shannon s theory contd
play

Shannons Theory (contd.) Debdeep Mukhopadhyay Assistant Professor - PDF document

Oct 22, 2022 •193 likes •371 views

Shannons Theory (contd.) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Theorem Let (P,C,K,D,E) be an encryption algorithm. Then

  1. Shannon’s Theory (contd.) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Theorem • Let (P,C,K,D,E) be an encryption algorithm. Then – H(K|C)=H(K)+H(P)-H(C) • Proof: H(P,K)=H(C,K) [why?] or, H(P)+H(K) = H(K|C)+H(C) or, H(K|C)=H(K)+H(P)-H(C) Equivocation (ambiguity) of key given the ciphertext D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 1

  2. Perfect vs Ideal Ciphers • H(P)=H(C), then we have H(K|C)=H(K) – That is the uncertainty of the key given the cryptogram is the same as that of the key without the cryptogram. • Such kinds of ciphers are called “ideal ciphers” – For perfect ciphers, we had H(P)=H(P|C) or, equivalently H(C)=H(C|P) Perfect vs Ideal Ciphers • For perfect ciphers, the key size is infinite if the message size is infinite. – however if a shorter key size is used then the cipher can be attacked by someone with infinite computational power. • Thus, H(K|C) gives us this idea of security (or, insecurity)… D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 2

  3. Unicity and Brute Force Attack • Q: How to protect data against a brute force attacker with infinite computation power? – Shannon defined “ unicity distance ” (we shall call it unicity), as the least amount of plaintext which can be deciphered uniquely from the corresponding ciphertext: given unbounded resources by the attacker. – Often measured in units of bytes, letters, symbols. An Important Point • A common misconception: “any cipher can be attacked by exhaustively trying all possible keys”: • Thus DES which has a 56 bit key can also be broken by brute force. – But if the cipher is used within its unicity then even DES is theoretically secured, like the One Time Pad (OTP). D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 3

  4. Spurious Keys • Thus, H(K|C) is the amount of uncertainty that remains of the key after the cipher text is revealed. – We know, it is called the key equivocation • Attacker to guess the key from the ciphertext shall guess the key and decrypt the cipher. • He checks whether the plaintext obtained is “meaningful” English. If not, he rules out the key. • But due to the redundancy of language more than one key will pass this test. • Those keys, apart from the correct key, are called spurious. Entropy of Plain Text • H L : measure of the amount of information per letter of “meaningful” strings of plaintext. • A random string of plaintext formed using English letter has an entropy of log 2 |26| ≈ 4.76 • But English letters have a probability distribution. D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 4

  5. Frequency of English letters A first order entropy of the English text is H(P) ≈ 4.19 Higher Order Approximations • A large number of digrams are tabulated and H(P 2 ) is computed. • The value is divided by 2 to obtain a second order approximation, H(P 2 )/2 ≈ 3.90 • One could continue obtain trigrams, etc and compute higher order approximations for the entropy. D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 5

  6. In general… • Successive letters have correlation, which reduces the entropy. • Define P n to be the random variable that has a probability distribution of n-grams of plaintext • Define H L as the entropy of a natural language L: ( ) H P = lim n H →∞ L n n Redundancy Entropy of the Fraction language of H “excess = − 1 L R letters” L log | | Entropy of P 2 the random language For English Language, 1 ≤ H L ≤ 1.5. Considering H L =1.25, and |P|=26, R L ≈ 0.75. English Language is 75% redundant. D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 6

  7. A lower Bound of equivocation of key • P n : r.v representing n-gram plaintext • C n : r.v representing n-gram ciphertext • H(K|C n )=H(K)+H(P n )-H(C n ) – H(P n ) ≈ nH L (assuming large n) =n(1-R L )log 2 |P| – H(C n ) ≤ nlog 2 |C| • If |P|=|C|, – H(K|C n ) ≥ H(K)-nR L log 2 |P| Possible Keys • Define, K(y)={possible keys given that y is the ciphertext} – that is K(y) is the set of those keys for which y is the ciphertext for meaningful plaintexts • When y is the ciphertext, number of keys is |K(y)| • Out of them, only one is correct. Rest are spurious. • So, number of spurious keys=|K(y)|-1 D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 7

