1 / 14

The One Time Pad

Online Cryptography Course Dan Boneh. Stream ciphers. The One Time Pad. Symmetric Ciphers: definition. Def : a cipher defined over is a pair of “efficient” algs ( E , D ) where E is often randomized. D is always deterministic.

lee
Download Presentation

The One Time Pad

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Online Cryptography Course Dan Boneh Stream ciphers The One Time Pad

  2. Symmetric Ciphers: definition Def: a cipher defined over is a pair of “efficient” algs (E, D) where • E is often randomized. D is always deterministic.

  3. The One Time Pad (Vernam 1917) First example of a “secure” cipher key = (random bit string as long the message)

  4. The One Time Pad (Vernam 1917) msg: 0 1 1 0 1 1 1 key: 1 0 1 1 0 1 0 CT: ⊕

  5. You are given a message (m) and its OTP encryption (c). Can you compute the OTP key from m and c ? No, I cannot compute the key. Yes, the key is k = m⊕c. I can only compute half the bits of the key. Yes, the key is k = m ⊕m.

  6. The One Time Pad (Vernam 1917) Very fast enc/dec !! … but long keys (as long as plaintext) Is the OTP secure? What is a secure cipher?

  7. What is a secure cipher? Attacker’s abilities: CT only attack(for now) Possible security requirements: attempt #1: attacker cannot recover secret key attempt #2: attacker cannot recover all of plaintext Shannon’s idea: CT should reveal no “info” about PT

  8. Information Theoretic Security (Shannon 1949) Def: A cipher (E, D) over () has perfect secrecyif

  9. Information Theoretic Security Def: A cipher (E, D) over () has perfect secrecyif (|) and Pr[E(k, m0) = c]= Pr[E(k, m1) = c]where R

  10. Lemma: OTP has perfect secrecy. Proof:

  11. Let and . How many OTP keys map to ? None 1 2 Depends on

  12. Lemma: OTP has perfect secrecy. Proof:

  13. The bad news … Thm: perfect secrecy ⇒

  14. End of Segment

More Related