DOCSLIB.ORG

Appendix: Axiomatic Information Theory

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Appendix: Axiomatic Information Theory Appendix: Axiomatic Information Theory The logic of secrecy was the mirror-image of the logic of information Colin Burke 1994 Perfect security was promised at all times by the inventors of cryptosystems, particularly of crypto machines (Bazeries: je suis indechiffrable). In 1949, Claude E. Shannon gave in the framework of his information theory a clean definition of what could be meant by perfect security. We show in the fol­ lowing that it is possible to introduce the cryptologically relevant part of information theory axiomatically. Shannon was in contact with cryptanalysis, since he worked 1936-1938 in the team of Vannevar Bush, who developed the COMPARATOR for determina­ tion of character coincidences. His studies in the Bell Laboratories, going back to the year 1940, led to a confidential report (A Mathematical Theory of Communication) dated Sept. 1, 1945, containing apart from the definition of Shannon entropy (Sect. 16.5) the basic relations to be discussed in this ap­ pendix. The report was published three years later: Communication Theory of Secrecy Systems, Bell System Technical Journal 28,656-715 (1949). A.I Axioms of an Axiomatic Information Theory It is expedient to begin with events, i.e., sets X, y, Z of elementary events, and with the uncertainty on events - real numbers. More precisely, Hy(X) denotes the uncertainty on X, provided Y is known. H(X) = H0(X) denotes the uncertainty on X, provided nothing is known. A.I.I Intuitively patent axioms for the real-valued binary set function Hare (0) 0 ~ Hy(X) ("Uncertainty is nonnegative.") For 0 = Hy(X) we say "Y uniquely determines X." (1) Hyuz(X) ~ Hz(X) ("Uncertainty decreases, if more is known." ) For Hyuz(X) = Hz(X) we say "Y says nothing about X ." The critical axiom on additivity is (2) Hz(X U Y) = Hyuz(X) + Hz(Y) This says that uncertainty can be built up additively over events. Appendix: Axiomatic Information Theory 419 The classical stochastic model for this axiomatic information theory is based on px(a) = Pr [X = a], the probability that the random variable X assumes the value a, and defines H0({X})=- L px(s)·ldpx(s) s :px(s) >0 H0({X}U{Y})=- L PX,y(s,t)·ldpx,Y(s,t) s,t :pX'y(s,t) >0 H{Y}({X}) = - L px,Y(s,t) .ldpx/y(s/t) s,t: px(Y(s/t) >0 where px,Y(a, b) =def Pr[(X = a) /\ (Y = b)] and px/y(a/b) obeys Bayes' rule for conditional probabilities: PX,y(s, t) = py(t) . Px/y(s/t) ,thus -ld PX,y(s, t) = -ld py(t) -ld px/y(s/t) A.1.2 From the axioms (0), (1), and (2), all the other properties usually derived for the classical model can be obtained. For Y = 0, (2) yields (2a) Hz(0) = 0 ("There is no uncertainty on the empty event set.") (1) and (2) imply (3a) Hz(X U Y) ::; Hz(X) + Hz(Y) ("Uncertainty is subadditive.") (0) and (2) imply (3b) Hz(Y) ::; Hz(X U Y) ("Uncertainty increases with larger event set.") From (2) and the commutativity of . u. follows (4) Hz(X) - Hyuz(X) = Hz(Y) - Hxuz(Y) (4) suggests the following definition: The mutual information of X and Y under knowledge of Z is defined as lz(X,Y) =def Hz(X) - Hyuz(X) . Thus, the mutual information lz(X, Y) is a symmetric (and because of (1) nonnegative) function of the events X and y. From (2), lz(X,Y) = Hz(X) + Hz(Y) - Hz(X U Y) . Because of (4), "Y says nothing about X" and "X says nothing about Y" are equivalent and are expressed by Iz(X, Y) = O. Another way of saying this is that under knowledge of Z , the events X and Yare mutually independent. In the classical stochastic model, this situation is given if and only if X, Yare independent random variables: PX,y(s,t)=px(s)-y (t) . lz(X, Y) = 0 is equivalent with the additivity of H under knowledge of Z : (5) lz(X, Y) = 0 if and only if Hz(X) + Hz(Y) = Hz(X U Y) . 