Mixing
What is perfect secrecy?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I read some similar questions like Simply put, what does “perfect secrecy†mean? (This one defines perfect secrecy as ciphertext conveys no information about the content of the plaintext.
Now, problem 2.3 on this assignment asks:
show that perfect secrecy of $(GEN, ENC, DEC)$ implies $$Pr [ENC_k(m) = c] = Pr ô°‚[ENC_k(m') = c]ô°ƒ$$
Isn't the above equation saying that ciphertext $c$ gives no information whether it's $m$ or $m'$?
What is the exact definition of perfect secrecy then?
P.S. the assignment link above contains the solution. In the solution, I don't understand where the definition of perfect secrecy is used, nor what it is.
perfect-secrecy
asked 1 hour ago
sam
1113
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
2
down vote
favorite
I read some similar questions like Simply put, what does “perfect secrecy†mean? (This one defines perfect secrecy as ciphertext conveys no information about the content of the plaintext.
Now, problem 2.3 on this assignment asks:
show that perfect secrecy of $(GEN, ENC, DEC)$ implies $$Pr [ENC_k(m) = c] = Pr ô°‚[ENC_k(m') = c]ô°ƒ$$
Isn't the above equation saying that ciphertext $c$ gives no information whether it's $m$ or $m'$?
What is the exact definition of perfect secrecy then?
P.S. the assignment link above contains the solution. In the solution, I don't understand where the definition of perfect secrecy is used, nor what it is.
perfect-secrecy
asked 1 hour ago
sam
1113
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
The perfect secrecy definition is short, given a ciphertext, it should not reveal any information about the plaintext itself. The above says that; given a ciphertext the probability that the plaintext is $m$ or $m'$ are equal.
– kelalaka
50 mins ago
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I read some similar questions like Simply put, what does “perfect secrecy†mean? (This one defines perfect secrecy as ciphertext conveys no information about the content of the plaintext.
Now, problem 2.3 on this assignment asks:
show that perfect secrecy of $(GEN, ENC, DEC)$ implies $$Pr [ENC_k(m) = c] = Pr ô°‚[ENC_k(m') = c]ô°ƒ$$
Isn't the above equation saying that ciphertext $c$ gives no information whether it's $m$ or $m'$?
What is the exact definition of perfect secrecy then?
P.S. the assignment link above contains the solution. In the solution, I don't understand where the definition of perfect secrecy is used, nor what it is.
perfect-secrecy
asked 1 hour ago
sam
1113
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I read some similar questions like Simply put, what does “perfect secrecy†mean? (This one defines perfect secrecy as ciphertext conveys no information about the content of the plaintext.
Now, problem 2.3 on this assignment asks:
show that perfect secrecy of $(GEN, ENC, DEC)$ implies $$Pr [ENC_k(m) = c] = Pr ô°‚[ENC_k(m') = c]ô°ƒ$$
Isn't the above equation saying that ciphertext $c$ gives no information whether it's $m$ or $m'$?
What is the exact definition of perfect secrecy then?
P.S. the assignment link above contains the solution. In the solution, I don't understand where the definition of perfect secrecy is used, nor what it is.
perfect-secrecy
perfect-secrecy
asked 1 hour ago
sam
1113
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
sam
1113
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
sam
1113
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
sam
1113
asked 1 hour ago
sam
1113
1113
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
sam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
The perfect secrecy definition is short, given a ciphertext, it should not reveal any information about the plaintext itself. The above says that; given a ciphertext the probability that the plaintext is $m$ or $m'$ are equal.
– kelalaka
50 mins ago
add a comment |Â
1
The perfect secrecy definition is short, given a ciphertext, it should not reveal any information about the plaintext itself. The above says that; given a ciphertext the probability that the plaintext is $m$ or $m'$ are equal.
– kelalaka
50 mins ago
1
1
The perfect secrecy definition is short, given a ciphertext, it should not reveal any information about the plaintext itself. The above says that; given a ciphertext the probability that the plaintext is $m$ or $m'$ are equal.
– kelalaka
50 mins ago
The perfect secrecy definition is short, given a ciphertext, it should not reveal any information about the plaintext itself. The above says that; given a ciphertext the probability that the plaintext is $m$ or $m'$ are equal.
– kelalaka
50 mins ago
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
1
down vote
Information-theoretic security (= perfect secrecy) is a cryptosystem whose security derives purely from information theory, so that the system cannot be broken even if the adversary has unlimited computing power. The adversary does not have enough information to break the encryption, and so the cryptosystem is considered cryptanalytically unbreakable.
If we take the One-time pad as example:
The problem of decrypting a ciphertext that has been encrypted using OTP is illustrated in this example. It is possible to decrypt the ciphertext to any value of the same length. You can only know the true plaintext if you have the key.
