Cryptography Reference
In-Depth Information
COMMENTS ON THE SIMPLE CRYPTOSYSTEM
Note that not every cryptosystem provides perfect secrecy. Suppose that the
investor had foolishly decided to use the Simple Substitution Cipher. In this
case the ciphertext for BUY will be three characters long and the ciphertext for
SELL will be four characters long. Knowing that the plaintext is either BUY
or SELL, seeing the ciphertext will allow any attacker to deduce the plaintext
immediately. In this case, seeing the ciphertext gives away
all
the information
about the plaintext.
Table 3.1 depicts a simple cryptosystem that offers perfect secrecy when there
are only two plaintexts. Of course it is not a
secure
cryptosystem since anyone
can guess the correct plaintext with a 50% chance of being correct. However,
the important point is that the ciphertext does not provide any information
that is useful to an attacker. Thus an attacker might as well guess the plaintext
without seeing the ciphertext. This is the best that can ever be achieved by any
cryptosystem.
3.1.3
One-time pads
The simple cryptosystem offering perfect secrecy that we have just described is an
example of a cryptosystem known as a
one-time pad
.
PROPERTIES OF A ONE-TIME PAD
Although there are many different versions and ways of describing a one-time
pad, they all have the same three essential properties:
The number of possible keys is greater than or equal to the number of possible
plaintexts
. If the number of keys is less than the number of plaintexts then
guessing the key is easier than guessing the plaintext, thus the cryptosystem
does not provide perfect secrecy. Inmost one-time pads the number of possible
keys is equal to the number of possible plaintexts.
The key is selected uniformly at random from the key space
.By
uniformly
we
mean that each key is equally likely to be chosen. Suppose that this is not
the case. Recall our example in Section 3.1.1 of a cryptosystem that is being
used to encrypt four-digit PINs. Suppose that the PINs themselves are chosen
uniformly at random but that the interceptor knows that certain keys are more
likely to be chosen than others. Then the best strategy for the interceptor is
to guess one of these more likely keys. Since this strategy will have a greater
probability of success than guessing the plaintext, although the cryptosystem
may still be pretty good, it will not offer perfect secrecy.
A key should only be used 'once'
. We will explain why this is the case in just a
moment. This property is why a one-time pad is
one-time
. Note that this does
not mean that after a key has been used then this key must never be used again.
What it means is that each time a one-time pad is used, the current key should
be discarded and a new key should be selected uniformly at random from the
