010'141 Engineering Mathematics II Lecture 8 Application: Unconditional Security

1
010.141 Engineering Mathematics IILecture
8Application Unconditional Security

• Bob McKay
• School of Computer Science and Engineering
• College of Engineering
• Seoul National University
• Largely based on notes by
• Prof. Park Kunsoo, Seoul National University

2
Outline

• Unconditional Security
• One-time pads

3
Two Views of Cryptosystem Security

• Computational security
• Measures the computational effort required to
  break a cryptosystem
• A common approach is to reduce the security of a
  cryptosystem to some well-studied problem such as
  factoring
• Unconditional security
• A cryptosystem is unconditionally secure if it
  cannot be broken, even with infinite
  computational resources

4
Unconditional Security

• We develop the theory of cryptosystems that are
  unconditionally secure against cyphertext-only
  attacks
• Unconditional security is based on probability
  theory

5
Modified Shift Cypher

• Let P C K Z26
• For 0 ? K ? 25, define EK(x) x K mod
  26and DK(y) y - K mod 26where x,y ? Z26
• We will use a particular key only for one
  encryption
• i.e. use n keys to encrypt n plaintexts.

6
Probability Assumptions

• The plaintext M and cyphertext C are random
  variables
• Let PM(x) PM x and PC(y) PC y
• Assume that there is a prior probability
  distribution on the plaintext space P
• i.e., PM(x) is the a priori probability that the
  plaintext is x
• Assume that each key is chosen at random.
• Assume that the key K and the plaintext x are
  independent events

7
Induced Probability Distribution

• The two probability distributions on P and K
  induce a probability distribution on C
• The probability that the cyphertext is y ? C
  isPC(y) ?x ? PPM(x) PCM(yx)
• Since PCM(yx) PK ? y - x mod 26 1/26
  PC(y) 1/26

8
Perfect Secrecy

• A cryptosystem has perfect secrecy
  ifPMC(xy)PM(x)? x ? P, y ? C
• That is, the a posteriori probability that the
  plaintext is x, given that the cyphertext y is
  observed, is identical to the a priori
  probability that the plaintext is x
• Or to put it another way, knowing the cyphertext
  doesnt assist you to know the plaintext

9
Shift Cypher Perfect Secrecy

• Theorem
• If the 26 keys in the Shift Cipher are used with
  equal probability 1/26, then the Shift Cipher has
  perfect secrecy for any plaintext probability
  distribution
• Proof
• PMC(xy) PM(x) PCM(yx) / PC(y) PM(x)

10
Shift Cypher Perfect Secrecy

• Theorem
• Suppose a cryptosystem satisfies P C
  KThen the cryptosystem has perfect secrecy iff
  
• Every key is used with equal probability
• For every x ? P and every y ? C, there is a
  unique key K such that EK(x) y

11
One-Time Pad

• A special case of the Shift Cipher where Zm Z2
• A secret-key cryptosystem where the key is as
  long as the message being encrypted
• The key, once used, is discarded and never used
  again
• When A and B wish to communicate, they must have
  previously agreed upon a secret key K which is a
  string of n randomly chosen bits

12
One-Time Pad Example

• When A wishes to send an n-bit message M to B,
• A sends C M ? K
• B obtains M by M C ? K M 0011 K 0101 C
  0110

13
Summary

• Unconditional Security
• One-time pads

14
?????