SlideShare a Scribd company logo

Alice uses a biased coin to create a one-time pad to encrypt a messa.pdf

D
dhavalbl38

Alice uses a biased coin to create a one-time pad to encrypt a message m of 1 bit. The coin comes up 1 (Heads) 60% of the times and 0 (Tails) 40% of the times. Alice sends 0 as a message 75% of the times and 1 as a message 25% of the times. All of this is publicly known. Eve sees cipher c = 1. What was the probability that m = 1? Solution An encryption scheme (E, D) is perfectly secret if there for every set M {0, 1} ` of plaintexts, and for every strategy used by Eve, if we choose at random m M and a random key k {0, 1} n, then the probability that Eve guesses m after seeing Ek(m) is at most 1/|M|. In particular, if we encrypt either “Yes” or “No” with probability 1/2, then Eve won’t be able to guess which one it is with probability better than half. In fact, that turns out to be the heart of the matter: Two to Many Theorem: An encryption scheme (E, D) is perfectly secret if and only if for every two distinct plaintexts {m0, m1} {0, 1} ` and every strategy used by Eve, if we choose at random b {0, 1} and a random key k {0, 1} n, then the probability that Eve guesses mb after seeing Ek(mb) is at most 1/2. Proof: The “only if” direction is obvious— this condition is a special case of the perfect secrecy condition for a set m of size 2 The “if” direction is trickier. We need to show that if there is some set M (of size possibly much larger than 2) and some strategy for Eve to guess (based on the ciphertext) a plaintext chosen from M with probability larger than 1/|M|, then there is also some set M0 of size two and a strategy Eve0 for Eve to guess a plaintext chosen from M0 with probability larger than 1/2. Let’s fix the message m0 for example to be the all zeroes message. Since Eve(Ek(m0)) is a fixed string, if we pick a random m1 from M then it holds that Pr[Eve(Ek(m0)) = m1] 1/|M| while under our assumption, on average it holds that Pr[Eve(Ek(m1)) = m1] > 1/|M| Thus in particular, due to linearity of expectation, there exists some m1 satisfying Pr[Eve(Ek(m1)) = m1] > Pr[Eve(Ek(m0)) = m1] . But this can be turned into an attacker Eve0 such that the probability that Eve0 (Ek(mb)) = mb is larger than 1/2. Indeed, we can define Eve0 (c) to output m1 if Eve(c) = m1 and otherwise output a random message in {m0, m1}. The probability that Eve0 (c) equals m1 is higher when c = Ek(m1) than when c = Ek(m0), and since Eve0 outputs either m0 or m1, this means that the probability that Eve0 (Ek(mb)) = mb is larger than 1/2 (Can you see why?) QED. Exercise: Another equivalent condition for perfect secrecy is the following: (E, D) is perfectly secret if for every plaintexts m, m0 {0, 1} ` , the two random variables {Ek(m)} and {Ek0 (m0 )} (for randomly chosen keys k and k 0 ) have precisely the same distribution. So, perfect secrecy is a natural condition, and does not seem to be too weak for applications, but can it actually be achieved? After all, the condition that two different plaintexts are mapped to the same distribution seems somewhat at odds with th.

