Information Security. Mark Stamp. Читать онлайн. Newlib. NEWLIB.NET

Автор: Mark Stamp
Издательство: John Wiley & Sons Limited
Серия:
Жанр произведения: Зарубежная компьютерная литература
Год издания: 0
isbn: 9781119505884
Скачать книгу
Row 1st Column Blank 2nd Column monospace k 3rd Column monospace i 4th Column monospace l 5th Column monospace l 6th Column monospace h 7th Column monospace i 8th Column monospace t 9th Column monospace l 10th Column monospace e 11th Column monospace r EndLayout"/>

      Eve, who doesn't really understand crypto, orders that Trudy be brought in for questioning.

upper K double-prime equals left-parenthesis 101 111 000 101 111 100 000 101 110 000 right-parenthesis period

      When the Allies “decrypt″ the ciphertext using this “key,″ they find

StartLayout 1st Row 1st Column Blank 2nd Column monospace s 3rd Column monospace r 4th Column monospace l 5th Column monospace h 6th Column monospace s 7th Column monospace s 8th Column monospace t 9th Column monospace h 10th Column monospace s 11th Column monospace r 2nd Row 1st Column upper C 2nd Column 110 3rd Column 101 4th Column 100 5th Column 001 6th Column 110 7th Column 110 8th Column 111 9th Column 001 10th Column 110 11th Column 101 3rd Row 1st Column upper K double-prime 2nd Column 111 3rd Column 101 4th Column 110 5th Column 101 6th Column 111 7th Column 100 8th Column 000 9th Column 101 10th Column 110 11th Column 000 4th Row 1st Column upper P double-prime 2nd Column 001 3rd Column 000 4th Column 010 5th Column 100 6th Column 001 7th Column 010 8th Column 111 9th Column 100 10th Column 000 11th Column 101 5th Row 1st Column Blank 2nd Column monospace h 3rd Column monospace e 4th Column monospace l 5th Column monospace i 6th Column monospace k 7th Column monospace e 8th Column monospace s 9th Column monospace i 10th Column monospace k 11th Column monospace e EndLayout

      The Allies proceed to give Trudy a medal for her work against the Nazis.

      While not a proof, these examples serve to illustrate why the one‐time pad is secure in a stronger sense than the ciphers we have previously considered. The bottom line is that if the key is chosen at random, and used only once, then an attacker who obtains the ciphertext has no useful information about the message itself—any “plaintext″ of the same length can be generated by a suitable choice of “key,″ and all possible plaintexts are equally likely. From a cryptographer's point of view, it doesn't get any better than that.

      Of course, we are assuming that the one‐time pad cipher is used correctly. The key (or pad) must be chosen at random and used only once. And, since it is a symmetric cipher, the key must be known by both the encryptor and the intended recipient—and nobody else can know the key.

      Since we can't do better than provable security, why don't we always use the one‐time pad? Unfortunately, the cipher is impractical for most applications. Why is this the case? The crucial problem is that the pad is the same length as the message and since the pad is the key, it must be securely shared with the intended recipient before the ciphertext can be decrypted. If we can securely transmit the pad, why not simply transmit the plaintext by the same means and do away with the encryption?

      Below, we'll see an historical example, where it actually did make sense to use a one‐time pad—in spite of its limitations. However, for modern high data‐rate systems, a one‐time pad cipher would generally be impractical.

      Why is it that the one‐time pad can only be used once? Suppose we have two plaintext messages upper P 1 and upper P 2, and we encrypted these as as upper C 1 equals upper P 1 circled-plus upper K and upper C 2 equals upper P 2 circled-plus upper K, that is, we have two messages encrypted with the same “one‐time″ pad upper K. In the cryptanalysis business, this is known as a depth. From these two one‐time pad ciphertexts in depth, we can compute

upper C 1 circled-plus upper C 2 equals upper P 1 circled-plus upper K circled-plus upper P 2 circled-plus upper K equals upper P 1 circled-plus upper P 2

      Let's consider an example of one‐time pad encryptions that are in depth. Using the same bit encoding as in Table 2.1, suppose we have

upper P 1 equals like equals left-parenthesis 100 010 011 000 right-parenthesis and upper P 2 equals kite equals left-parenthesis 011 010 111 000 right-parenthesis comma

      and both are encrypted with the same key upper K equals left-parenthesis 110 011 101 111 right-parenthesis. Then

StartLayout 1st Row 1st Column Blank 2nd Column monospace l 3rd Column monospace i 4th Column monospace k 5th Column monospace e 2nd Row 1st Column upper P 1 2nd Column 100 3rd Column 010 4th Column 011 5th Column 000 3rd Row 1st Column upper K 2nd Column 110 3rd Column 011 4th Column 101 5th Column 111 4th Row 1st Column upper C 1 2nd Column 010 3rd Column 001 4th Column 110 5th Column 111 5th Row 1st Column Blank 2nd Column monospace i 3rd Column monospace h 4th Column monospace s 5th Column monospace t EndLayout

      and

StartLayout 1st Row 1st Column Blank 2nd Column monospace k 3rd Column monospace i 4th Column monospace t 5th Column monospace e 2nd Row 1st Column upper P 2 2nd Column 011 3rd Column 010 4th Column 111 5th Column 000 3rd Row 1st Column upper K 2nd Column 110 3rd Column 011 4th Column 101 5th Column 111 4th Row 1st Column upper C 2 2nd Column 101 3rd Column 001 4th Column 010 5th Column 111 5th Row 1st Column Blank 2nd Column monospace r 3rd Column monospace h 4th Column monospace i 5th Column monospace t EndLayout

      If Trudy the cryptanalyst knows that the messages are in depth, she immediately sees that the second and fourth letters of upper P 1 and upper P 2 are the same, since the corresponding ciphertext letters are identical. But far more devastating is the fact that Trudy can now guess a putative message upper P 1 and check her results using upper P 2. Suppose that Trudy, who only knows upper C 1 and upper C 2, suspects that upper P 1 equals kill equals left-parenthesis 011 010 100 100 right-parenthesis. Then she can find