Communication Theory of Secrecy Systems - Network Research Lab
Communication Theory of Secrecy Systems - Network Research Lab
Communication Theory of Secrecy Systems - Network Research Lab
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>of</strong> the values <strong>of</strong> these. In this case, intercepting the message has given the<br />
cryptanalyst no information. 9 Any action <strong>of</strong> his which depends on the information<br />
contained in the cryptogram cannot be altered, for all <strong>of</strong> his probabilities<br />
as to what the cryptogram contains remain unchanged. On the other<br />
hand, if the condition is not satisfied there will exist situations in which the<br />
enemy has certain a priori probabilities, and certain key and message choices<br />
may occur for which the enemy’s probabilities do change. This in turn may<br />
affect his actions and thus perfect secrecy has not been obtained. Hence the<br />
definition given is necessarily required by our intuitive ideas <strong>of</strong> what perfect<br />
secrecy should mean.<br />
A necessary and sufficient condition for perfect secrecy can be found as<br />
follows: We have by Bayes’ theorem<br />
PE(M) =<br />
P (M)PM(E)<br />
P (E)<br />
in which:<br />
P (M) = a priori probability <strong>of</strong> message M.<br />
PM(E) = conditional probability <strong>of</strong> cryptogram E if message M is<br />
chosen i.e. the sum <strong>of</strong> the probabilities <strong>of</strong> all keys which<br />
produce cryptogram E from message M.<br />
P (E) = probability <strong>of</strong> obtaining cryptogram E from any cause.<br />
PE(M) = a posteriori probability <strong>of</strong> message M if cryptogram E is<br />
intercepted.<br />
For perfect secrecy PE(M) must equal P (M) for all E and all M. Hence<br />
either P (M) = 0, a solution that must be excluded since we demand the<br />
equality independent <strong>of</strong> the values <strong>of</strong> P (M), or<br />
PM(E) = P (E)<br />
for every M and E. Conversely if PM(E) = P (E) then<br />
PE(M) = P (M)<br />
and we have perfect secrecy. Thus we have the result:<br />
Theorem 6. A necessary and sufficient condition for perfect secrecy is that<br />
PM(E) = P (E)<br />
for all M and E. That is, PM(E) must be independent <strong>of</strong> M.<br />
Stated another way, the total probability <strong>of</strong> all keys that transform Mi<br />
9 A purist might object that the enemy has obtained some information in that he knows a message<br />
was sent. This may be answered by having among the messages a “blank” corresponding to “no<br />
message.” If no message is originated the blank is enciphered and sent as a cryptogram. Then even<br />
this modicum <strong>of</strong> remaining information is eliminated.<br />
680