There are different cryptosystems available that are believed to be extremly secure even though they don't fall in the category of "perfect secrecy", for example AES:
If an attacker has unlimited computing power then AES wouldn't be really a problem to decrypt, because AES's security relies on the "problem" that you had to try every key until you have found the correct one (brute-force attack) and not that a given ciphertext can be decrypted to any value of the same length like OTP.
answered 17 mins ago
AleksanderRas
867217
add a comment |Â
up vote
1
down vote
The Lindell and Katz, in their book, give the definition as follows;
An encryption scheme $(Gen,Enc,Dec)$ over a message space
$mathcalM$ is perfectly secret if for every probability
distribution of over $mathcalM$, every every message
$minmathcalM$, and every ciphertext $c in mathcalC$ for which
$Pr[C=c]>0$;
$$Pr[M=m|C=c] = Pr[M=m]$$
We can view this definition as the distribution over messages and ciphertext are independent.
The proof used this definition and the equivalent definition of perfect secrecy
$Pr[C=c|M=m] = Pr[C=c]$
and, this can be said, the ciphertext reveals no information about the plaintext other than the size.
On your proof;
The thirds P, on the numerator and denominator;
$Pr[Enc_k(m_1)=c] = Pr[Enc_k(M) =c | M=m_1]$
answered 12 mins ago
kelalaka
1,379317
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Information-theoretic security (= perfect secrecy) is a cryptosystem whose security derives purely from information theory, so that the system cannot be broken even if the adversary has unlimited computing power. The adversary does not have enough information to break the encryption, and so the cryptosystem is considered cryptanalytically unbreakable.
If we take the One-time pad as example:
The problem of decrypting a ciphertext that has been encrypted using OTP is illustrated in this example. It is possible to decrypt the ciphertext to any value of the same length. You can only know the true plaintext if you have the key.
There are different cryptosystems available that are believed to be extremly secure even though they don't fall in the category of "perfect secrecy", for example AES:
If an attacker has unlimited computing power then AES wouldn't be really a problem to decrypt, because AES's security relies on the "problem" that you had to try every key until you have found the correct one (brute-force attack) and not that a given ciphertext can be decrypted to any value of the same length like OTP.
answered 17 mins ago
AleksanderRas
867217
add a comment |Â
up vote
1
down vote
Information-theoretic security (= perfect secrecy) is a cryptosystem whose security derives purely from information theory, so that the system cannot be broken even if the adversary has unlimited computing power. The adversary does not have enough information to break the encryption, and so the cryptosystem is considered cryptanalytically unbreakable.
If we take the One-time pad as example:
The problem of decrypting a ciphertext that has been encrypted using OTP is illustrated in this example. It is possible to decrypt the ciphertext to any value of the same length. You can only know the true plaintext if you have the key.
There are different cryptosystems available that are believed to be extremly secure even though they don't fall in the category of "perfect secrecy", for example AES:
If an attacker has unlimited computing power then AES wouldn't be really a problem to decrypt, because AES's security relies on the "problem" that you had to try every key until you have found the correct one (brute-force attack) and not that a given ciphertext can be decrypted to any value of the same length like OTP.
answered 17 mins ago
AleksanderRas
867217
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Information-theoretic security (= perfect secrecy) is a cryptosystem whose security derives purely from information theory, so that the system cannot be broken even if the adversary has unlimited computing power. The adversary does not have enough information to break the encryption, and so the cryptosystem is considered cryptanalytically unbreakable.
If we take the One-time pad as example:
The problem of decrypting a ciphertext that has been encrypted using OTP is illustrated in this example. It is possible to decrypt the ciphertext to any value of the same length. You can only know the true plaintext if you have the key.
There are different cryptosystems available that are believed to be extremly secure even though they don't fall in the category of "perfect secrecy", for example AES:
If an attacker has unlimited computing power then AES wouldn't be really a problem to decrypt, because AES's security relies on the "problem" that you had to try every key until you have found the correct one (brute-force attack) and not that a given ciphertext can be decrypted to any value of the same length like OTP.
answered 17 mins ago
AleksanderRas
867217
Information-theoretic security (= perfect secrecy) is a cryptosystem whose security derives purely from information theory, so that the system cannot be broken even if the adversary has unlimited computing power. The adversary does not have enough information to break the encryption, and so the cryptosystem is considered cryptanalytically unbreakable.
If we take the One-time pad as example:
The problem of decrypting a ciphertext that has been encrypted using OTP is illustrated in this example. It is possible to decrypt the ciphertext to any value of the same length. You can only know the true plaintext if you have the key.