Education
1 of 3
Download to read offline
Alice uses a biased coin to create a one-time pad to encrypt a message m of 1 bit. The coin comes up 1 (Heads) 60% of the times and 0 (Tails) 40% of the times. Alice sends 0 as a message 75% of the times and 1 as a message 25% of the times. All of this is publicly known. Eve sees cipher c = 1. What was the probability that m = 1? Solution An encryption scheme (E, D) is perfectly secret if there for every set M {0, 1} ` of plaintexts, and for every strategy used by Eve, if we choose at random m M and a random key k {0, 1} n, then the probability that Eve guesses m after seeing Ek(m) is at most 1/|M|. In particular, if we encrypt either “Yes” or “No” with probability 1/2, then Eve won’t be able to guess which one it is with probability better than half. In fact, that turns out to be the heart of the matter: Two to Many Theorem: An encryption scheme (E, D) is perfectly secret if and only if for every two distinct plaintexts {m0, m1} {0, 1} ` and every strategy used by Eve, if we choose at random b {0, 1} and a random key k {0, 1} n, then the probability that Eve guesses mb after seeing Ek(mb) is at most 1/2. Proof: The “only if” direction is obvious— this condition is a special case of the perfect secrecy condition for a set m of size 2 The “if” direction is trickier. We need to show that if there is some set M (of size possibly much larger than 2) and some strategy for Eve to guess (based on the ciphertext) a plaintext chosen from M with probability larger than 1/|M|, then there is also some set M0 of size two and a strategy Eve0 for Eve to guess a plaintext chosen from M0 with probability larger than 1/2. Let’s fix the message m0 for example to be the all zeroes message. Since Eve(Ek(m0)) is a fixed string, if we pick a random m1 from M then it holds that Pr[Eve(Ek(m0)) = m1] 1/|M| while under our assumption, on average it holds that Pr[Eve(Ek(m1)) = m1] > 1/|M| Thus in particular, due to linearity of expectation, there exists some m1 satisfying Pr[Eve(Ek(m1)) = m1] > Pr[Eve(Ek(m0)) = m1] . But this can be turned into an attacker Eve0 such that the probability that Eve0 (Ek(mb)) = mb is larger than 1/2. Indeed, we can define Eve0 (c) to output m1 if Eve(c) = m1 and otherwise output a random message in {m0, m1}. The probability that Eve0 (c) equals m1 is higher when c = Ek(m1) than when c = Ek(m0), and since Eve0 outputs either m0 or m1, this means that the probability that Eve0 (Ek(mb)) = mb is larger than 1/2 (Can you see why?) QED.
Exercise: Another equivalent condition for perfect secrecy is the following: (E, D) is perfectly secret if for every plaintexts m, m0 {0, 1} ` , the two random variables {Ek(m)} and {Ek0 (m0 )} (for randomly chosen keys k and k 0 ) have precisely the same distribution. So, perfect secrecy is a natural condition, and does not seem to be too weak for applications, but can it actually be achieved? After all, the condition that two different plaintexts are mapped to the same distribution seems somewhat at odds with the condition that Bob would succeed in decrypting the ciphertexts and find out if the plaintext was in fact m or m0 . It turns out the answer is yes! For example, the table below details a perfectly secret encryption for two bits. Table 1: A perfectly secret encryption scheme with 2 bit keys, plaintexts, and ciphertexts; the rows are indexed by possible ciphertexts, the columns indexed by possible plaintexts, and the (c, m) location of the matrix corresponds to the key that maps m to c. ============================================= Plain: 00 01 10 11 Cipher: 00 00 01 10 11 01 01 00 11 10 10 10 11 00 01 11 11 10 01 00 ============================================== In fact, this can be generalized to any number of bits: Theorem (One time pad, Vernam 1917): For every n, there is a perfectly secret encryption (E, D) with plaintexts of n bits, where the key size and the ciphertext size is also n. Proof: The encryption scheme is actually very simple - to encrypt a message m {0, 1} n with key k {0, 1} n, we output Ek(m) = m k where is the exclusive or (XOR) operation. That is, m k is a vector in {0, 1} n such that (m k)i = ki + mi (mod 2). Decryption works identically - Dk(c) = c k. It is not hard to use the associativity of addition (and in particular XOR) to verify that Dk(Ek(m)) = (m k) k = m (k k) = m where the last equality follows from k k = 0n (can you see why?). Now we claim that for every message m {0, 1} n, the distribution Ek(m) for a random k is the uniform distribution Un on {0, 1} n. By the exercise above, this implies that the scheme is perfectly secret, since for every two messages m, m0 the distributions {Ek(m)} and {Ek0 (m0 )} will both be equal to the uniform distribution. To prove the claim we need to show that for every y {0, 1} n, Pr[Ek(m) = y] = 2n where this probability is taken over the choice of a random k {0, 1} n. Now note that Ek(m) = y if and only if m k = y or, equivalently, k = m y. Since k is chosen uniformly at random in {0, 1} n, the probability that it equals m y is exactly 2 n QED. Note: Importance of using the one time pad only once:
The “one time pad” is a name analogous to the “point away from yourself gun”- the name suggests the fatal mistake people often end up doing. Perhaps the most dramatic example of the dangers of “key reuse” is the Venona Project. The Soviets have used the one-time pad for their confidential communication since before the 1940’s (WHEN?), and in fact even before Shannon apparently the U.S. intelligence already knew that it is in principle “unbreakable” in 1941 (see page 32 in the Venona document )). However, it turned out that the hassles of manufacturing so many keys for all the communication took its toll on the Soviets and they ended up reusing the same keys for more than one message, though they tried to use them for completely different receivers in the (false) hope that this wouldn’t be detected. The Venona project of the U.S. Army was founded in February 1943 by Gene Grabeel- a former highschool teacher from Madison Heights, Virgnia and Lt. Leonard Zukbo. In October 1943, they had their breakthrough when it was discovered that the Russians are reusing their keys (credit to this discovery is shared by Lt. Richard Hallock, Carrie Berry, Frank Lewis, and Lt. Karl Elmquist, see page 27 in the document). In the 37 years of its existence, the project has resulted in a treasure chest of intelligence, exposing hundreds of KGB agents and Russian spies in the U.S. and other countries, including Julius Rosenberg, Harry Gold, Klaus Fuchs, Alger Hiss, Harry Dexter White and many others.