420 Appendix: Axiomatic Information Theory A.2 Axiomatic Information Theory of Cryptosystems For a cryptosystem X , events in the sense of abstract information theory are sets of finite texts over Zm as an alphabet. Let P be a plaintext(-event), C a cryptotext(-event), K a keytext(-event).l The uncertainties H(K), Hc(K) , Hp(K), H(C), Hp(C), HK(C), H(P), HK(P), Hc(P) are now called equivocations. A.2.1 First of all, from (1) one obtains H(K) ::; Hp(K) , H(C)::; Hp(C) , H(C) ::; HK(C) , H(P)::; HK(P) , H(P) ::; Hc(P) , H(K)::; Hc(K) . A.2.1.1 If X is functional, then C is uniquely determined by P and K, thus (CRYPT) Hp,K(C) = 0, i.e., h(P, C) = HK(C) , Jp(K, C) = Hp(C) ("plaintext and keytext together allow no uncertainty on the cryptotext.") A.2.1.2 If X is injective, then P is uniquely determined by C and K, thus (DECRYPT) He,K(P) = 0, i.e., Jc(K, P) = Hc(P) , h(C, P) = HK(P) ("cryptotext and keytext together allow no uncertainty on the plaintext.") A.2.1.3 If X is Shannon, then K is uniquely determined by C and P, thus (SHANN) He,p(K) = 0, i.e., Jp(C, K) = Hp(K) , Jc(P, K) = Hc(K) ("cryptotext and plaintext together allow no uncertainty on the keytext.") A.2.2 From (4) follows immediately HK(C) + HK,e(P) = HK(P) , Hp(C) + Hp,c(K) = Hp(K) , He(P) + He,p(K) = Hc(K) , HK(P) + HK,p(C) = HK(C) , Hp(K) + Hp,K(C) = Hp(C) , Hc(K) + He,K(P) = He(P) . With (1) this gives Theorem 1: (CRYPT) implies HK(C)::; HK(P) , Hp(C)::; Hp(K) , (DECRYPT) implies He(P)::; Hc(K) , HK(P)::; HK(C) , (SHANN) implies Hp(K)::; Hp(C) , Hc(K)::; Hc(P) . A.2.3 In a cryptosystem, X is normally injective, i.e., (DECRYPT) holds. In Fig. 163, the resulting numerical relations are shown graphically. In the classical professional cryposystems, there are usually no homophones and the 1 Following a widespread notational misusage, in the sequel we replace {X} by X and {X} U {Y} by X, Y ; we also omit 0 as subscript. Appendix: Axiomatic Information Theory 421 H(K) H(C) ~HP(K) HP(C)~ VI VI Fig. 163. Numerical equivocation relations for injective cryptosystems Shannon condition (2.6.4) holds. Monoalphabetic simple substitution and transposition are trivial, and VIGENERE, BEAUFORT, and in particular VERNAM are serious examples of such classical cryptosystems. The conjunction of any two of the three conditions (CRYPT), (DECRYPT), (SHANN) has far-reaching consequences in view of the antisymmetry of the numerical relations: Theorem 2: (CRYPT) 1\ (DECRYPT) implies HK(C) = HK(P) ("Uncertainty on the cryptotext under knowledge of the keytext equals uncertainty on the plaintext under knowledge of the keytext,") (DECRYPT) 1\ (SHANN) implies Hc(P) = Hc(K) ( "Uncertainty on the plaintext under knowledge of the cryptotext equals uncertainty on the keytext under knowledge of the cryptotext," ) (CRYPT) 1\ (SHANN) implies Hp(K) = Hp(C) . ("Uncertainty on the keytext under knowledge of the plaintext equals uncertainty on the cryptotext under knowledge of the plaintext.") In Fig. 164, the resulting numerical relations for classical cryptosystems with (CRYPT), (DECRYPT), and (SHANN) are shown graphically. H(K) H(C) ~ Hp(K) = Hp(C) ~ VI VI Fig. 164. Numerical equivocation relations for classical cryptosystems 422 Appendix: Axiomatic Information Theory A.3 Perfect and Independent Key Cryptosystems A.3.1 A cryptosystem is called a perfect cryptosystem, if plaintext and cryptotext are mutually independent: I(P,C) = 0 . This is equivalent to H(P) = He(P) and to H(C) = Hp(C) ("Without knowing the keytext: knowledge of the cryptotext does not change the uncertainty on the plaintext, and knowledge of the plaintext does not change the uncertainty on the cryptotext" ) and is, according to (5) , equivalent to H(P, C) = H(P) + H( C) . A.3.2 A cryptosystem is called an independent key cryptosystem, if plain­ text and keytext are mutually independent: I(P,K) = 0 . This is equivalent to H(P) = HK(P) and to H(K) = Hp(K) ("Without knowing the cryptotext: knowledge of the keytext does not change the uncertainty on the plaintext, and knowledge of the plaintext does not change the uncertainty on the keytext") and, according to (5) , is equivalent to H(K, P) = H(K) + H(P) . H(K) H(C) (K) = H ~H(independent key) p p (C)~(perfect) VI VI