1 / 14

The One Time Pad

This course module explores the One-Time Pad (OTP), a pioneering symmetric cipher first described by Vernam in 1917. Learn about its unique properties, including its perfect secrecy and the requirements for secure encryption. We delve into how to encrypt and decrypt messages using OTP, the challenges of key generation, and why the key must be as long as the message. Understand Shannon's principles of information theory and how they apply to the OTP's security. By the end of this segment, you'll comprehend the fundamental aspects of this historically significant cipher.

jana-landry
Télécharger la présentation

The One Time Pad

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Online Cryptography Course Dan Boneh Stream ciphers The One Time Pad

  2. Symmetric Ciphers: definition Def: a cipher defined over is a pair of “efficient” algs (E, D) where • E is often randomized. D is always deterministic.

  3. The One Time Pad (Vernam 1917) First example of a “secure” cipher key = (random bit string as long the message)

  4. The One Time Pad (Vernam 1917) msg: 0 1 1 0 1 1 1 key: 1 0 1 1 0 1 0 CT: ⊕

  5. You are given a message (m) and its OTP encryption (c). Can you compute the OTP key from m and c ? No, I cannot compute the key. Yes, the key is k = m⊕c. I can only compute half the bits of the key. Yes, the key is k = m ⊕m.

  6. The One Time Pad (Vernam 1917) Very fast enc/dec !! … but long keys (as long as plaintext) Is the OTP secure? What is a secure cipher?

  7. What is a secure cipher? Attacker’s abilities: CT only attack(for now) Possible security requirements: attempt #1: attacker cannot recover secret key attempt #2: attacker cannot recover all of plaintext Shannon’s idea: CT should reveal no “info” about PT

  8. Information Theoretic Security (Shannon 1949) Def: A cipher (E, D) over () has perfect secrecyif

  9. Information Theoretic Security Def: A cipher (E, D) over () has perfect secrecyif (|) and Pr[E(k, m0) = c]= Pr[E(k, m1) = c]where R

  10. Lemma: OTP has perfect secrecy. Proof:

  11. Let and . How many OTP keys map to ? None 1 2 Depends on

  12. Lemma: OTP has perfect secrecy. Proof:

  13. The bad news … Thm: perfect secrecy ⇒

  14. End of Segment

More Related