Cryptography Reference
In-Depth Information
must hold for every plaintext message
m
(otherwise, a
ciphertext may not be decryptable, and hence the symmetric encryption system may
not be useful in the first place).
1
In addition to this definition, a symmetric encryption
system may be randomized in the sense that the encryption function takes additional
random input. In fact, it turns out that randomized symmetric encryption systems are
advantageous from a security viewpoint (as discussed later in this chapter).
∈M
and every key
k
∈K
10.1.1
Examples
Many symmetric encryption systems use specific alphabets and corresponding plain-
text message, ciphertext, and key spaces. If, for example, the alphabet is Σ=
{
, then the spaces consist of all words that can be constructed with the
capital letters from
A
to
Z
. These letters can be associated with the 26 elements of
Z
26
=
A,...,Z
}
{
0
,
1
,...,
25
}
{
A,...,Z
}
Z
26
,
. In fact, there is a bijective map from
into
{
A,...,Z
}
Z
26
=
{
0
,...,
25
}
and hence we can work either with Σ=
or
.
Let Σ =
Z
26
=
{
0
,...,
25
}
M
C
K
Z
26
. The encryption
and
=
=
=
function of an
additive cipher
is defined as follows:
E
k
:
M−→C
m
−→
m
+
k
(mod 26) =
c
Similarly, the decryption function is defined as follows:
D
k
:
C−→M
c
−→
c
−
k
(mod 26) =
m
In the additive cipher, the decryption key is the additive inverse of the en-
cryption key. Consequently, it is simple for anybody knowing the encryption key to
determine the decryption key (that's why the encryption system is called symmetric
in the first place). In Section 1.3, we briefly mentioned the Caesar cipher. This is an
example of an additive cipher with a fixed key
k
=3.
Similar to the additive cipher, one can define a
multiplicative cipher
or com-
bine an additive and a multiplicative cipher in an
affine cipher
.
2
In the second case,
1
This condition is specific for symmetric encryption systems. In asymmetric encryption systems, the
keys that select an encryption function and a decryption function from the corresponding families
are not equal and may not be efficiently computable from one another. This point is further addressed
in Chapter 14.
2
The multiplicative cipher works similar to the additive cipher. It uses multiplication instead of
addition. Also, to make sure that one can decrypt all the time, one must work with
{
1
,
2
,...,
26
}
instead of
{
0
,
1
,...,
25
}
.
