Cryptography Reference
In-Depth Information
• If a cryptosystem has perfect secrecy then the interceptor might as well just try
to guess the plaintext based on the knowledge that they already had about it
before
seeing the ciphertext. The interceptor could try to guess the key rather
than the plaintext, but in a cryptosystemwith perfect secrecy the most efficient
strategy is to directly guess the plaintext for two reasons:
1. The interceptor might have useful knowledge about the plaintext already (for
example that one plaintext is sent more regularly than the others). Guessing
the plaintext based on this information will be more likely to be successful than
guessing the key.
2. Even if the interceptor has no information about the plaintext, guessing the
plaintext is still more efficient than guessing the key because the interceptor
does not need to perform a decryption after having guessed the key.
• Perfect secrecy is a theoretical notion that is a consequence of the properties of
the underlying encryption algorithm. Even if a cryptosystemhas perfect secrecy,
there is nothing to stop attacks on other components of the cryptosystem
from occurring. For example, perfect secrecy provides no protection against
a particularly aggressive attacker visiting the sender with a large crowbar and
requesting the key! We return to this issue shortly.
3.1.2
A simple cryptosystem offering perfect secrecy
We now demonstrate a very simple cryptosystem that offers perfect secrecy.
DESCRIPTION OF THE CRYPTOSYSTEM
Consider the following situation. An investor has to make a major financial
decision regarding whether to purchase additional stock in a shareholding, or
whether to sell his existing shares. At 14.00 he intends to inform his broker which
instruction to follow. The decision is highly sensitive, so the investor wants to
encrypt it to prevent competitors from learning his intent.
Table 3.1 describes a suitable cryptosystem for use in this scenario. This
cryptosystem has two keys
K
1
and
K
2
, two plaintexts BUY and SELL, and two
ciphertexts 0 and 1. The notation
E
K
(data) means the ciphertext created by
encrypting the data using key
K
. The cryptosystem works as follows:
1. Investor and broker agree on a randomly chosen key in advance (either
K
1
or
K
2
).
2. Once the investor makes his investment decision, he looks up Table 3.1 and
reads the ciphertext in the rowcorresponding to the chosen key and the column
corresponding to the chosen decision. For example, if the key is
K
1
and the
investor is selling then the ciphertext selected will be 1.
3. At 14.00 the investor sends the single ciphertext bit to the broker.
4. The broker looks up the row of Table 3.1 corresponding to the chosen key and
establishes which column the ciphertext bit lies in. He then deduces that the
