Does Shannon perfect secrecy imply a deterministic encryption algorithm?
$begingroup$
Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?
i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.
perfect-secrecy
$endgroup$
add a comment |
$begingroup$
Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?
i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.
perfect-secrecy
$endgroup$
add a comment |
$begingroup$
Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?
i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.
perfect-secrecy
$endgroup$
Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?
i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.
perfect-secrecy
perfect-secrecy
asked Feb 13 at 21:05
user308485user308485
1333
1333
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic
Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.
In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)
Does this imply that $Enc$ is deterministic?
Yes; the pigeon-hole principal is your friend.
Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).
We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.
There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).
Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.
$endgroup$
2
$begingroup$
It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
$endgroup$
– kodlu
Feb 13 at 23:05
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67284%2fdoes-shannon-perfect-secrecy-imply-a-deterministic-encryption-algorithm%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic
Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.
In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)
Does this imply that $Enc$ is deterministic?
Yes; the pigeon-hole principal is your friend.
Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).
We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.
There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).
Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.
$endgroup$
2
$begingroup$
It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
$endgroup$
– kodlu
Feb 13 at 23:05
add a comment |
$begingroup$
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic
Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.
In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)
Does this imply that $Enc$ is deterministic?
Yes; the pigeon-hole principal is your friend.
Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).
We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.
There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).
Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.
$endgroup$
2
$begingroup$
It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
$endgroup$
– kodlu
Feb 13 at 23:05
add a comment |
$begingroup$
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic
Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.
In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)
Does this imply that $Enc$ is deterministic?
Yes; the pigeon-hole principal is your friend.
Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).
We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.
There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).
Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.
$endgroup$
In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic
Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.
In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)
Does this imply that $Enc$ is deterministic?
Yes; the pigeon-hole principal is your friend.
Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).
We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.
There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).
Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.
answered Feb 13 at 21:43
ponchoponcho
93k2145241
93k2145241
2
$begingroup$
It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
$endgroup$
– kodlu
Feb 13 at 23:05
add a comment |
2
$begingroup$
It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
$endgroup$
– kodlu
Feb 13 at 23:05
2
2
$begingroup$
It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
$endgroup$
– kodlu
Feb 13 at 23:05
$begingroup$
It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
$endgroup$
– kodlu
Feb 13 at 23:05
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67284%2fdoes-shannon-perfect-secrecy-imply-a-deterministic-encryption-algorithm%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown