hannon's perfect secrecy_important point of ppt.ppt
PravinRaam
12 views
13 slides
Aug 07, 2024
Slide 1 of 13
1
2
3
4
5
6
7
8
9
10
11
12
13
About This Presentation
Certainly! Here’s a detailed overview of Shannon's Perfect Secrecy, focusing on the essential points and concepts.
### Shannon's Perfect Secrecy
#### Introduction
- **Definition**: Perfect secrecy is a concept in cryptography where the ciphertext provides no information about the plainte...
Slide Content
Hannon’s Perfect Secrecy
Name: Pravinraam R
Roll no: 22BECY042
subject: Internet Security
1
Name: Pravinraam R
Roll no: 22BECY042
subject: Internet Security
1
2
Perfect Secrecy: Shannon
(Information-Theoretic) Security
•Basic Idea: Ciphertext should provide no
“information” about Plaintext
•Have several equivalent formulations:
–The two random variables M and C are independent
–Observing what values C takes does not change what
one believes the distribution M is
–Knowing what is value of M does not change the
distribution of C
–Encrypting two different messages m
0 and m
1 results
in exactly the same distribution.
Perfect Secrecy: Shannon
(Information-Theoretic) Security
•Basic Idea: Ciphertext should provide no
“information” about Plaintext
•Have several equivalent formulations:
–The two random variables M and C are independent
–Observing what values C takes does not change what
one believes the distribution M is
–Knowing what is value of M does not change the
distribution of C
–Encrypting two different messages m
0 and m
1 results
in exactly the same distribution.
Perfect Secrecy Definition 0
Definition. (Gen,Enc,Dec) over a message space M is
perfectly secure if
probability distribution over M
The random variables M and C are independent.
That is,
message mM
ciphertext c C
Pr [M=m C=c] = Pr [M = m] Pr [C = c]
3
Definition. (Gen,Enc,Dec) over a message space M is
perfectly secure if
probability distribution over M
The random variables M and C are independent.
That is,
message mM
ciphertext c C
Pr [M=m C=c] = Pr [M = m] Pr [C = c]
3
Perfect Secrecy Definition 1
Definition 2.1 (From textbook). (Gen,Enc,Dec) over
a message space M is perfectly secure if
probability distribution over M
message mM
ciphertext cC for which Pr[C=c] > 0
We have
Pr [M=m | C=c] = Pr [M = m].
4
Definition 2.1 (From textbook). (Gen,Enc,Dec) over
a message space M is perfectly secure if
probability distribution over M
message mM
ciphertext cC for which Pr[C=c] > 0
We have
Pr [M=m | C=c] = Pr [M = m].
4
Definition 0 equiv. Definition 1
•Definition 0 implies Definition 1
–Idea: Given Pr [M=mC=c] = Pr [M = m] Pr [C = c], for
any c such that Pr [C = c] > 0, divide both sides of the
above with Pr [C = c], we have Pr [M=m | C=c] = Pr [M
= m].
•Definition 1 implies Definition 0
–Idea: cC s.t. Pr[C=c] > 0
Pr [M=m | C=c] = Pr [M = m], multiple both side by
Pr[C=c], obtain Pr [M=mC=c] = Pr [M = m] Pr [C = c]
cC s.t. Pr[C=c] = 0 we have Pr [M=mC=c] = 0 = Pr
[M=m] Pr[C=c]
5
•Definition 0 implies Definition 1
–Idea: Given Pr [M=mC=c] = Pr [M = m] Pr [C = c], for
any c such that Pr [C = c] > 0, divide both sides of the
above with Pr [C = c], we have Pr [M=m | C=c] = Pr [M
= m].
•Definition 1 implies Definition 0
–Idea: cC s.t. Pr[C=c] > 0
Pr [M=m | C=c] = Pr [M = m], multiple both side by
Pr[C=c], obtain Pr [M=mC=c] = Pr [M = m] Pr [C = c]
cC s.t. Pr[C=c] = 0 we have Pr [M=mC=c] = 0 = Pr
[M=m] Pr[C=c]
5
Perfect Secrecy. Definition 2.
Definition in Lemma 2.2. (Gen,Enc,Dec) over a
message space M is perfectly secure if
probability distribution over M
message mM (assuming Pr[M=m]>0)
ciphertext cC
We have
Pr [C=c | M=m] = Pr [C = c].
•Equivalence with Definition 0 straightforward.
6
Definition in Lemma 2.2. (Gen,Enc,Dec) over a
message space M is perfectly secure if
probability distribution over M
message mM (assuming Pr[M=m]>0)
ciphertext cC
We have
Pr [C=c | M=m] = Pr [C = c].
