Cryptography Reference
In-Depth Information
Definition 10.2 (Ideal security)
An encryption system
(
P
,
C
,
K
,
E
,
D
)
is
ideally
C
n
)=
H
(
K
)
for all
n
secure
if
H
(
K
|
∈
N
.
Ideally secure encryption systems are not further addressed in this topic.
$J
,
!
!
G
Figure 10.17
A randomized symmetric encryption system that employs a public randomizer.
In summary, Shannon's Theorem says that unless two entities initially share
a secret key that is at least as long as the plaintext message to be transmitted,
the adversary will always obtain some information about the message. This result
has caused many cryptographers to believe that perfect security (or secrecy) is
impractical. This pessimism can be relativized by pointing out that Shannon's
analysis assumes that, except for the secret key, the adversary has access to exactly
the same information as the communicating entities and that this apparently innocent
assumption is much more restrictive than is generally realized. For example, Ueli
Maurer showed that it is possible to develop randomized symmetric encryption
systems that employ public randomizers as illustrated in Figure 10.17 to provide
perfect security (even if the secret keys are much smaller than the plaintext messages
that are encrypted) [27]. The output of a public randomizer is assumed to be publicly
accessible (also to the adversary) but impossible to modify. It can be modeled
as a random variable
R
. There are basically two different ways of implementing
a public randomizer: broadcasting and storing. A source (e.g., a satellite) could
broadcast random data or storage devices that contain the same random data could be
distributed. In the first case, it is possible to come up with a randomized symmetric
encryption system that employs a public randomizer and that is perfectly secure
under the sole assumption that the noise on the main channel (i.e., the channel
