Attainable Unconditional Security for Shared-Key CryptosystemsReport as inadecuate

Attainable Unconditional Security for Shared-Key Cryptosystems - Download this document for free, or read online. Document in PDF available to download.

1 TAMIS - Threat Analysis and Mitigation for Information Security Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL

Abstract : Preserving the privacy of private communication is a fundamental concern of computing addressed by encryption. Information-theoretic reasoning models unconditional security where the strength of the results does not depend on computational hardness or unproven results. Usually the information leaked on the message by the ciphertext is used to measure the privacy of a communication, with perfect secrecy when the leakage is zero. However this is hard to achieve in practice. An alternative measure is the equivocation, intuitively the average number of message-key pairs that could have produced a given ciphertext. We show a theoretical bound on equivocation called max-equivocation and show that this generalizes perfect secrecy when achievable, and provides an alternative measure when perfect secrecy is not. We derive bounds for max-equivocation for symmetric encoder functions and show that max-equivocation is achievable when the entropy of the ciphertext is minimized. We show that max-equivocation easily accounts for key re-use scenarios, and that large keys relative to the message perform very poorly under equivocation. We study encoders under this new perspective, deriving results on their achievable maximal equivocation and showing that some popular approaches such as Latin squares are not optimal. We show how unicity attacks can be naturally modeled, and how breaking encoder symmetry improves equivocation. We present some algorithms for generating encryption functions that are practical and achieve 90-95% of the theoretical best, improving with larger message spaces.

Keywords : perfect secrecy unconditional security entropy max-equivocation private-key cryptography symmetric encryption

Author: Fabrizio Biondi - Thomas Given-Wilson - Axel Legay -



Related documents