H(P) (perfect) 0 ~ (independent key) He(K) = He(P) HK(P) = HK(C) Fig. 165. Numerical equivocation relations for classical cryptosystems, with properties perfect and independent key A.3.3 Shannon also proved a pessimistic inequality. Theorem 3 K : In a perfect classical cryptosystem (Fig. 165), H(P) ::; H(K) and H(C) ::; H(K) . Proof: H(P) ::; He(P) (perfect) He(P) ::; He(K) (DECRYPT), Theorem 1 Hc(K) ::; H(K) (1) . Analogously with (CRYPT) for H(C) . Thus, in a perfect classical cryptosystem, the uncertainty about the key is not smaller than the uncertainty about the plaintext, and not smaller than the uncertainty about the cryptotext. Appendix: Axiomatic Information Theory 423 From (SHANN) /\ (DECRYPT) with Theorem 1 we find Hc(P) = Hc(K) ; after adding H(C) on both sides, according to (2) we get H(P, C) = H(K, C).
Load more

Recommended publications
  • 4 Information Theory
    Jay Daigle Occidental College Math 400: Cryptology 4 Information Theory Definition 4.1. A (symmetric) encryption system is composed of: • A set of possible messages M • A set of possible keys K • A set of possible ciphertexts C • An encryption function e : K × M ! C • A decryption function d : K × C ! M such that the decryption function is a partial inverse to the encryption function: that is d(k; e(k; m)) = m e(k; d(k; c)) = c: −1 We often write ek(m) = e(k; m) and dk(c) = d(k; c). Thus for each k 2 K, dk = ek . This implies that each ek is one-to-one. Of course, some encryption systems are terrible. To be good, we'd like our cryptosystem to have the following properties: 1. Given any k 2 K; m 2 M, it's easy to compute e(k; m). 2. Given any k 2 K; c 2 C, it's easy to compute d(k; c). 3. Given a set of ciphertexts ci 2 C, it's difficult to compute dk(ci) without knowing k. 4. Given a collection of pairs (mi; ci), it's difficult to decrypt a ciphertext whose plaintext is not already known. (\known-plaintext attack"). The first two principles make a cryptosystem practically usable; the third and fourth make it secure. The fourth property is by far the most difficult to achieve. You'll notice that all of the cryptosystems we've studied so far satisfy the first two properties, and several of them do at least okay on the third, none of them achieve the fourth at all.
    [Show full text]
  • Amy Bell Abilene, TX December 2005
    Compositional Cryptology Thesis Presented to the Honors Committee of McMurry University In partial fulfillment of the requirements for Undergraduate Honors in Math By Amy Bell Abilene, TX December 2005 i ii Acknowledgements I could not have completed this thesis without all the support of my professors, family, and friends. Dr. McCoun especially deserves many thanks for helping me to develop the idea of compositional cryptology and for all the countless hours spent discussing new ideas and ways to expand my thesis. Because of his persistence and dedication, I was able to learn and go deeper into the subject matter than I ever expected. My committee members, Dr. Rittenhouse and Dr. Thornburg were also extremely helpful in giving me great advice for presenting my thesis. I also want to thank my family for always supporting me through everything. Without their love and encouragement I would never have been able to complete my thesis. Thanks also should go to my wonderful roommates who helped to keep me motivated during the final stressful months of my thesis. I especially want to thank my fiancé, Gian Falco, who has always believed in me and given me so much love and support throughout my college career. There are many more professors, coaches, and friends that I want to thank not only for encouraging me with my thesis, but also for helping me through all my pursuits at school. Thank you to all of my McMurry family! iii Preface The goal of this research was to gain a deeper understanding of some existing cryptosystems, to implement these cryptosystems in a computer programming language of my choice, and to discover whether the composition of cryptosystems leads to greater security.