Recommended

Losseless
LosselessLosseless
Losselessanithabalaprabhu
 
Excel Homework Help
Excel Homework HelpExcel Homework Help
Excel Homework HelpExcel Homework Help
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpExcel Homework Help
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyNishant Bhardwaj
 
Montecarlophd
MontecarlophdMontecarlophd
MontecarlophdMarco Delogu
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpStatistics Homework Helper
 
Statistics Homework Help
Statistics Homework HelpStatistics Homework Help
Statistics Homework HelpStatistics Homework Helper
 
Machine learning (10)
Machine learning (10)Machine learning (10)
Machine learning (10)NYversity
 

Recommended

Losseless
LosselessLosseless
Losselessanithabalaprabhu
 
Excel Homework Help
Excel Homework HelpExcel Homework Help
Excel Homework HelpExcel Homework Help
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpExcel Homework Help
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyNishant Bhardwaj
 
Montecarlophd
MontecarlophdMontecarlophd
MontecarlophdMarco Delogu
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpStatistics Homework Helper
 
Statistics Homework Help
Statistics Homework HelpStatistics Homework Help
Statistics Homework HelpStatistics Homework Helper
 
Machine learning (10)
Machine learning (10)Machine learning (10)
Machine learning (10)NYversity
 
Double slit interference
Double slit interferenceDouble slit interference
Double slit interferenceIan Whey
 
Quantum Noise and Error Correction
Quantum Noise and Error CorrectionQuantum Noise and Error Correction
Quantum Noise and Error CorrectionDaniel Bulhosa Solórzano
 
Exponential function
Exponential functionExponential function
Exponential functionInternational advisers
 
bloomfilter.ppt
bloomfilter.pptbloomfilter.ppt
bloomfilter.pptkashvirelhan1
 
bloomfilter.ppt
bloomfilter.pptbloomfilter.ppt
bloomfilter.pptkashvirelhan1
 
bloomfilter.ppt
bloomfilter.pptbloomfilter.ppt
bloomfilter.pptkashvirelhan1
 
probability assignment help (2)
probability assignment help (2)probability assignment help (2)
probability assignment help (2)Statistics Homework Helper
 
Probability Homework Help
Probability Homework HelpProbability Homework Help
Probability Homework HelpStatistics Homework Helper
 
Security protocols
Security protocolsSecurity protocols
Security protocolsAbhijit Mondal
 
Euler circuits and dna sequencing by hybridization
Euler circuits and dna sequencing by hybridizationEuler circuits and dna sequencing by hybridization
Euler circuits and dna sequencing by hybridizationMountville Mills
 
Math for Intelligent Systems - 01 Linear Algebra 01 Vector Spaces
Math for Intelligent Systems - 01 Linear Algebra 01 Vector SpacesMath for Intelligent Systems - 01 Linear Algebra 01 Vector Spaces
Math for Intelligent Systems - 01 Linear Algebra 01 Vector SpacesAndres Mendez-Vazquez
 
Black hole formation by incoming electromagnetic radiation
Black hole formation by incoming electromagnetic radiation Black hole formation by incoming electromagnetic radiation
Black hole formation by incoming electromagnetic radiationXequeMateShannon
 
Cypher technique
Cypher techniqueCypher technique
Cypher techniqueZubair CH
 
Primes: a quick tour to spplications and challenges!
Primes: a quick tour to spplications and challenges!Primes: a quick tour to spplications and challenges!
Primes: a quick tour to spplications and challenges!Ashutosh Tripathi
 
1979 Optimal diffusions in a random environment
1979 Optimal diffusions in a random environment1979 Optimal diffusions in a random environment
1979 Optimal diffusions in a random environmentBob Marcus
 
International Journal of Mathematics and Statistics Invention (IJMSI)
International Journal of Mathematics and Statistics Invention (IJMSI)International Journal of Mathematics and Statistics Invention (IJMSI)
International Journal of Mathematics and Statistics Invention (IJMSI)inventionjournals
 
Imagine a spherical balloon filled wild helium- the balloon itself is.pdf
Imagine a spherical balloon filled wild helium- the balloon itself is.pdfImagine a spherical balloon filled wild helium- the balloon itself is.pdf
Imagine a spherical balloon filled wild helium- the balloon itself is.pdfdhavalbl38
 