•Equivalence with Definition 0 straightforward.
6
Perfect Indistinguishability
Definition in Lemma 2.3. (Gen,Enc,Dec) over a message space
M is perfectly secure if
probability distribution over M
messages m
0,m
1M
ciphertext cC
We have
Pr [C=c | M=m
0] = Pr [C=c | M=m
1]
To prove that this definition implies Definition 0, consider Pr
[C=c].
7
Definition in Lemma 2.3. (Gen,Enc,Dec) over a message space
M is perfectly secure if
probability distribution over M
messages m
0,m
1M
ciphertext cC
We have
Pr [C=c | M=m
0] = Pr [C=c | M=m
1]
To prove that this definition implies Definition 0, consider Pr
[C=c].
7
Adversarial Indistinguishability
•Define an experiment called PrivK
eav
:
–Involving an Adversary and a Challenger
–Instantiated with an Adv algorithm A, and an
encryption scheme = (Gen, Enc, Dec)
8
Challenger Adversary
k Gen()
b
R
{0,1}
chooses m
0
, m
1
Mm
0, m
1
C=E
k
[m
b
]
b’ {0,1}
PrivK
eav
= 1 if b=b’, and PrivK
eav
= 0 if b b’
•Define an experiment called PrivK
eav
:
–Involving an Adversary and a Challenger
–Instantiated with an Adv algorithm A, and an
encryption scheme = (Gen, Enc, Dec)
8
Challenger Adversary
k Gen()
b
R
{0,1}
chooses m
0
, m
1
Mm
0, m
1
C=E
k
[m
b
]
b’ {0,1}
PrivK
eav
= 1 if b=b’, and PrivK
eav
= 0 if b b’
Adversarial Indistinguishability
(con’d)
Definition 2.4. (Gen,Enc,Dec) over a message
space M is perfectly secure if
adversary A it holds that
Pr[PrivK
eav
A,
=1] = ½
Proposition 2.5. Definition 2.1 is equivalent to
Definition 2.4.
9
(con’d)
Definition 2.4. (Gen,Enc,Dec) over a message
space M is perfectly secure if
adversary A it holds that
Pr[PrivK
eav
A,
=1] = ½
Proposition 2.5. Definition 2.1 is equivalent to
Definition 2.4.
9
10
Perfect Secrecy
•Fact: When keys are uniformly chosen in a cipher,
a deterministic cipher has Shannon security iff.
the number of keys encrypting m to c is the same
for any pair of (m,c)
•One-time pad has perfect secrecy (Proof?)
–In textbook
Perfect Secrecy
•Fact: When keys are uniformly chosen in a cipher,
a deterministic cipher has Shannon security iff.
the number of keys encrypting m to c is the same
for any pair of (m,c)
•One-time pad has perfect secrecy (Proof?)
–In textbook
11
The “Bad News” Theorem for Perfect
Secrecy
•Question: OTP requires key as long as messages, is this an
inherent requirement for achieving perfect secrecy?
•Answer. Yes. Perfect secrecy implies that key-length
msg-length
Proof:
•Implication: Perfect secrecy difficult to achieve in practice
P
l
a
i
n
t
e
x
t
s
p
a
c
e
C
i
p
h
e
r
t
t
e
x
t
s
p
a
c
e
The “Bad News” Theorem for Perfect
Secrecy
•Question: OTP requires key as long as messages, is this an
inherent requirement for achieving perfect secrecy?
•Answer. Yes. Perfect secrecy implies that key-length
msg-length
Proof:
•Implication: Perfect secrecy difficult to achieve in practice
P
l
a
i
n
t
e
x
t
s
p
a
c
e
C
i
p
h
e
r
t
t
e
x
t
s
p
a
c
e
12
Key Randomness in One-Time Pad
•One-Time Pad uses a very long key, what if the
key is not chosen randomly, instead, texts from,
e.g., a book are used as keys.
–this is not One-Time Pad anymore
–this does not have perfect secrecy
–this can be broken
–How?
•The key in One-Time Pad should never be reused.
–If it is reused, it is Two-Time Pad, and is insecure!
–Why?
Key Randomness in One-Time Pad
•One-Time Pad uses a very long key, what if the
key is not chosen randomly, instead, texts from,
e.g., a book are used as keys.
–this is not One-Time Pad anymore
–this does not have perfect secrecy
–this can be broken
–How?
•The key in One-Time Pad should never be reused.
–If it is reused, it is Two-Time Pad, and is insecure!
–Why?
THANK YOU
13
13
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 12
- Slides 13
- Age 482 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views