Netw1002: Computer security

TUTORIAL 4: PERFECT SECRECY

PERFECT SECRECY

• “Regardless of any prior information the attacker has about plaintext, ciphertext
should leak no additional information about plaintext.”
• Another definition: It means that observing cipher text should not change attacker’s
knowledge about the distribution of plaintext.
• Meaning that: the probability of plain text message M to be equal m given that cipher
text C is equal to c must be equal the probability that message M equals to m.
P(M=m | C=c) = P(M=m)
• To check that any encryption system that has perfect secrecy feature, this previous
equation should be satisfied.
CONDITIONAL PROBABILITY

• Bayes Rule:
𝑃 ( 𝐵| 𝐴 ) ∗ 𝑃 ( 𝐴 )
P ( A|B ) =
𝑃 ( 𝐵)

P(A|B) = P(A)
• The two variables X, Y are independent
• Knowledge of X does not change the probability of Y
(Knowledge of X reveals no information about Y)
P(A|B)≠ P(A)
• The two variables X, Y are dependent
• Knowledge of X changes the probability of Y
(Knowledge of X reveals information about Y)
QUESTION 1:

• Prove that the one-time pad cryptographic system is perfectly secret.

Solution:
• In OTP, we have
• Set of Plain text messages  X
• Set of Cipher text messages  C
• Set of Keys  K
• Since the key is just a piece of text that is as long as plain text we want to
encrypt, therefore # of keys is the same as # of all possible plain text messages so
| M | = | K | and since that | M | = | C | so | M | = | C |= | K |
• We assume that the probability to choose any of the keys is equally distributed
so:
 Example: Plaintext Msg A B D
M = { A, B, D}  |M|= 3 (m)
L M N
C = { L, M, N}  |C|= 3
N L M
K = {K 1, K2 , K3}  |K|= 3
M N L
• P(M=m)=1/3 & P(Key=k)=1/3
• To check perfect secrecy feature, we will consider this case: (m = A and c = L)

 
,

• Since:
• Therefore: OTP Algorithm is perfectly secret
QUESTION 2

Prove that, in order for a cryptographic system to be perfectly secret, a necessary but not
sufficient condition is that the number of keys is at least equal to the number of possible
plain texts.
Solution:
We need to prove that when the number of keys is less than the number of messages,
then the system is NOT perfectly secret. (# of Keys < # of Plain texts)
In this example |K| ≤ |M|; |K| = 2 and |M| = 3:
1 st System using (K1):
M C
(1,A), (2,B) & (3,X)
1 A
2 B 2nd System using (K2):
3 X (1,B), (2,X) & (3,A)
 M C
QUESTION 2
1 A

p(m|c) = 2 B

P(1|x) = 3 X

p(x|1): there is no key that makes the encryption of message “1” to be “X” so p(x|1) = 0.

P(1|x) = = 0

Since that: p(1|x) ≠ p(1), therefore this system is not perfectly secret
To get a perfectly secret system, # of keys must be at least equal to # of plain texts
QUESTION 3

Can any permutation cipher be perfectly secret? Justify your answer and give examples.
Solution:
Assuming a system that uses (2-bits), recall the permutation def. which is changing the
order of the bits
Plain Text Msg (m) 00 01 10 11

00 01 10 11

00 10 01 11

𝑝(𝑘𝑒𝑦 = 𝑘 1 ): 𝑝𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦 𝑡𝑜 𝑐ℎ𝑜𝑜𝑠𝑒 𝑘𝑒𝑦 1

𝑝(𝑘𝑒𝑦 = 𝑘 2 ): 𝑝𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦 𝑡𝑜 𝑐ℎ𝑜𝑜𝑠𝑒 𝑘𝑒𝑦 2
𝑝(𝑀= 𝑚): 𝑝𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦 𝑜𝑓 𝑐ℎ𝑜𝑜𝑠𝑖𝑛𝑔 𝑜𝑛𝑒 𝑚𝑒𝑠𝑠𝑎𝑔𝑒
Since: we have 2 keys here, so probability is equally distributed
Therefore: m 00 01 10 11
Since: we have 4 possible plain texts at each key
00 01 10 11
Therefore:
00 10 01 11
Considering Case that: m = {00} and c = {00}

=1
• Since:
• Therefore: Permutation Ciphers are not perfectly secret.
QUESTION 4

Can a general substitution cipher, i.e., using substitution tables, be perfectly secret?
Justify your answer and give an example of a perfectly secret substitution cipher (if
possible).
Solution:
This could be happen when # of keys > # of plain text messages
Assuming a system that uses only 1-bit and 2 keys (General Substitution Cipher)
Plain text α β
• Assume that α and β are 2 chars messages (m)
• p(α) = p and p(β) = 1 – p 0 1
1 0
• p(k1 )=p(k 2 )=1/2

We need to prove that p( M=m | C=c ) = p( M=m ) for all inputs

QUESTION 4:

1st Case: (m = α and c = 0)

Since: ) = p
Then: Case 1 is verified
QUESTION 4:

2nd Case: (m = β and c = 1)

• Since:
• Then: Case 2 is Verified
QUESTION 4:

3rd Case: (m = and c = 1)

• Since:

• Then: Case 3 is Verified

QUESTION 4:

4th Case: (m = and c = 0)

• Since:
• Then: Case 4 is Verified
QUESTION 5:

Give an example of a substitution cipher that is NOT perfectly secret.

Solution:
Assuming a system that uses only 1-bit and 2 keys (General Substitution Cipher)

Plain text α β
• Assume that α and β are binary messages (m)
• p(α) = p and p(β) = 1 – p 0 1
• p(k_1 )=p(k_2 )=1/2 0 1
QUESTION 5:

Consider case: (m = α and c = 0)

), therefore this substitution cipher example is not perfectly secret.

THANK YOU!