    [Show full text]
  • Analysis of Stream Ciphers Based on Theoretic Approach
    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Impact Factor (2012): 3.358 Analysis of Stream Ciphers Based on Theoretic Approach Shisif Pokhrel1, Ahmed Abdul Kadhim Basheer2 1Jawaharlal Nehru Technological University Hyderabad, Andhra Pradesh, Hyderabad, Kukatpally - 500085 2Jawaharlal Nehru Technological University Hyderabad, Andhra Pradesh, Hyderabad, Kukatpally - 500085 Abstract: This paper is intended to determine the strength of modern security systems by theoretic approach. The design of existing security system is based on complexity of algorithm and secrecy of key. Besides, several parameters exists that may be useful to determine the strength of cryptosystem. Spurious keys gives text like text as decrypted output to a cryptogram and leads to confusion in proceeding towards unique solution during cryptanalysis. A system rich in spurious keys can be considered as more secured system. This paper presents analysis on stream ciphers and provides a construct model with rich spurious keys. The paper also shows the effect of implementation of Natural Language Model in security system Keywords: Cryptosystem, Cryptogram, Spurious Keys, Code-Points, Unicity Distance 1. Introduction Cryptography is a major tool concerned with security of information. The core of cryptography deals with key establishment and secured communication. The secret key is implemented for encryption and decryption. A basic convention exists in cryptography that the algorithm is public, cant be kept hidden to the attacker and the secrecy of the system solely depend on the secrecy of key and complexity of algorithm. However, there are different parameters defined in information theory of secrecy system like Entropy, Redundancy, Unicity Distance, Equivocation, which describe the strength of cryptosystem.
    [Show full text]
  • Decrypt Cryptotexts: GBLVMUB JOGPSNBUJLZ VMNIR RPNBMZ EBMFLP OFABKEFT Decrypt: VHFUHW GH GHXA VHFUHW GH GLHX, VHFUHW GH WURLV VH
    PROLOGUE - I. Decrypt cryptotexts: Part IV GBLVMUB JOGPSNBUJLZ Secret-key cryptosystems VMNIR RPNBMZ EBMFLP OFABKEFT prof. Jozef Gruska IV054 4. Secret-key cryptosystems 2/99 PROLOGUE - II. CHAPTER 4: SECRET-KEY (SYMMETRIC) CRYPTOGRAPHY Decrypt: In this chapter we deal with some of the very old, or quite old, classical (secret-key or symmetric) cryptosystems and their cryptanalysis that were primarily used in the pre-computer era. VHFUHW GH GHXA These cryptosystems are too weak nowadays, too easy to break, especially VHFUHW GH GLHX, with computers. However, these simple cryptosystems give a good illustration of several of the VHFUHW GH WURLV important ideas of the cryptography and cryptanalysis. Moreover, most of them can be very useful in combination with more modern VHFUHW GH WRXV. cryptosystem - to add a new level of security. prof. Jozef Gruska IV054 4. Secret-key cryptosystems 3/99 prof. Jozef Gruska IV054 4. Secret-key cryptosystems 4/99 BASICS CRYPTOLOGY - HISTORY + APPLICATIONS Cryptology (= cryptography + cryptanalysis) has more than four thousand years long history. Some historical observation People have always had fascination with keeping information away from others. Some people – rulers, diplomats, military people, businessmen – have always had needs to keep some information away from others. BASICS Importance of cryptography nowadays Applications: cryptography is the key tool to make modern information transmission secure, and to create secure information society. Foundations: cryptography gave rise to several new key concepts of the foundation of informatics: one-way functions, computationally perfect pseudorandom generators, zero-knowledge proofs, holographic proofs, program self-testing and self-correcting, . prof. Jozef Gruska IV054 4. Secret-key cryptosystems 5/99 prof.
