adam's notes

Perfect Secrecy

Perfect secrecy property means that the ciphertext conveys no information about the content of the plaintext.

  • aka information-theoretic security
  • in other words,
    • no matter how many ciphertexts an attacker has, they do not convey anything about what the plaintexts and key are
  • in terms of probability,
    • means that the probability distribution of the possible plaintexts is independent of the ciphertexts

Formal Probability Definition

An encryption scheme over plaintext space has the perfect secrecy property, if for every probability distribution over , every message , and every ciphertext , for which , where and are random variables associated with plaintext and ciphertext, respectively.

The probability distribution of ciphertexts is defined by:

Example

Consider the Caesar’s cipher, where 26 keys (from 0 to 25) can be used equally (i.e. with a probability of 1/26) to encrypt one letter of the Latin alphabet.

Each plaintext letter is encrypted with a key randomly selected.

Observing a ciphertext of one letter does not provide any information about the encrypted letter.

Therefore, the cipher has the perfect secrecy property.

Perfect Forward Secrecy Property

A cryptosystem has the perfect forward secrecy (PFS) property if the compromise of long-term keys does not allow an attacker to obtain past session keys.

  • protects past session keys against future compromise of long-term keys
  • generate a unique session key for every session
    • so the compromise of a single session key will not affect any data other than that of the particular session
  • Diffie-Hellman key exchange has perfect forward secrecy

Example

  • At time , a client and a server make use of the following protocol to agree on a session key
  • The client sends its public key to the server
  • The latter computes a session key, encrypts it using the client public key, and sends it to the client, over an unsecure channel
    • No other entity, with the exception of the client, can read the session key
  • Next, parties exchange messages encrypted using the session key and terminate the session
  • An attacker listening to the channel, copies all the encrypted messages, but he/she cannot decrypt them
  • Sometime later (maybe after months), the same attacker recovers the public key of the client
  • He/she decrypts the message containing the encrypted session key, and then discloses all the messages he/she intercepted some time ago
  • The key agreement protocol above has not the PFS property
  • That is, a compromise of the long-term public-key of the client results in disclosing ciphertexts sent in the past

Graph View

Backlinks