Elements of information theory
Elements of information theory
Conditionally-perfect secrecy and a provably-secure randomized cipher
Journal of Cryptology - Eurocrypt '90
On the (non)Universality of the One-Time Pad
FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
Hyper-Encryption and Everlasting Security
STACS '02 Proceedings of the 19th Annual Symposium on Theoretical Aspects of Computer Science
Information Theoretically Secure Communication in the Limited Storage Space Model
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On the Impossibility of Private Key Cryptography with Weakly Random Keys
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Unconditional Security Against Memory-Bounded Adversaries
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
How to Fool an Unbounded Adversary with a Short Key
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
On the (Im)possibility of Cryptography with Imperfect Randomness
FOCS '04 Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science
Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series)
Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series)
SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Does privacy require true randomness?
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Entropic security and the encryption of high entropy messages
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Broadcast channels with confidential messages
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Shannon's definition of perfect secrecy captures the strongest notion of security for an encryption system and requires that the ciphertext leaks no information about the plaintext to an eavesdropper with unbounded computational power. The only known system with perfect secrecy in this model is one-time pad. Two important limitations of one-time pad in practice are, (i) the size of key space must not be less than the size of plaintext space, and (ii) the key must be chosen uniformly at random for each message to be encrypted. A number of follow up work attempt to relax these limitations by introducing relaxed or new definitions of secrecy. In this paper we propose a new relaxation of secrecy that we call perfect guessing secrecy, or guessing secrecy for short. This is a natural definition that requires that the adversary's success chance of the plaintext using his best guessing strategy does not change after seeing the ciphertext. Unlike perfect secrecy, guessing secrecy does allow some leakage of information but requires that the best guess of the plaintext remain the same after seeing the ciphertext. We define guessing secrecy and prove a number of results. We show that similar to perfect secrecy, in guessing secrecy the size of the key space can not be less than the size of plaintext space. Moreover, when the two sets are of equal size, one can find two families of distributions on the plaintext space and key space, such that perfect guessing secrecy is guaranteed for any pair of distributions, one from each family. In other words, perfect guessing secrecy can be guaranteed with non-uniform keys also. We also show the relation between perfect secrecy and perfect guessing secrecy. We discuss our results and propose direction of future research.