    [Show full text]
  • Introduction to Cryptography with Open-Source Software
    DISCRETE MATHEMATICS AND ITS APPLICATIONS Series Editor KENNETH H. ROSEN INTRODUCTION TO CRYPTOGRAPHY WITH OPEN-SOURCE SOFTWARE Alasdair McAndrew Victoria University Melbourne, Victoria, Australia CRC Press Taylor &. Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business A CHAPMAN & HALL BOOK Contents Preface xv 1 Introduction to cryptography 1 1.1 Hiding information: Confidentiality 1 1.2 Some basic definitions 3 1.3 Attacks on a cryptosystem 5 1.4 Some cryptographic problems 7 1.5 Cryptographic protocols 8 1.6 Some simple ciphers 12 1.7 Cryptography and computer security 18 1.8 Glossary 19 Exercises 20 2 Basic number theory 23 2.1 Introduction 23 2.2 Some basic definitions 23 2.3 Some number theoretic calculations 27 2.4 Primality testing 44 2.5 Glossary 47 Exercises 48 3 Classical cryptosystems 55 3.1 Introduction 55 3.2 The Caesar cipher 56 3.3 Translation ciphers 57 3.4 Transposition ciphers 58 3.5 The Vigenere cipher 61 3.6 The one-time pad 65 3.7 Permutation ciphers 65 3.8 Matrix ciphers 66 3.9 Glossary 71 Exercises 71 4 Introduction to information theory 79 4.1 Entropy and uncertainty 79 ix X 4.2 Perfect secrecy 82 4.3 Estimating the entropy of English 84 4.4 Unicity distance 88 4.5 Glossary • 89 Exercises 89 5 Public-key cryptosystems based on factoring 93 5.1 Introduction 93 93 5.2 The RSA cryptosystem . 5.3 Attacks against RSA 99 5.4 RSA in Sage 101 5.5 Rabin's cryptosystem 104 5.6 Rabin's cryptosystem in Sage 109 5.7 Some notes on security HI 5.8 Factoring H2 5.9
    [Show full text]
  • SOLVING CIPHER SECRETS Edited by M
    SOLVING CIPHER SECRETS Edited by M. E. Ghaver INTERESTED FANS SEND IN SOME LIVELY CHAT-AND SEVERAL NEW PUZZLERS ARE OFFERED FOR HUNGRY HEADS ID you ever have trouble in occasionally, notwithstanding our combined solving some particular efforts to the contrary. cipher? And did you ever This, by way of introduction, fans, to a feel like running the party sort of " get-together " celebration that we ragged that contrived the have planned in this article. affair? It's just this way. So much has been Well, that's how Frank Spalding, of received from cipher enthusiasts in the way Wrangell, Alaska, must have felt about the of interesting questions, general comments, cipher of Foster F. V. Staples, in the June ciphers, and methods of solving them, that 6 " Solving Cipher Secrets." the only adequate way to cope with the sit• " If I could have caught him last night— uation, and thus to discharge this duty to June 7," writes Mr. Spalding, " he would our readers, is for us all to get together in have had to do some tall explaining." an entire article devoted to that purpose. Nevertheless, Mr. Spalding succeeded in So let's pull up our chairs and talk things solving this cipher, as well as all the others over. It may be that your particular ques• in that issue, although he confesses that tion will not crop up. Btit in that event when he had finished the lot he was " not a you will find another case that covers the good Christian any more!" same ground more completely.