  8. Expected number of spurious keys • Expected number of spurious keys=average number of spurious keys over all possible ciphertexts is denoted by s n . ∑ = − ( )(| ( ) | 1) s p y K y n ∈ n y C ∑ − =( ( ) | ( ) |) 1 p y K y ∈ n y C Computing the upper bound of equivocation of key ∑ = ( | ) ( ) ( | ) n H K C p y H K y ∈ n y C ∑ ≤ ( ) ( ( )) p y H K y ∈ n y C ∑ ≤ ( )log (| ( ) |) p y K y 2 ∈ n y C ∑ ≤ = + log ( ( ) | ( ) |) log ( 1) p y K y s 2 2 n ∈ n y C D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 8

  9. Lower Bound of spurious keys • Combining the previous results: − ≤ + ( ) log | | log ( 1) H K nR P s 2 2 L n ∴ + ≥ − log ( 1) ( ) log | | s H K nR P 2 2 n L • If the keys are chosen equi-probably: H(K)=log 2 |K|. Hence, we have: | | K ≥ − 1 s n | | nR P L Unicity Distance • Thus increasing n, reduces the number of spurious keys. • Unicity Distance is the number of ciphertexts, n 0 for which the number of spurious keys is reduced to zero. log | | K ≥ = 2 n n 0 log | | R P 2 L This calculation may not be accurate for small values of n D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 9

  10. Unicity Distance for Substitution Ciphers • |P|=26 • |K|=26! ≈ 4 x 10 26 , R L =0.75 • n 0 =25 (approx) • Given a ciphertext string of length 25, it is possible to predict the correct key uniquely – Thus key size alone does not guarantee security, if brute force is possible to an attacker with infinite computational power. Idea of Product Ciphers • Another innovation introduced by Shannon in 1949 was the idea of forming “product” • The idea is of fundamental importance and is used even for the present day standard, Advanced Encryption Standard. D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 10

  11. Endomorphic Ciphers • If P=C, then we have an endomorphic cipher. • Thus the shift cipher on English alphabets is an endomorphic cipher. What we have learnt from history? • Observation: If we have an endomorphic cipher C 1 =(P,P,K1,e1,d1) and a cipher C 2 (P,P,K2,e2,d2). • We define the product cipher as C 1 xC 2 by the process of first applying C 1 and then C 2 • Thus C 1 xC 2 =(P,P,K1xK2,e,d) • Any key is of the form: (k1,k2) and e=e 2 (e 1 (x,k1),k2). Likewise d is defined. Note that the product rule is always associative D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 11

  12. Question: • Thus if we compute product of ciphers, does the cipher become stronger? – The key space become larger 2 nd Thought: Does it really become larger. – • Let us consider the product of a 1. multiplicative cipher (M): y=ax, where a is co-prime to 26 //Plain Texts are characters 2. shift cipher (S) : y=x + k Is MxS=SxM? • MxS: y=ax+k : key=(a,k). This is an affine cipher, as total size of key space is 312. • SxM: y=a(x+k)=ax+ak – Now, since gcd(a,26)=1, this is also an affine cipher. – key = (a,ak) – As gcd(a,26)=1, a -1 exists. There is a one-one relation between ak and k. Thus the total size of the key space in SxM is still 312. Thus this is also the affine cipher • Thus S and M are commutative. D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 12

  13. Idempotent Cipher • M is a permutation cipher. • S is a substitution cipher. • Composed cipher has a larger key but no extra security. • If we had computed MxM or SxS, would that have lead to the increase of key space? No. – This is because SxS=S and MxM=M – These are called idempotent ciphers Inference • Thus there is no point of obtaining products of idempotent functions. • Rather we would get “product ciphers” from non-idempotent ciphers – That is by iterating them (rounds) • How to make non-idempotent functions? – Compose two small different cryptosystems which do not commute D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 13

