Perfect Secrecy - Cryptography - Lecture Slides, Slides of Cryptography and System Security

Download Perfect Secrecy - Cryptography - Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Perfect Secrecy

2

Shannon Secrecy

Knowing ciphertext doesn’t help decipher:

X - random variable for plaintexts

C - random variable for ciphertexts with respect to possible plaintext and keys DEF 1 : A cryptosystem is Shannon secure if X and C are independent. I.e., for all plaintexts x and ciphertexts y Pr[ x | y ] = Pr[ x ].

C depends on implicit rand. var. K for keys

(P , C , K , E , D )

4

Key Ambiguity

If any plaintext message could result from a given ciphertext message and all keys equally likely, no knowledge gained about plaintexts. DEF3: A cryptosystem with equal size spaces is perfectly key ambiguous if keys are picked uniformly and for all there is a unique key K such that.

(P , C , K , E , D )

|P | = |C | = |K |

x ∈ P , y ∈ C

y = e K ( x )

5

One Time Pad

XOR the plaintext bitstring with key but never re-use same key

Similar to Vigenère but with size of key equaling size of message DEF: The one time pad (OTP) is the cryptosystem defined by and , with keys chosen according to uniform distribution. THM: OTP is perfectly key ambiguous.

P = C = K = { 0 , 1 }

n

eK ( x ) i = xi ⊕ Ki = dK ( x ) i

7

Limitations of One

Time Pad

Very large key-size

Stateful : Alice and Bob must keep track of “state” - prone to transmission errors

Abuse (using twice) results in easily attacked cipher

Useless for other cryptographic protocols such as authentication

8

Other Security Models

Resistance to all known attacks

Computational security - cracking would solve impossibly hard problem I. Total break - recover key II. Partial break - can decrypt ciphertexts, without knowing key III. Semantic break - can learn a “bit” of information about plaintext, so can distinguish ciphertexts