    [Show full text]
  • Caesar Cipher Yjggngt Kuncpf
    Caesar Cipher Yjggngt Kuncpf The Caesar cipher was one of the earliest ciphers ever invented. 25 for uppercase characters; it performs modular addition of the value, using the size of the alphabet as the modulus;. Instalação: $ npm install caesar-cipher-lib. A different version than the online version below, it is exactly like the Caesar Cipher program that comes on the diskette included with "Secret Code Breaker - A Cryptanalyst's Handbook". Brit explains the Caesar cipher, the first popular substitution cipher, and shows how it was broken with "frequency analysis" Watch the next lesson In this video, i have explained the concept of Caesar Cipher in Cryptography and Network Security. 1 CAESAR METHOD: There are number of methods to encrypt a plain text, the ancient one is Caesar Cipher, It is a process of. Fountas And Pinnell Sight Word List 200 Humane killing on farm is often carried out using a rifle and, depending on the species, will be done using one of the following positions: Frontal method – the firearm is directed at a point midway across the forehead where two lines from the topside of the base of the ears and top of the eyes intersect (pigs – from the bottom side of the. Download Caesar Cipher Encrypter-Decrypter for free. The method is named after Julius Caesar, who used it in his private correspondence. In this video, i have explained the concept of Caesar Cipher in Cryptography and Network. It is named for Julius Caesar, who used it to encrypt messages of military importance that he did not wish to fall into enemy hands.
    [Show full text]
  • Solving Substitution Ciphers
    Solving Substitution Ciphers Sam Hasinoff Department of Computer Science, University of Toronto [email protected] Abstract We present QUIPSTER, an experimental system for the automatic solu- tion of short substitution ciphers (Cryptoquotes). The system operates using an -gram model of English characters and stochastic local search over the space of ¡£¢¥¤§¦©¨ possible keys. Experimental results show a median of 94% cipher letters correctly decoded, which is typi- cally good enough for an unskilled human to finish decoding the cipher with minimal additional effort. Extensions incorporating a dictionary with word frequencies and a database of word patterns are also discussed. 1 Introduction In Arthur Conan Doyle’s short story “The Adventure of the Dancing Men” (1903), the pro- tagonist Sherlock Holmes solves a murder mystery by realizing that a series of unusual stick figure drawings (Figure 1) are actually messages encoded using a substitution cipher [5]. The substitution cipher is a well-known classical cipher in which every plaintext character in all its occurrences in a message is replaced by a unique ciphertext character. Figure 1: Dancing men ciphertext from “The Adventure of the Dancing Men” (1903). Thus, each permutation of the 26 letters of the English alphabet (there are ¡¢¤¦¨ in total) gives a unique key for encrypting a message. If a particular permutation is used to encrypt a message, then the inverse of that permutation can be used to decrypt it. A worked out example of a substitution cipher is given in Figure 2. Decoding substitution ciphers is a popular activity among amateur cryptographers and peo- ple who enjoy word puzzles.
    [Show full text]
  • Introduction to Symmetric Cryptography
    Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and correction of random errors Cryptography Detection and protection of hostile \errors" L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography about? Secrecy (confidentiality) Keeping things secret (data, communication, entity, etc.) Authentication Assurance about authenticity (of data, origin, entity, etc.) L.R. Knudsen Introduction to Symmetric Cryptography Symmetric encryption Classical encryption Secure channel %AC&@9^( Message Encryption Decryption Message L.R. Knudsen Introduction to Symmetric Cryptography Public-key encryption L.R. Knudsen Introduction to Symmetric Cryptography Public-key versus symmetric cryptosystems Advantages Disadvantages Symmetric fast systems secure key-exchange Public-key slow systems no secure key-exchange Hybrid encryption L.R. Knudsen Introduction to Symmetric Cryptography Introduction to symmetric cryptosystems Cryptosystem( P; C; K; E; D) P : set of plaintexts C : set of ciphertexts K : set of keys E : for k 2 K : ek (x) encryption rule D : for k 2 K : dk (x) decryption rule For every k 2 K : it holds for all m that dk (ek (m)) = m L.R. Knudsen Introduction to Symmetric Cryptography Symmetric encryption Kerckhoffs’ principle Everything is known to an attacker except for the value of the secret key. Attack scenarios Ciphertext only Known plaintext Chosen plaintext/ciphertext Adaptive chosen plaintext/ciphertext (black-box) Typical goal High security even under black-box attack L.R. Knudsen Introduction to Symmetric Cryptography Claude E. Shannon, 1916-2001 Communication Theory of Secrecy Systems, published in 1949.
