Attainable unconditional security for shared-key cryptosystems

Preserving the privacy of private communication is a fundamental concern of computing addressed by encryption. Information-theoretic reasoning models unconditional security where the strength of the results does not depend on computational hardness or unproven results. Usually the information leaked about the message by the ciphertext is used to measure the privacy of a communication, with perfect secrecy when the leakage is 0. However this is hard to achieve in practice. An alternative measure is the equivocation, intuitively the average number of message/key pairs that could have produced a given ciphertext. We show a theoretical bound on equivocation called max-equivocation and show that this generalizes perfect secrecy when achievable, and provides an alternative measure when perfect secrecy is not achievable. We derive bounds for max-equivocation for symmetric encoder functions and show that max-equivocation is achievable when the entropy of the ciphertext is minimized. We show that max-equivocation easily accounts for key re-use scenarios, and that large keys relative to the message perform very poorly under equivocation. We study encoders under this new perspective, deriving results on their achievable maximal equivocation and showing that some popular approaches such as Latin squares are not optimal. We show how unicity attacks can be naturally modeled, and how relaxing encoder symmetry improves equivocation. We present some algorithms for generating encryption functions that are practical and achieve 90 - 95 % of the theoretical best, improving with larger message spaces.

[1]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[2]  Smile Markovski,et al.  Quasigroup Representation of Some Feistel and Generalized Feistel Ciphers , 2012, ICT Innovations.

[3]  Sos S. Agaian,et al.  Design of image cipher using latin squares , 2014, Inf. Sci..

[4]  Alexander Russell,et al.  How to fool an unbounded adversary with a short key , 2006, IEEE Trans. Inf. Theory.

[5]  Dominic J. A. Welsh,et al.  Codes and cryptography , 1988 .

[6]  David A. Basin,et al.  Automatically deriving information-theoretic bounds for adaptive side-channel attacks , 2011, J. Comput. Secur..

[7]  Axel Legay,et al.  Attainable Unconditional Security for Shared-Key Cryptosystems , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[8]  Aiden A. Bruen,et al.  Cryptography, information theory, and error-correction - a handbook for the 21st century , 2005, Wiley-Interscience series in discrete mathematics and optimization.

[9]  Sos S. Agaian,et al.  Dynamic and implicit latin square doubly stochastic S-boxes with reversibility , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[10]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[11]  Siu-Wai Ho,et al.  Error-free perfect-secrecy systems , 2011, 2011 IEEE International Symposium on Information Theory Proceedings.

[12]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[13]  Mário S. Alvim,et al.  Measuring Information Leakage Using Generalized Gain Functions , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[14]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.