If a substance has a pH of 4, is it acidic or basic. What type of io.pdf
If a substance has a pH of 4, is it acidic or basic. What type of io.pdfIf a substance has a pH of 4, is it acidic or basic. What type of io.pdf
If a substance has a pH of 4, is it acidic or basic. What type of io.pdfdhavalbl38
 
Help with answering these questions for my Human Health Class Biolog.pdf
Help with answering these questions for my Human Health Class Biolog.pdfHelp with answering these questions for my Human Health Class Biolog.pdf
Help with answering these questions for my Human Health Class Biolog.pdfdhavalbl38
 
For each task, submit your source java code file.(1) Objective Im.pdf
For each task, submit your source java code file.(1) Objective Im.pdfFor each task, submit your source java code file.(1) Objective Im.pdf
For each task, submit your source java code file.(1) Objective Im.pdfdhavalbl38
 
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdf
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdfEmperor penguins live on a diet of fish and crustaceans obtained fro.pdf
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdfdhavalbl38
 
Even before the Ownership Society programs of Presidents Clinton.pdf
Even before the Ownership Society programs of Presidents Clinton.pdfEven before the Ownership Society programs of Presidents Clinton.pdf
Even before the Ownership Society programs of Presidents Clinton.pdfdhavalbl38
 

More Related Content

Similar to Alice uses a biased coin to create a one-time pad to encrypt a messa.pdf

Double slit interference
Double slit interferenceDouble slit interference
Double slit interferenceIan Whey
 
Euler circuits and dna sequencing by hybridization
Euler circuits and dna sequencing by hybridizationEuler circuits and dna sequencing by hybridization
Euler circuits and dna sequencing by hybridizationMountville Mills
 
Math for Intelligent Systems - 01 Linear Algebra 01 Vector Spaces
Math for Intelligent Systems - 01 Linear Algebra 01 Vector SpacesMath for Intelligent Systems - 01 Linear Algebra 01 Vector Spaces
Math for Intelligent Systems - 01 Linear Algebra 01 Vector SpacesAndres Mendez-Vazquez
 
Black hole formation by incoming electromagnetic radiation
Black hole formation by incoming electromagnetic radiation Black hole formation by incoming electromagnetic radiation
Black hole formation by incoming electromagnetic radiationXequeMateShannon
 
Cypher technique
Cypher techniqueCypher technique
Cypher techniqueZubair CH
 
Primes: a quick tour to spplications and challenges!
Primes: a quick tour to spplications and challenges!Primes: a quick tour to spplications and challenges!
Primes: a quick tour to spplications and challenges!Ashutosh Tripathi
 
1979 Optimal diffusions in a random environment
1979 Optimal diffusions in a random environment1979 Optimal diffusions in a random environment
1979 Optimal diffusions in a random environmentBob Marcus
 
International Journal of Mathematics and Statistics Invention (IJMSI)
International Journal of Mathematics and Statistics Invention (IJMSI)International Journal of Mathematics and Statistics Invention (IJMSI)
International Journal of Mathematics and Statistics Invention (IJMSI)inventionjournals
 

Similar to Alice uses a biased coin to create a one-time pad to encrypt a messa.pdf (16)

Double slit interference
Double slit interferenceDouble slit interference
Double slit interference
 
Quantum Noise and Error Correction
Quantum Noise and Error CorrectionQuantum Noise and Error Correction
Quantum Noise and Error Correction
 
Exponential function
Exponential functionExponential function
Exponential function
 
bloomfilter.ppt
bloomfilter.pptbloomfilter.ppt
bloomfilter.ppt
 
bloomfilter.ppt
bloomfilter.pptbloomfilter.ppt
bloomfilter.ppt
 
bloomfilter.ppt
bloomfilter.pptbloomfilter.ppt
bloomfilter.ppt
 
probability assignment help (2)
probability assignment help (2)probability assignment help (2)
probability assignment help (2)
 
Probability Homework Help
Probability Homework HelpProbability Homework Help
Probability Homework Help
 
Security protocols
Security protocolsSecurity protocols
Security protocols
 
Euler circuits and dna sequencing by hybridization
Euler circuits and dna sequencing by hybridizationEuler circuits and dna sequencing by hybridization
Euler circuits and dna sequencing by hybridization
 
Math for Intelligent Systems - 01 Linear Algebra 01 Vector Spaces
Math for Intelligent Systems - 01 Linear Algebra 01 Vector SpacesMath for Intelligent Systems - 01 Linear Algebra 01 Vector Spaces
Math for Intelligent Systems - 01 Linear Algebra 01 Vector Spaces
 
Black hole formation by incoming electromagnetic radiation
Black hole formation by incoming electromagnetic radiation Black hole formation by incoming electromagnetic radiation
Black hole formation by incoming electromagnetic radiation
 
Cypher technique
Cypher techniqueCypher technique
Cypher technique
 
Primes: a quick tour to spplications and challenges!
Primes: a quick tour to spplications and challenges!Primes: a quick tour to spplications and challenges!
Primes: a quick tour to spplications and challenges!
 
