to be equal to
one over two plus
negligible if that's the case
then our encryption scheme is secure
against
an eavesdropper
