Cryptography Reference
In-Depth Information
Table 3.1:
Simple one-time pad for protecting two plaintexts
BUY
SELL
=
=
Key
K
1
E
K
1
(BUY)
0
E
K
1
(SELL)
1
Key
K
2
E
K
2
(BUY)
=
1
E
K
2
(SELL)
=
0
decision corresponds to that column. In our above example, the broker checks
the row corresponding to
K
1
and sees that 1 lies in the column corresponding
to SELL. So the broker deduces that the plaintext is SELL.
THE ATTACKER'S VIEW
Now we look at this cryptosystem from an attacker's viewpoint. It is important
to appreciate that Table 3.1 completely specifies the cryptosystem being used. We
can thus assume that the attacker has full knowledge of the details of Table 3.1.
However, the attacker does not know which key (row) the investor and broker
have chosen. The attacker is in the following situation:
Before seeing the ciphertext
. We assume that the attacker has no idea whether
the investor will buy or sell. If the attacker wants to base a financial decision
on the likely outcome then the attacker might as well guess either BUY
or SELL.
After seeing the ciphertext
. The attacker knows that the combination of key and
plaintext must correspond to one of the entries in Table 3.1 that consists of
the observed ciphertext. The question remains, which one? From the attacker's
perspective:
1. If the ciphertext bit was 0 then either:
• the key was
K
1
and the plaintext was BUY;
• the key was
K
2
and the plaintext was SELL.
2. If the ciphertext bit was 1 then either:
• the key was
K
1
and the plaintext was SELL;
• the key was
K
2
and the plaintext was BUY.
It is easy to see from the above analysis that, regardless of which ciphertext bit
was sent, the attacker has not learnt anything useful about the plaintext since
each plaintext remains equally likely. In other words, even after having seen
the ciphertext, the attacker's best strategy is just to guess the plaintext. This
cryptosystem therefore provides perfect secrecy.
