Abstract
Shannon's pessimistic theorem, which states that a cipher can be perfect only when the entropy of the secret key is at least as great as that of the plaintext, is relativized by the demonstration of a randomized cipher in which the secret key is short but the plaintext can be very long. This cipher is shown to be “perfect with high probability.” More precisely, the eavesdropper is unable to obtain any information about the plaintext when a certain security event occurs, and the probability of this event is shown to be arbitrarily close to one unless the eavesdropper performs an infeasible computation. This cipher exploits the assumed existence of a publicly-accessible string of random bits whose length is much greater than that of all the plaintext to be encrypted; this is a feature that our cipher has in common with the previously considered “book ciphers”. Two modifications of this cipher are discussed that may lead to practical provably-secure ciphers based on either of two assumptions that appear to be novel in cryptography, viz., the (sole) assumption that the enemy's memory capacity (but not his computing power) is restricted and the assumption that an explicit function is, in a specified sense, controllably-difficult to compute, but not necessarily one-way.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
C. H. Bennett, F. Bessette, G. Brassard, L. Savail, and J. Smolin, Experimental quantum cryptography, Advances in Cryptology—Eurocrypt '90, Lecture Notes in Computer Science, Vol. 473, Springer-Verlag, Berlin, 1991, pp. 253–265.
C. H. Bennett, G. Brassard, and J.-M. Robert, Privacy amplification by public discussion, SIAM Journal on Computing, Vol. 17, No. 2, 1988, pp. 210–229.
J. L. Massey, An introduction to contemporary cryptology, Proceedings of the IEEE, Vol. 76, No. 5, 1988, pp. 533–549.
J. L. Massey and I. Ingemarsson, The Rip van Winkle cipher—a simple and provably computationally secure cipher with a finite key, in IEEE Int. Symp. Inform. Theory, Brighton, England (Abstracts), June 24–28, 1985, p. 146.
U. M. Maurer, Perfect cryptographic security from partially independent channels, Proc. 23rd ACM Symp. on Theory of Computing, 1991, pp. 561–571.
U. M. Maurer and J. L. Massey, Local randomness in pseudo-random sequences, Journal of Cryptology (to appear).
U. M. Maurer and J. L. Massey, Cascade ciphers: the importance of being first, presented at the 1990 IEEE Int. Symp. Inform. Theory, San Diego, CA, Jan. 14–19, 1990.
L. H. Ozarow and A. D. Wyner, Wire-tap channel II, AT&T Bell Laboratories Technical Journal, Vol. 63, No. 10, 1984, pp. 2135–2157.
C. E. Shannon, Communication theory of secrecy systems, Bell Systems Technical Journal, Vol. 28, Oct. 1949, pp. 656–715.
G. S. Vernam, Cipher printing telegraph systems for secret wire and radio telegraphic communications, J. American Inst. Elec. Eng., Vol. 55, 1926, pp. 109–115.
I. Wegener, The Complexity of the Boolean Function, Wiley, New York, 1987.
A. Wyner, The wire-tap channel, Bell Systems Technical Journal, Vol. 54, No. 8, Oct. 1975, pp. 1355–1387.
Author information
Authors and Affiliations
Additional information
A preliminary version of this paper was presented at Eurocrypt '90, May 21–24, Århus, Denmark, and has appeared in the proceedings, pp.361–373.
Rights and permissions
About this article
Cite this article
Maurer, U.M. Conditionally-perfect secrecy and a provably-secure randomized cipher. J. Cryptology 5, 53–66 (1992). https://doi.org/10.1007/BF00191321
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00191321