I would like an intuitive argument for what goes wrong in the proof that that a one-time pad provides perfect secrecy, if the key $K$ is not chosen uniformly at random from the entire key space.
Asked
Active
Viewed 1,440 times
2 Answers
2
Intuitively, each key decrypts the ciphertext to a different plaintext. So if some keys are more likely than others, then some plaintexts will also be more likely than others. Thus, unless all possible keys (and thus all possible plaintexts) are equally likely, observing the ciphertext will reveal information about the plaintext.
(Note that I'm implicitly assuming above that the attacker has no prior knowledge of what the plaintext might be before observing the ciphertext. That's fine for a counterexample, since a cipher that provides perfect secrecy must by definition reveal no new information about the plaintext to any attacker. So if we want to show that a cipher does not provide perfect secrecy, it's enough to show that it can reveal some information about the plaintext to some attacker.)
Ilmari Karonen
- 46,700
- 5
- 112
- 189
2
Let's say you have a commander ask the general "should I attack at 1pm via the tunnel". The adversary knows the general is brief and will only respond with "y" or "n". If the key is not uniformly distributed then the bias of the key can be directly related to the likelyhood of the general's response.
Not bad enough? Let's say there are twenty commanders asking the same question. "y" can be represented as 1 if you'd like and "n" as 0. You are the adversary and know the supposed one time pad key is actually 0 with probability 0.6 and 1 the other (0.4) times. You observe 12 ciphertexts of 1 and 8 ciphertexts of 0. Do you invest your forces preparing for an attack? How likely is it the general answered yes? These are questions to think on and even answer concretely as an exercise.
Thomas M. DuBuisson
- 1,894
- 15
- 20