1979 Optimal diffusions in a random environment
1979 Optimal diffusions in a random environment1979 Optimal diffusions in a random environment
1979 Optimal diffusions in a random environment
 
International Journal of Mathematics and Statistics Invention (IJMSI)
International Journal of Mathematics and Statistics Invention (IJMSI)International Journal of Mathematics and Statistics Invention (IJMSI)
International Journal of Mathematics and Statistics Invention (IJMSI)
 

More from dhavalbl38

Imagine a spherical balloon filled wild helium- the balloon itself is.pdf
Imagine a spherical balloon filled wild helium- the balloon itself is.pdfImagine a spherical balloon filled wild helium- the balloon itself is.pdf
Imagine a spherical balloon filled wild helium- the balloon itself is.pdfdhavalbl38
 
If a substance has a pH of 4, is it acidic or basic. What type of io.pdf
If a substance has a pH of 4, is it acidic or basic. What type of io.pdfIf a substance has a pH of 4, is it acidic or basic. What type of io.pdf
If a substance has a pH of 4, is it acidic or basic. What type of io.pdfdhavalbl38
 
Help with answering these questions for my Human Health Class Biolog.pdf
Help with answering these questions for my Human Health Class Biolog.pdfHelp with answering these questions for my Human Health Class Biolog.pdf
Help with answering these questions for my Human Health Class Biolog.pdfdhavalbl38
 
For each task, submit your source java code file.(1) Objective Im.pdf
For each task, submit your source java code file.(1) Objective Im.pdfFor each task, submit your source java code file.(1) Objective Im.pdf
For each task, submit your source java code file.(1) Objective Im.pdfdhavalbl38
 
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdf
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdfEmperor penguins live on a diet of fish and crustaceans obtained fro.pdf
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdfdhavalbl38
 
Even before the Ownership Society programs of Presidents Clinton.pdf
Even before the Ownership Society programs of Presidents Clinton.pdfEven before the Ownership Society programs of Presidents Clinton.pdf
Even before the Ownership Society programs of Presidents Clinton.pdfdhavalbl38
 
Do the following picSolutionHere is the solution for the .pdf
Do the following picSolutionHere is the solution for the .pdfDo the following picSolutionHere is the solution for the .pdf
Do the following picSolutionHere is the solution for the .pdfdhavalbl38
 
Can one mRNA be translated into more than one protein sequence Can .pdf
Can one mRNA be translated into more than one protein sequence Can .pdfCan one mRNA be translated into more than one protein sequence Can .pdf
Can one mRNA be translated into more than one protein sequence Can .pdfdhavalbl38
 
why is there an uneven distribution of photosystem 1 and 2 on the th.pdf
why is there an uneven distribution of photosystem 1 and 2 on the th.pdfwhy is there an uneven distribution of photosystem 1 and 2 on the th.pdf
why is there an uneven distribution of photosystem 1 and 2 on the th.pdfdhavalbl38
 
Which of the following are examples of cell signaling Choose all tha.pdf
Which of the following are examples of cell signaling Choose all tha.pdfWhich of the following are examples of cell signaling Choose all tha.pdf
Which of the following are examples of cell signaling Choose all tha.pdfdhavalbl38
 
What is the purpose of testing a program with different dataSol.pdf
What is the purpose of testing a program with different dataSol.pdfWhat is the purpose of testing a program with different dataSol.pdf
What is the purpose of testing a program with different dataSol.pdfdhavalbl38
 
what are the factors contributing to the rise in global media Will .pdf
what are the factors contributing to the rise in global media Will .pdfwhat are the factors contributing to the rise in global media Will .pdf
what are the factors contributing to the rise in global media Will .pdfdhavalbl38
 
WACC of Alibaba company WACC of Alibaba companySolutionTh.pdf
WACC of Alibaba company WACC of Alibaba companySolutionTh.pdfWACC of Alibaba company WACC of Alibaba companySolutionTh.pdf
WACC of Alibaba company WACC of Alibaba companySolutionTh.pdfdhavalbl38
 
Two particles A and B of equal mass have velocities as shown in the f.pdf
Two particles A and B of equal mass have velocities as shown in the f.pdfTwo particles A and B of equal mass have velocities as shown in the f.pdf
Two particles A and B of equal mass have velocities as shown in the f.pdfdhavalbl38
 
