Communication Theory of Secrecy Systems - Network Research Lab
Communication Theory of Secrecy Systems - Network Research Lab
Communication Theory of Secrecy Systems - Network Research Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
In a secrecy system there are two statistical choices involved, that <strong>of</strong> the message<br />
and <strong>of</strong> the key. We may measure the amount <strong>of</strong> information produced<br />
when a message is chosen by H(M):<br />
H(M) = − P (M) log P (M),<br />
the summation being over all possible messages. Similarly, there is an uncertainty<br />
associated with the choice <strong>of</strong> key given by:<br />
H(K) = − P (K) log P (K).<br />
In perfect systems <strong>of</strong> the type described above, the amount <strong>of</strong> information<br />
in the message is at most log n (occurring when all messages are equiprobable).<br />
This information can be concealed completely only if the key uncertainty<br />
is at least log n. This is the first example <strong>of</strong> a general principle which<br />
will appear frequently: that there is a limit to what we can obtain with a given<br />
uncertainty in key—the amount <strong>of</strong> uncertainty we can introduce into the solution<br />
cannot be greater than the key uncertainty.<br />
The situation is somewhat more complicated if the number <strong>of</strong> messages<br />
is infinite. Suppose, for example, that they are generated as infinite sequences<br />
<strong>of</strong> letters by a suitable Mark<strong>of</strong>f process. It is clear that no finite key will give<br />
perfect secrecy. We suppose, then, that the key source generates key in the<br />
same manner, that is, as an infinite sequence <strong>of</strong> symbols. Suppose further that<br />
only a certain length <strong>of</strong> key LK is needed to encipher and decipher a length<br />
LM <strong>of</strong> message. Let the logarithm <strong>of</strong> the number <strong>of</strong> letters in the message<br />
alphabet be RM and that for the key alphabet be RK. Then, from the finite<br />
case, it is evident that perfect secrecy requires<br />
RMLM≤RKLK.<br />
This type <strong>of</strong> perfect secrecy is realized by the Vernam system.<br />
These results have been deduced on the basis <strong>of</strong> unknown or arbitrary<br />
a priori probabilities <strong>of</strong> the messages. The key required for perfect secrecy<br />
depends then on the total number <strong>of</strong> possible messages.<br />
One would expect that, if the message space has fixed known statistics,<br />
so that it has a definite mean rate R <strong>of</strong> generating information, in the sense<br />
<strong>of</strong> MTC, then the amount <strong>of</strong> key needed could be reduced on the average in<br />
just this ratio R , and this is indeed true. In fact the message can be passed<br />
RM<br />
through a transducer which eliminates the redundancy and reduces the expected<br />
length in just this ratio, and then a Vernam system may be applied to<br />
the result. Evidently the amount <strong>of</strong> key used per letter <strong>of</strong> message is statistically<br />
reduced by a factor R and in this case the key source and information<br />
RM<br />
source are just matched—a bit <strong>of</strong> key completely conceals a bit <strong>of</strong> message<br />
682