Question: Consider the following encryption scheme, parametrized by a number n > 0. The message space is M 10,1)m, consisting of all bit strings of length
Consider the following encryption scheme, parametrized by a number n > 0. The message space is M 10,1)m, consisting of all bit strings of length n. The keyspace is consisting of all bit strings of length n ercept for the "all zeros" string 00; the key generation algorithm Gen produces a uniformly random element in this set. The encoding and decoding algorithms are identical to those of the one-time pad: Enck(m) mk and Deck(e) = k. 1 = (Gen. Enc, Dec) is essentially identical to the one-time pad except that the key can never be 00. The scheme has the following motivation: Observe that if the key happens to be 0.0 in the one-time pad then m 0 0 = m, in which case the ciphertext is actually the same as the message this seems bad for security. This new system avoids the problem by always choosing a nonzero key (which guarantees that the ciphertext and the message are always different). (a) Prove that this scheme does not have perfect secrecy. (Specifically, give two messages mo and mi and a ciphertext e so that the probability of observing e with mo is different from the probability of observing e with mi.) (b) Was this "improvement" really such a good idea after all Consider the following encryption scheme, parametrized by a number n > 0. The message space is M 10,1)m, consisting of all bit strings of length n. The keyspace is consisting of all bit strings of length n ercept for the "all zeros" string 00; the key generation algorithm Gen produces a uniformly random element in this set. The encoding and decoding algorithms are identical to those of the one-time pad: Enck(m) mk and Deck(e) = k. 1 = (Gen. Enc, Dec) is essentially identical to the one-time pad except that the key can never be 00. The scheme has the following motivation: Observe that if the key happens to be 0.0 in the one-time pad then m 0 0 = m, in which case the ciphertext is actually the same as the message this seems bad for security. This new system avoids the problem by always choosing a nonzero key (which guarantees that the ciphertext and the message are always different). (a) Prove that this scheme does not have perfect secrecy. (Specifically, give two messages mo and mi and a ciphertext e so that the probability of observing e with mo is different from the probability of observing e with mi.) (b) Was this "improvement" really such a good idea after all
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts