Handout #13
ma187s: Cryptography
April 25, 2006
Perfect Secrecy
We shall show in these notes that a probabilistic form of “perfect secrecy” can be achieved, if
circumstances permit the use of a suﬃciently large key space. The setting we shall work with is
that of a
random cryptographic system
.
As in our previous handouts, the ingredients are:
a) A “MESSAGE SPACE”
M
=
{
m
1
,m
2
,...,m
n
}
,
b) A “CIPHER SPACE”
C
=
{
c
1
,c
2
,...,c
r
}
,
c) A “KEY SPACE”
K
=
{
k
1
,k
2
,...,k
s
}
d) A set of one-to-one maps of
M
into
C
E
k
(
m
):
M
→
C
e) Two sets of probabilities
{
p
1
,p
2
,...,p
n
}
and
{
q
1
,q
2
,...,q
s
}
This given, a cryptographic transaction in such a system takes place as follows:
1) The sender produces a message
M
which is a random variable with
P
[
M
=
m
i
]=
p
i
2) The sender selects a key
K
by an independent mechanism with
P
[
K
=
k
i
q
i
3) The sender encrypts
M
into
C
=
E
K
(
M
) and sends it to the receiver.
Thus our cryptographic transaction here may be viewed as an
experiment
producing the three
random variables
M,K
and
C
=
E
K
(
M
)
This given, our aim here is to ﬁnd out under what circumstances the opponent, even if completely
aware of the mechanism involved, upon intercepting
C
, can draw no conclusions whatsoever about
the original message
M.
When this happens we shall say that our system achieves “
Perfect Secrecy
”.
Probabilistically,
C
yielding no information about
M
can only mean one thing: that
M
and
C
are
independent
random variables. This means that we have “
Perfect Secrecy
” if and only if, for
all choices of
m
in
M
and
c
,in
C
we have
P
[
M
=
m, C
=
c
P
[
M
=
m
]
P
[
C
=
c
]
(1)
From this deﬁnition, we easily see that
1