The forecast equation for mean wind in a turbulent flow is U_it + .pdf
The forecast equation for mean wind in a turbulent flow is U_it + .pdfThe forecast equation for mean wind in a turbulent flow is U_it + .pdf
The forecast equation for mean wind in a turbulent flow is U_it + .pdfdhavalbl38
 
The image below is of a charged moving in a uniform magnetic field. I.pdf
The image below is of a charged moving in a uniform magnetic field. I.pdfThe image below is of a charged moving in a uniform magnetic field. I.pdf
The image below is of a charged moving in a uniform magnetic field. I.pdfdhavalbl38
 
The concept of a sampling distributionA-Is essential for drawing c.pdf
The concept of a sampling distributionA-Is essential for drawing c.pdfThe concept of a sampling distributionA-Is essential for drawing c.pdf
The concept of a sampling distributionA-Is essential for drawing c.pdfdhavalbl38
 
The diets common to some cultures emphasize meat. Meat, milk, and br.pdf
The diets common to some cultures emphasize meat. Meat, milk, and br.pdfThe diets common to some cultures emphasize meat. Meat, milk, and br.pdf
The diets common to some cultures emphasize meat. Meat, milk, and br.pdfdhavalbl38
 
aed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdf
aed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdfaed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdf
aed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdfdhavalbl38
 
t t Deg g olthe year.) 4.9 An engineering construction firm is .pdf
t t Deg g olthe year.) 4.9 An engineering construction firm is .pdft t Deg g olthe year.) 4.9 An engineering construction firm is .pdf
t t Deg g olthe year.) 4.9 An engineering construction firm is .pdfdhavalbl38
 

More from dhavalbl38 (20)

Imagine a spherical balloon filled wild helium- the balloon itself is.pdf
Imagine a spherical balloon filled wild helium- the balloon itself is.pdfImagine a spherical balloon filled wild helium- the balloon itself is.pdf
Imagine a spherical balloon filled wild helium- the balloon itself is.pdf
 
If a substance has a pH of 4, is it acidic or basic. What type of io.pdf
If a substance has a pH of 4, is it acidic or basic. What type of io.pdfIf a substance has a pH of 4, is it acidic or basic. What type of io.pdf
If a substance has a pH of 4, is it acidic or basic. What type of io.pdf
 
Help with answering these questions for my Human Health Class Biolog.pdf
Help with answering these questions for my Human Health Class Biolog.pdfHelp with answering these questions for my Human Health Class Biolog.pdf
Help with answering these questions for my Human Health Class Biolog.pdf
 
For each task, submit your source java code file.(1) Objective Im.pdf
For each task, submit your source java code file.(1) Objective Im.pdfFor each task, submit your source java code file.(1) Objective Im.pdf
For each task, submit your source java code file.(1) Objective Im.pdf
 
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdf
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdfEmperor penguins live on a diet of fish and crustaceans obtained fro.pdf
Emperor penguins live on a diet of fish and crustaceans obtained fro.pdf
 
Even before the Ownership Society programs of Presidents Clinton.pdf
Even before the Ownership Society programs of Presidents Clinton.pdfEven before the Ownership Society programs of Presidents Clinton.pdf
Even before the Ownership Society programs of Presidents Clinton.pdf
 
Do the following picSolutionHere is the solution for the .pdf
Do the following picSolutionHere is the solution for the .pdfDo the following picSolutionHere is the solution for the .pdf
Do the following picSolutionHere is the solution for the .pdf
 
Can one mRNA be translated into more than one protein sequence Can .pdf
Can one mRNA be translated into more than one protein sequence Can .pdfCan one mRNA be translated into more than one protein sequence Can .pdf
Can one mRNA be translated into more than one protein sequence Can .pdf
 
why is there an uneven distribution of photosystem 1 and 2 on the th.pdf
why is there an uneven distribution of photosystem 1 and 2 on the th.pdfwhy is there an uneven distribution of photosystem 1 and 2 on the th.pdf
why is there an uneven distribution of photosystem 1 and 2 on the th.pdf
 
Which of the following are examples of cell signaling Choose all tha.pdf
Which of the following are examples of cell signaling Choose all tha.pdfWhich of the following are examples of cell signaling Choose all tha.pdf
Which of the following are examples of cell signaling Choose all tha.pdf
 
