PerfSecrecy

# PerfSecrecy - Handout #13 ma187s: Cryptography April 25,...

This preview shows pages 1–3. Sign up to view the full content.

Handout #13 ma187s: Cryptography April 25, 2006 Perfect Secrecy We shall show in these notes that a probabilistic form of “perfect secrecy” can be achieved, if circumstances permit the use of a suﬃciently large key space. The setting we shall work with is that of a random cryptographic system . As in our previous handouts, the ingredients are: a) A “MESSAGE SPACE” M = { m 1 ,m 2 ,...,m n } , b) A “CIPHER SPACE” C = { c 1 ,c 2 ,...,c r } , c) A “KEY SPACE” K = { k 1 ,k 2 ,...,k s } d) A set of one-to-one maps of M into C E k ( m ): M C e) Two sets of probabilities { p 1 ,p 2 ,...,p n } and { q 1 ,q 2 ,...,q s } This given, a cryptographic transaction in such a system takes place as follows: 1) The sender produces a message M which is a random variable with P [ M = m i ]= p i 2) The sender selects a key K by an independent mechanism with P [ K = k i q i 3) The sender encrypts M into C = E K ( M ) and sends it to the receiver. Thus our cryptographic transaction here may be viewed as an experiment producing the three random variables M,K and C = E K ( M ) This given, our aim here is to ﬁnd out under what circumstances the opponent, even if completely aware of the mechanism involved, upon intercepting C , can draw no conclusions whatsoever about the original message M. When this happens we shall say that our system achieves “ Perfect Secrecy ”. Probabilistically, C yielding no information about M can only mean one thing: that M and C are independent random variables. This means that we have “ Perfect Secrecy ” if and only if, for all choices of m in M and c ,in C we have P [ M = m, C = c P [ M = m ] P [ C = c ] (1) From this deﬁnition, we easily see that 1

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Handout #13 ma187s: Cryptography April 25, 2006 Theorem 1 Perfect secrecy is achieved when 1. All keys are equally likely 2. For each pair ( m i ,c j ) there is a unique key, k s , such that E k s ( m i )= c j Proof. P ( C = c j N X i =1 P ( M = m i ) X E ks ( m i )= c j P ( K = k s ) But if there is only one key k s yielding E k s ( mi c j then the inner sum reduces to a single term, and if all keys are equally likely then the inner sum reduces to 1 /S and P ( C = c j N X i =1 P ( M = m i ) 1 S = 1 S On the other hand P ( M = m i ,C = c j X E k s ( m i )= c j P ( M = m i ) P ( K = k s ) = P ( M = m i ) 1 S = P ( M = m i ) P ( C = c j ) QED Now it develops that this deﬁnition places some severe restrictions on our cryptographic system and that we can in fact give a complete description of all such systems. To this end note ﬁrst that under our hypotheses, (more particularly the independence of M and K ),wehave P [ M = m, C = c ]= X k K & E k ( m )= c P [ K = k ] P [ M = m ] The reason for the presence of summation is that we do not exclude that there may be more
This is the end of the preview. Sign up to access the rest of the document.

## This note was uploaded on 09/22/2010 for the course MATH MATH187 taught by Professor Math187 during the Spring '10 term at UCSD.

### Page1 / 6

PerfSecrecy - Handout #13 ma187s: Cryptography April 25,...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online