PerfSecrecy

PerfSecrecy - Handout #13 ma187s: Cryptography April 25,...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Handout #13 ma187s: Cryptography April 25, 2006 Perfect Secrecy We shall show in these notes that a probabilistic form of “perfect secrecy” can be achieved, if circumstances permit the use of a sufficiently large key space. The setting we shall work with is that of a random cryptographic system . As in our previous handouts, the ingredients are: a) A “MESSAGE SPACE” M = { m 1 ,m 2 ,...,m n } , b) A “CIPHER SPACE” C = { c 1 ,c 2 ,...,c r } , c) A “KEY SPACE” K = { k 1 ,k 2 ,...,k s } d) A set of one-to-one maps of M into C E k ( m ): M C e) Two sets of probabilities { p 1 ,p 2 ,...,p n } and { q 1 ,q 2 ,...,q s } This given, a cryptographic transaction in such a system takes place as follows: 1) The sender produces a message M which is a random variable with P [ M = m i ]= p i 2) The sender selects a key K by an independent mechanism with P [ K = k i q i 3) The sender encrypts M into C = E K ( M ) and sends it to the receiver. Thus our cryptographic transaction here may be viewed as an experiment producing the three random variables M,K and C = E K ( M ) This given, our aim here is to find out under what circumstances the opponent, even if completely aware of the mechanism involved, upon intercepting C , can draw no conclusions whatsoever about the original message M. When this happens we shall say that our system achieves “ Perfect Secrecy ”. Probabilistically, C yielding no information about M can only mean one thing: that M and C are independent random variables. This means that we have “ Perfect Secrecy ” if and only if, for all choices of m in M and c ,in C we have P [ M = m, C = c P [ M = m ] P [ C = c ] (1) From this definition, we easily see that 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Handout #13 ma187s: Cryptography April 25, 2006 Theorem 1 Perfect secrecy is achieved when 1. All keys are equally likely 2. For each pair ( m i ,c j ) there is a unique key, k s , such that E k s ( m i )= c j Proof. P ( C = c j N X i =1 P ( M = m i ) X E ks ( m i )= c j P ( K = k s ) But if there is only one key k s yielding E k s ( mi c j then the inner sum reduces to a single term, and if all keys are equally likely then the inner sum reduces to 1 /S and P ( C = c j N X i =1 P ( M = m i ) 1 S = 1 S On the other hand P ( M = m i ,C = c j X E k s ( m i )= c j P ( M = m i ) P ( K = k s ) = P ( M = m i ) 1 S = P ( M = m i ) P ( C = c j ) QED Now it develops that this definition places some severe restrictions on our cryptographic system and that we can in fact give a complete description of all such systems. To this end note first that under our hypotheses, (more particularly the independence of M and K ),wehave P [ M = m, C = c ]= X k K & E k ( m )= c P [ K = k ] P [ M = m ] The reason for the presence of summation is that we do not exclude that there may be more
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/22/2010 for the course MATH MATH187 taught by Professor Math187 during the Spring '10 term at UCSD.

Page1 / 6

PerfSecrecy - Handout #13 ma187s: Cryptography April 25,...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online