What is the purpose of testing a program with different dataSol.pdf
What is the purpose of testing a program with different dataSol.pdfWhat is the purpose of testing a program with different dataSol.pdf
What is the purpose of testing a program with different dataSol.pdf
 
what are the factors contributing to the rise in global media Will .pdf
what are the factors contributing to the rise in global media Will .pdfwhat are the factors contributing to the rise in global media Will .pdf
what are the factors contributing to the rise in global media Will .pdf
 
WACC of Alibaba company WACC of Alibaba companySolutionTh.pdf
WACC of Alibaba company WACC of Alibaba companySolutionTh.pdfWACC of Alibaba company WACC of Alibaba companySolutionTh.pdf
WACC of Alibaba company WACC of Alibaba companySolutionTh.pdf
 
Two particles A and B of equal mass have velocities as shown in the f.pdf
Two particles A and B of equal mass have velocities as shown in the f.pdfTwo particles A and B of equal mass have velocities as shown in the f.pdf
Two particles A and B of equal mass have velocities as shown in the f.pdf
 
The forecast equation for mean wind in a turbulent flow is U_it + .pdf
The forecast equation for mean wind in a turbulent flow is U_it + .pdfThe forecast equation for mean wind in a turbulent flow is U_it + .pdf
The forecast equation for mean wind in a turbulent flow is U_it + .pdf
 
The image below is of a charged moving in a uniform magnetic field. I.pdf
The image below is of a charged moving in a uniform magnetic field. I.pdfThe image below is of a charged moving in a uniform magnetic field. I.pdf
The image below is of a charged moving in a uniform magnetic field. I.pdf
 
The concept of a sampling distributionA-Is essential for drawing c.pdf
The concept of a sampling distributionA-Is essential for drawing c.pdfThe concept of a sampling distributionA-Is essential for drawing c.pdf
The concept of a sampling distributionA-Is essential for drawing c.pdf
 
The diets common to some cultures emphasize meat. Meat, milk, and br.pdf
The diets common to some cultures emphasize meat. Meat, milk, and br.pdfThe diets common to some cultures emphasize meat. Meat, milk, and br.pdf
The diets common to some cultures emphasize meat. Meat, milk, and br.pdf
 
aed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdf
aed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdfaed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdf
aed by genes at two loci R. rand P. p). A walnut comb is at one Tocus.pdf
 
t t Deg g olthe year.) 4.9 An engineering construction firm is .pdf
t t Deg g olthe year.) 4.9 An engineering construction firm is .pdft t Deg g olthe year.) 4.9 An engineering construction firm is .pdf
t t Deg g olthe year.) 4.9 An engineering construction firm is .pdf
 

Recently uploaded

REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....Ritu480198
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxakanksha16arora
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfstareducators107
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...EduSkills OECD
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Celine George
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPooky Knightsmith
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111GangaMaiya1
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17Celine George
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonhttgc7rh9c
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 

Recently uploaded (20)

Including Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdfIncluding Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdf
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 

