Shannon ciphers and perfect security
Definition of a Shannon cipher
The basic mechanism for encrypting a message using a shared secret key is called a cipher (or encryption scheme). In this section, we introduce a slightly simplified notion of a cipher, which we call a Shannon cipher.
A Shannon cipher is a pair
ε
=
(
E
,
D
)
\varepsilon =(E,D)
ε=(E,D) of functions.
• The function E (the encryption function) takes as input a key k and a message m (also called a plaintext), and produces as output a ciphertext c. That is,
c
=
E
(
k
,
m
)
c = E(k, m)
c=E(k,m),
and we say that c is the encryption of m under k. • The function D (the ecryption function) takes as input a key
k
k
k and a ciphertext
c
c
c, and produces a message
m
m
m. That is,
m
=
D
(
k
,
c
)
m = D(k, c)
m=D(k,c),
and we say that m is the decryption of c under
k
k
k.
• We require that decryption “undoes” encryption; that is, the cipher must satisfy the following correctness property: for all keys k and all messages m, we have
D
(
k
,
E
(
k
,
m
)
)
=
m
D(k, E(k, m) ) = m
D(k,E(k,m))=m.
To be slightly more formal, let us assume that
K
K
K is the set of all keys (the key space),
M
M
M is the set of all messages (the message space), and that
C
C
C is the set of all ciphertexts (the ciphertext space). With this notation, we can write:
E
:
K
×
M
→
C
E : K × M → C
E:K×M→C,
D
:
K
×
C
→
M
D : K × C → M
D:K×C→M.
Also, we shall say that
ε
\varepsilon
ε is defined over
(
K
,
M
,
C
)
(K,M, C)
(K,M,C)
A one-time pad
A one-time pad is a Shannon cipher
ε
=
E
,
D
)
\varepsilon =E,D)
ε=E,D), where the keys, messages, and ciphertexts are bit strings of the same length; that is,
ε
\varepsilon
ε is defined over
(
K
,
M
,
C
)
(K,M,C)
(K,M,C), where
K
:
=
M
:
=
C
:
(
0
,
1
)
L
K:=M:=C:(0,1)^L
K:=M:=C:(0,1)L