There are different cryptosystems available that are believed to be extremly secure even though they don't fall in the category of "perfect secrecy", for example AES:
If an attacker has unlimited computing power then AES wouldn't be really a problem to decrypt, because AES's security relies on the "problem" that you had to try every key until you have found the correct one (brute-force attack) and not that a given ciphertext can be decrypted to any value of the same length like OTP.
answered 17 mins ago
AleksanderRas
867217
answered 17 mins ago
AleksanderRas
867217
answered 17 mins ago
AleksanderRas
867217
answered 17 mins ago
AleksanderRas
867217
867217
add a comment |Â
add a comment |Â
up vote
1
down vote
The Lindell and Katz, in their book, give the definition as follows;
An encryption scheme $(Gen,Enc,Dec)$ over a message space
$mathcalM$ is perfectly secret if for every probability
distribution of over $mathcalM$, every every message
$minmathcalM$, and every ciphertext $c in mathcalC$ for which
$Pr[C=c]>0$;
$$Pr[M=m|C=c] = Pr[M=m]$$
We can view this definition as the distribution over messages and ciphertext are independent.
The proof used this definition and the equivalent definition of perfect secrecy
$Pr[C=c|M=m] = Pr[C=c]$
and, this can be said, the ciphertext reveals no information about the plaintext other than the size.
On your proof;
The thirds P, on the numerator and denominator;
$Pr[Enc_k(m_1)=c] = Pr[Enc_k(M) =c | M=m_1]$
answered 12 mins ago
kelalaka
1,379317
add a comment |Â
up vote
1
down vote
The Lindell and Katz, in their book, give the definition as follows;
An encryption scheme $(Gen,Enc,Dec)$ over a message space
$mathcalM$ is perfectly secret if for every probability
distribution of over $mathcalM$, every every message
$minmathcalM$, and every ciphertext $c in mathcalC$ for which
$Pr[C=c]>0$;
$$Pr[M=m|C=c] = Pr[M=m]$$
We can view this definition as the distribution over messages and ciphertext are independent.
The proof used this definition and the equivalent definition of perfect secrecy
$Pr[C=c|M=m] = Pr[C=c]$
and, this can be said, the ciphertext reveals no information about the plaintext other than the size.
On your proof;
The thirds P, on the numerator and denominator;
$Pr[Enc_k(m_1)=c] = Pr[Enc_k(M) =c | M=m_1]$
answered 12 mins ago
kelalaka
1,379317
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The Lindell and Katz, in their book, give the definition as follows;
An encryption scheme $(Gen,Enc,Dec)$ over a message space
$mathcalM$ is perfectly secret if for every probability
distribution of over $mathcalM$, every every message
$minmathcalM$, and every ciphertext $c in mathcalC$ for which
$Pr[C=c]>0$;
$$Pr[M=m|C=c] = Pr[M=m]$$
We can view this definition as the distribution over messages and ciphertext are independent.
The proof used this definition and the equivalent definition of perfect secrecy
$Pr[C=c|M=m] = Pr[C=c]$
and, this can be said, the ciphertext reveals no information about the plaintext other than the size.
On your proof;
The thirds P, on the numerator and denominator;
$Pr[Enc_k(m_1)=c] = Pr[Enc_k(M) =c | M=m_1]$
answered 12 mins ago
kelalaka
1,379317
The Lindell and Katz, in their book, give the definition as follows;
An encryption scheme $(Gen,Enc,Dec)$ over a message space
$mathcalM$ is perfectly secret if for every probability
distribution of over $mathcalM$, every every message
$minmathcalM$, and every ciphertext $c in mathcalC$ for which
$Pr[C=c]>0$;
$$Pr[M=m|C=c] = Pr[M=m]$$
We can view this definition as the distribution over messages and ciphertext are independent.
The proof used this definition and the equivalent definition of perfect secrecy
$Pr[C=c|M=m] = Pr[C=c]$
and, this can be said, the ciphertext reveals no information about the plaintext other than the size.
On your proof;
The thirds P, on the numerator and denominator;
$Pr[Enc_k(m_1)=c] = Pr[Enc_k(M) =c | M=m_1]$
answered 12 mins ago
kelalaka
1,379317
edited 5 mins ago
answered 12 mins ago
kelalaka
1,379317
answered 12 mins ago
kelalaka
1,379317
answered 12 mins ago
kelalaka
1,379317
1,379317
add a comment |Â
add a comment |Â
sam is a new contributor. Be nice, and check out our Code of Conduct.
sam is a new contributor. Be nice, and check out our Code of Conduct.
sam is a new contributor. Be nice, and check out our Code of Conduct.
sam is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63332%2fwhat-is-perfect-secrecy%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
The perfect secrecy definition is short, given a ciphertext, it should not reveal any information about the plaintext itself. The above says that; given a ciphertext the probability that the plaintext is $m$ or $m'$ are equal.
– kelalaka
50 mins ago