Alice uses a biased coin to create a one-time pad to encrypt a messa.pdf

  • 1. Alice uses a biased coin to create a one-time pad to encrypt a message m of 1 bit. The coin comes up 1 (Heads) 60% of the times and 0 (Tails) 40% of the times. Alice sends 0 as a message 75% of the times and 1 as a message 25% of the times. All of this is publicly known. Eve sees cipher c = 1. What was the probability that m = 1? Solution An encryption scheme (E, D) is perfectly secret if there for every set M {0, 1} ` of plaintexts, and for every strategy used by Eve, if we choose at random m M and a random key k {0, 1} n, then the probability that Eve guesses m after seeing Ek(m) is at most 1/|M|. In particular, if we encrypt either “Yes” or “No” with probability 1/2, then Eve won’t be able to guess which one it is with probability better than half. In fact, that turns out to be the heart of the matter: Two to Many Theorem: An encryption scheme (E, D) is perfectly secret if and only if for every two distinct plaintexts {m0, m1} {0, 1} ` and every strategy used by Eve, if we choose at random b {0, 1} and a random key k {0, 1} n, then the probability that Eve guesses mb after seeing Ek(mb) is at most 1/2. Proof: The “only if” direction is obvious— this condition is a special case of the perfect secrecy condition for a set m of size 2 The “if” direction is trickier. We need to show that if there is some set M (of size possibly much larger than 2) and some strategy for Eve to guess (based on the ciphertext) a plaintext chosen from M with probability larger than 1/|M|, then there is also some set M0 of size two and a strategy Eve0 for Eve to guess a plaintext chosen from M0 with probability larger than 1/2. Let’s fix the message m0 for example to be the all zeroes message. Since Eve(Ek(m0)) is a fixed string, if we pick a random m1 from M then it holds that Pr[Eve(Ek(m0)) = m1] 1/|M| while under our assumption, on average it holds that Pr[Eve(Ek(m1)) = m1] > 1/|M| Thus in particular, due to linearity of expectation, there exists some m1 satisfying Pr[Eve(Ek(m1)) = m1] > Pr[Eve(Ek(m0)) = m1] . But this can be turned into an attacker Eve0 such that the probability that Eve0 (Ek(mb)) = mb is larger than 1/2. Indeed, we can define Eve0 (c) to output m1 if Eve(c) = m1 and otherwise output a random message in {m0, m1}. The probability that Eve0 (c) equals m1 is higher when c = Ek(m1) than when c = Ek(m0), and since Eve0 outputs either m0 or m1, this means that the probability that Eve0 (Ek(mb)) = mb is larger than 1/2 (Can you see why?) QED.
  • 2. Exercise: Another equivalent condition for perfect secrecy is the following: (E, D) is perfectly secret if for every plaintexts m, m0 {0, 1} ` , the two random variables {Ek(m)} and {Ek0 (m0 )} (for randomly chosen keys k and k 0 ) have precisely the same distribution. So, perfect secrecy is a natural condition, and does not seem to be too weak for applications, but can it actually be achieved? After all, the condition that two different plaintexts are mapped to the same distribution seems somewhat at odds with the condition that Bob would succeed in decrypting the ciphertexts and find out if the plaintext was in fact m or m0 . It turns out the answer is yes! For example, the table below details a perfectly secret encryption for two bits. Table 1: A perfectly secret encryption scheme with 2 bit keys, plaintexts, and ciphertexts; the rows are indexed by possible ciphertexts, the columns indexed by possible plaintexts, and the (c, m) location of the matrix corresponds to the key that maps m to c. ============================================= Plain: 00 01 10 11 Cipher: 00 00 01 10 11 01 01 00 11 10 10 10 11 00 01 11 11 10 01 00 ============================================== In fact, this can be generalized to any number of bits: Theorem (One time pad, Vernam 1917): For every n, there is a perfectly secret encryption (E, D) with plaintexts of n bits, where the key size and the ciphertext size is also n. Proof: The encryption scheme is actually very simple - to encrypt a message m {0, 1} n with key k {0, 1} n, we output Ek(m) = m k where is the exclusive or (XOR) operation. That is, m k is a vector in {0, 1} n such that (m k)i = ki + mi (mod 2). Decryption works identically - Dk(c) = c k. It is not hard to use the associativity of addition (and in particular XOR) to verify that Dk(Ek(m)) = (m k) k = m (k k) = m where the last equality follows from k k = 0n (can you see why?). Now we claim that for every message m {0, 1} n, the distribution Ek(m) for a random k is the uniform distribution Un on {0, 1} n. By the exercise above, this implies that the scheme is perfectly secret, since for every two messages m, m0 the distributions {Ek(m)} and {Ek0 (m0 )} will both be equal to the uniform distribution. To prove the claim we need to show that for every y {0, 1} n, Pr[Ek(m) = y] = 2n where this probability is taken over the choice of a random k {0, 1} n. Now note that Ek(m) = y if and only if m k = y or, equivalently, k = m y. Since k is chosen uniformly at random in {0, 1} n, the probability that it equals m y is exactly 2 n QED. Note: Importance of using the one time pad only once:
  • 3. The “one time pad” is a name analogous to the “point away from yourself gun”- the name suggests the fatal mistake people often end up doing. Perhaps the most dramatic example of the dangers of “key reuse” is the Venona Project. The Soviets have used the one-time pad for their confidential communication since before the 1940’s (WHEN?), and in fact even before Shannon apparently the U.S. intelligence already knew that it is in principle “unbreakable” in 1941 (see page 32 in the Venona document )). However, it turned out that the hassles of manufacturing so many keys for all the communication took its toll on the Soviets and they ended up reusing the same keys for more than one message, though they tried to use them for completely different receivers in the (false) hope that this wouldn’t be detected. The Venona project of the U.S. Army was founded in February 1943 by Gene Grabeel- a former highschool teacher from Madison Heights, Virgnia and Lt. Leonard Zukbo. In October 1943, they had their breakthrough when it was discovered that the Russians are reusing their keys (credit to this discovery is shared by Lt. Richard Hallock, Carrie Berry, Frank Lewis, and Lt. Karl Elmquist, see page 27 in the document). In the 37 years of its existence, the project has resulted in a treasure chest of intelligence, exposing hundreds of KGB agents and Russian spies in the U.S. and other countries, including Julius Rosenberg, Harry Gold, Klaus Fuchs, Alger Hiss, Harry Dexter White and many others.