    [Show full text]
  • Codebreakers
    1 Some of the things you will learn in THE CODEBREAKERS • How secret Japanese messages were decoded in Washington hours before Pearl Harbor. • How German codebreakers helped usher in the Russian Revolution. • How John F. Kennedy escaped capture in the Pacific because the Japanese failed to solve a simple cipher. • How codebreaking determined a presidential election, convicted an underworld syndicate head, won the battle of Midway, led to cruel Allied defeats in North Africa, and broke up a vast Nazi spy ring. • How one American became the world's most famous codebreaker, and another became the world's greatest. • How codes and codebreakers operate today within the secret agencies of the U.S. and Russia. • And incredibly much more. "For many evenings of gripping reading, no better choice can be made than this book." —Christian Science Monitor THE Codebreakers The Story of Secret Writing By DAVID KAHN (abridged by the author) A SIGNET BOOK from NEW AMERICAN LIBRARV TIMES MIRROR Copyright © 1967, 1973 by David Kahn All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording or by any information storage and retrieval system, without permission in writing from the publisher. For information address The Macmillan Company, 866 Third Avenue, New York, New York 10022. Library of Congress Catalog Card Number: 63-16109 Crown copyright is acknowledged for the following illustrations from Great Britain's Public Record Office: S.P. 53/18, no. 55, the Phelippes forgery, and P.R.O. 31/11/11, the Bergenroth reconstruction.
    [Show full text]
  • 2. Classic Cryptography Methods 2.1. Spartan Scytale. One of the Oldest Known Examples Is the Spartan Scytale (Scytale /Skɪtəl
    2. Classic Cryptography Methods 2.1. Spartan scytale. One of the oldest known examples is the Spartan scytale (scytale /skɪtəli/, rhymes with Italy, a baton). From indirect evidence, the scytale was first mentioned by the Greek poet Archilochus who lived in the 7th century B.C. (over 2500 years ago). The ancient Greeks, and the Spartans in particular, are said to have used this cipher to communicate during military campaigns.Sender and recipient each had a cylinder (called a scytale) of exactly the same radius. The sender wound a narrow ribbon of parchment around his cylinder, then wrote on it lengthwise. After the ribbon is unwound, the writing could be read only by a person who had a cylinder of exactly the same circumference. The following table illustrate the idea. Imagine that each column wraps around the dowel one time, that is that the bottom of one column is followed by the top of the next column. Original message: Kill king tomorrow midnight Wrapped message: k i l l k i n g t o m o r r o w m i d n i g h t Encoded message: ktm ioi lmd lon kri irg noh gwt The key parameter in using the scytale encryption is the number of letters that can be recorded on one wrap ribbon around the dowel. Above the maximum was 3, since there are 3 rows in the wrapped meassage. The last row was padded with blank spaces before the message was encoded. We'll call this the wrap parameter. If you don't know the wrap parameter you cannot decode a message.
    [Show full text]
  • Theoretical Security
    Theoretical Security Klaus Pommerening Fachbereich Mathematik der Johannes-Gutenberg-Universit¨at Saarstraße 21 D-55099 Mainz February 6, 2000|English version July 30, 2014|last change January 19, 2021 The theory of this section goes back to Claude Shannon[15] (with later simplifications by Hellman[8]). In his paper Shannon developed the first general mathematical model of cryptology as well as the analysis of cryp- tosystems by information theoretical methods. The basic question this the- ory asks is: How much information about the plaintext is preserved in the ciphertext? (no matter how difficult or expensive the extraction of this information is.) If this information doesn't suffice to determine the plaintext, then the cipher is secure. Shannon's ideas are based on the information theory that he had de- veloped before [14]. The practical value of Shannon's theory is limited. But besides it there are almost no sufficient criteria for the security of cryptographic methods that are mathematically proved. In contrast there are lots of necessary cri- teria derived from cryptanalytic procedures. Lacking better ideas one tries to optimize the cryptographic procedures for these necessary conditions. We saw and shall see many instances of this in these lecture notes. 1 K. Pommerening, Theoretical Security 2 1 A Priori and A Posteriori Probabilities Model Scenario Consider • a finite set M0 ⊆ M of possible plaintexts|for example all plaintexts of length r or of length ≤ r, • a finite set K of keys, ∗ • a cipher F = (fk)k2K with fk : M −! Σ . The restriction to a finite set M0 allows us to handle probabilities in the naive way.
    [Show full text]