  14. Why? • If there are two cryptosystems which are idempotent and also commute then their product is also idempotent. • (S 1 xS 2 ) x (S 1 xS 2 ) = S 1 x (S 2 x S 1 ) xS 2 = S 1 x(S 1 xS 2 )xS 2 = (S 1 xS 1 ) x (S 2 xS 2 ) =S 1 xS 2 Thus, MxS is also idempotent. Why? Thus, composing MxS does not help. Concept of Rounds • Consider : S=f(x) and P=x+k • What is SxP? f(x)+k • What is (SxP)x(SxP)? f(f(x)+k)+k – For this multiplication to increase the key length, thus SxP should not be idempotent. – that is f(f(x)+k)+k ≠ f 2 (x)+k’ – This happens if f is non-linear wrt. + – Hence we compose linear and non-linear functions to increase the security of a cipher D. Mukhopadhyay Crypto & Network Securityl IIT Kharagpur 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Mathematical Theory of Communication (after C. E. Shannon) Alex Vlasiuk Alex A Mathematical

A Mathematical Theory of Communication (after C. E. Shannon) Alex Vlasiuk Alex A Mathematical

A Mathematical Theory of Communication (after C. E. Shannon) Alex Vlasiuk Alex A Mathematical Theory of Communication 1 / 17 Image: IEEE Information Theory Society Why Shannon? Alex A Mathematical Theory of Communication 3 / 17 Why

1.03k views • 56 slides
Shannon, Turing and Hats: Information Theory Incompleteness Francois Durand, Fabien Mathieu,

Shannon, Turing and Hats: Information Theory Incompleteness Francois Durand, Fabien Mathieu,

Shannon, Turing and Hats: Information Theory Incompleteness Francois Durand, Fabien Mathieu, Philippe Jacquet WITMSE 2017 September 13 th , 2017 Roadmap 1 Getting Rich without a DeLorean 2 The Shannon Approach 3 Days of infinite past 2 /

953 views • 83 slides
Shannons Theory of Secrecy Systems See: C. E. Shannon, Communication Theory of Secrecy Systems

Shannons Theory of Secrecy Systems See: C. E. Shannon, Communication Theory of Secrecy Systems

Shannons Theory of Secrecy Systems See: C. E. Shannon, Communication Theory of Secrecy Systems , Bell Systems Technical Journal, Vol. 28, pp. 656715, 1948. Eli Biham - May 3, 2005 c 54 Shannons Theory of Secrecy Systems (2)

584 views • 14 slides
Lecture 5: Linear regression (contd.) Regularization ML Methodology Learning

Lecture 5: Linear regression (contd.) Regularization ML Methodology Learning

Lecture 5: Linear regression (contd.) Regularization ML Methodology Learning theory Aykut Erdem October 2017 Hacettepe University About class projects This semester the theme is machine learning and the city. To be done

1.32k views • 91 slides
Shannon's Theory of Communication An operational introduction 5 September 2014, Introduction to

Shannon's Theory of Communication An operational introduction 5 September 2014, Introduction to

Shannon's Theory of Communication An operational introduction 5 September 2014, Introduction to Information Systems Giovanni Sileno g.sileno@uva.nl Leibniz Center for Law University of Amsterdam Fundamental basis of any communication

1.49k views • 104 slides
Shannon-type Inequalities, Submodular Width, and Disjunctive Datalog Hung Q. Ngo (Stealth Mode)

Shannon-type Inequalities, Submodular Width, and Disjunctive Datalog Hung Q. Ngo (Stealth Mode)

