Towards Foundations of Cryptographie: Investigation of Perfect Secrecy

In the spirit of Shannon's theory of secrecy systems we analyse several possible natural de nitons of the notion of perfect secrecy; these de nitions are based on arguments taken from probability theory, information theory, the theory of computational complexity, and the theory of program-size complexity or algorithmic information. It turns out that none of these de nitions models the intuitive notion of perfect secrecy completely: Some fail because a cryptographic system with weak keys can be proven to achieve perfect secrecy in their framework; others fail, because a system which, intuitively, achieves perfect secrecy cannot be proven to do so in their framework. To present this analysis we develop a general formal framework in which to express and measure secrecy aspects of information transmission systems. Our analysis leads to a clari cation of the intuition which any de nition of the notion of perfect secrecy should capture and the conjecture, that such a de nition may be impossible, that is, that only secrecy by degrees can be de ned rigorously. This analysis also leads to a clari cation of what the cryptographic literature refers to as the one-time pad. On the basis of the arguments used for its strength in the literature, one has to distinguish between two quite di erent systems: the rst kind uses randomly chosen strings of some given length; the second kind uses random strings, that is, patternless strings of some given length. The former achieves perfect secrecy in the sense of Shannon, but permits weak keys { like the all-zero key; the latter, while intuitively stronger, does not achieve perfect secrecy in any of the proposed senses. Finally, the analysis exposes the need for a formal, non-operational, but mathematical de nition of the notion of weak key.