Shannon-type Inequalities, Submodular Width, and Disjunctive Datalog Hung Q. Ngo (Stealth Mode) With Mahmoud Abo Khamis and Dan Suciu @ PODS 2017 Table of Contents Connecting the Dots Output Size Bounds and Information Theory Shannon-flow

2.22k views • 190 slides
classifier Sutanu Gayen Drawbacks of state-of-the art chess engines Contd.. Rule of square:

classifier Sutanu Gayen Drawbacks of state-of-the art chess engines Contd.. Rule of square:

Intuition and chess endgame classifier Sutanu Gayen Drawbacks of state-of-the art chess engines Contd.. Rule of square: Contd.. Key squares : Rook pawns Contd.. Key squares : Non Rook pawns Contd.. Taking the opposition:

511 views • 12 slides
The Shannon-McMillan theorem (AEP) for quantum sources and related topics I.Bjelakovic, T.K., A.

The Shannon-McMillan theorem (AEP) for quantum sources and related topics I.Bjelakovic, T.K., A.

The Shannon-McMillan theorem (AEP) for quantum sources and related topics I.Bjelakovic, T.K., A. Szkola, R.Siegmund-Schultze Motivation Transfer of fundamental theorems of classical information theory to quantum information theory In

552 views • 27 slides
Mid Shannon Wilderness Park The potential future of the Longford bogs Mid Shannon Potential 22

Mid Shannon Wilderness Park The potential future of the Longford bogs Mid Shannon Potential 22

Mid Shannon Wilderness Park The potential future of the Longford bogs Mid Shannon Potential 22 Longford Tourism Projects-Mid Shannon Wilderness Park Mid Shannon Trail Longford Shannon Greenway Our National Goal

601 views • 20 slides
Applied Information Theory Daniel Bosk Department of Information and Communication Systems, Mid

Applied Information Theory Daniel Bosk Department of Information and Communication Systems, Mid

Introduction Shannon entropy Applications References Applied Information Theory Daniel Bosk Department of Information and Communication Systems, Mid Sweden University, Sundsvall. 14th March 2019 1 Introduction Shannon entropy

775 views • 59 slides
Achieving Channel Capacity With Lattice Codes: From Fermat to Shannon Cong Ling Imperial College

Achieving Channel Capacity With Lattice Codes: From Fermat to Shannon Cong Ling Imperial College

Outline Statement of Coding Problems in Information Theory Lattices and Algebraic Number Theory Coding for Gaussian, Fading Achieving Channel Capacity With Lattice Codes: From Fermat to Shannon Cong Ling Imperial College London

928 views • 60 slides
BrickNet (contd) BrickNet (contd) Other Academic Projects Other Academic Projects

BrickNet (contd) BrickNet (contd) Other Academic Projects Other Academic Projects

Special Course on Networked Virtual January 29, 2004 Environments BrickNet (contd) BrickNet (contd) Other Academic Projects Other Academic Projects Object Object- -request brokers on request brokers on MASSIVE MASSIVE

496 views • 4 slides
Programming a Computer for Playing Chess by C.E. Shannon Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Programming a Computer for Playing Chess by C.E. Shannon Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Programming a Computer for Playing Chess by C.E. Shannon Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Abstract About C.E. Shannon. 1916 2001. The father of Information theory. The father of

600 views • 21 slides
CS70: Lecture 35. Regression (contd.): Linear and Beyond CS70: Lecture 35. Regression (contd.):

CS70: Lecture 35. Regression (contd.): Linear and Beyond CS70: Lecture 35. Regression (contd.):

CS70: Lecture 35. Regression (contd.): Linear and Beyond CS70: Lecture 35. Regression (contd.): Linear and Beyond 1. Review: Linear Regression (LR), LLSE 2. LR: Examples 3. Beyond LR: Quadratic Regression 4. Conditional Expectation (CE) and

2.12k views • 132 slides
Monitoring US Military and CIA use of Shannon Airport www.shannonwatch.org John Lannon Shannon

Monitoring US Military and CIA use of Shannon Airport www.shannonwatch.org John Lannon Shannon

Monitoring US Military and CIA use of Shannon Airport www.shannonwatch.org John Lannon Shannon a Civilian Airport? Facilitating US war activities in Afghanistan and Iraq An important node in the US renditions network Munitions

450 views • 18 slides
Arrays (contd) Arrays (contd) The previous example creates

Arrays (contd) Arrays (contd) The previous example creates

Arrays An array is a set of variables of the same type accessed by their index Arrays (Savitch, Chapter 7.1-7.2) int[] day = new int[4]; TOPICS 31 28 31 30 Array

419 views • 7 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

600 views • 25 slides
Towards the Exploitation of Statistical Language Models for Plagiarism Detection with Reference

Towards the Exploitation of Statistical Language Models for Plagiarism Detection with Reference

Towards the Exploitation of Statistical Language Models for Plagiarism Detection with Reference Alberto Barrn Cedeo and Paolo Rosso Universidad Politcnica de Valencia July, 2008 LM for plagiarism detection PAN08, Patras Greece 1/20

301 views • 28 slides
V.3 Top-k Query Processing 3.1 IR-style heuristics for efficient inverted index scans 3.2

V.3 Top-k Query Processing 3.1 IR-style heuristics for efficient inverted index scans 3.2

V.3 Top-k Query Processing 3.1 IR-style heuristics for efficient inverted index scans 3.2 Fagins family of threshold algorithms (TA) 3.3 Approximation algorithms based on TA IR&DM, WS'11/12 December 6, 2011 V.1 Indexing with

916 views • 64 slides
Quality Estimation for Language Output Applications Carolina Scarton, Gustavo Paetzold and Lucia

Quality Estimation for Language Output Applications Carolina Scarton, Gustavo Paetzold and Lucia

Quality Estimation for Language Output Applications Carolina Scarton, Gustavo Paetzold and Lucia Specia University of Sheffield, UK COLING, Osaka, 11 Dec 2016 Quality Estimation Approaches to predict the quality of a language output

863 views • 65 slides
Multi-agent reinforcement learning for new generation control systems Manuel Graa 1 , 2 ; Borja

Multi-agent reinforcement learning for new generation control systems Manuel Graa 1 , 2 ; Borja

Multi-agent reinforcement learning for new generation control systems Manuel Graa 1 , 2 ; Borja Fernandez-Gauna 2 1 ENGINE centre, Wroclaw Technological University; 2 Computational Intelligence Group (www.ehu.eus/ccwintco) University of the

1.31k views • 92 slides
W arped e ff ective theories and holography Luca Martucci University of Padova based on:

W arped e ff ective theories and holography Luca Martucci University of Padova based on:

a DIPARTIMENTO D DI FISICA F E ASTRONOMIA A Galileo Galilei W arped e ff ective theories and holography Luca Martucci University of Padova based on: 1610.02403 1411.2623 1603.04470 with Alberto Zaffaroni Plan Part I: Effective

572 views • 45 slides
Enhancing and Double Field Theory G . A l d a z a b a l , C A B - I B , B a r

Enhancing and Double Field Theory G . A l d a z a b a l , C A B - I B , B a r

Enhancing and Double Field Theory G . A l d a z a b a l , C A B - I B , B a r i l o c h e S t r i n g y G e o m e t r y , M I T P , 2 0 1 5 I n c o l l a b o r a t i o n w i t h

1.44k views • 131 slides
The DOM tree 1 CS380 The DOM tree 2 CS380 Types of DOM nodes 3 <p> This is a

The DOM tree 1 CS380 The DOM tree 2 CS380 Types of DOM nodes 3 <p> This is a

The DOM tree 1 CS380 The DOM tree 2 CS380 Types of DOM nodes 3 <p> This is a paragraph of text with a <a href="/path/page.html">link in it</a>. HTML </p> element nodes (HTML tag) can have

596 views • 30 slides

More recommend