Cpsc 467a: Cryptography and Computer Security Notes 3 (rev. 2) Lecture Notes 3 13 Caveats with Perfect Secrecy

In Section 12, we saw how a seemingly minor change in a cryptosystem changed it from one that had perfect secrecy to one that leaked a considerable amount of information to Eve. Perfect secrecy, while perhaps difficult to obtain, might seem like the ideal that one should strive for. We make two observations to show that even a scheme with perfect secrecy is not without defects and must still be used carefully. First of all, our simplified Caesar cipher succumbs immediately to a known plaintext attack, since if one knows even a single plaintext-ciphertext pair (m 1 , c 1), one can easily solve the equation c 1 = E k (m 1) = (m 1 + k) mod 3 to find the key k = (c 1 − m 1) mod 3. Hence, any subsequent ciphertext c = E k (m) is immediately decrypted using D k () and the system is completely broken. Second, a system with perfect secrecy can be subject to a modification attack whereby an attacker who can both read and alter messages en route can modify the contents of a message in specific semantically-meaningful ways even though he has no idea what the message actually is. We refer to such an active attacker as " Mallory " , and we call such an attack a man-in-the-middle attack. Here's what Mallory could do to the one-letter Caesar cipher (where we now return to the original version that works over the full 26-letter alphabet). Suppose Alice sends c to Bob. Mallory intercepts it and changes c to (c + 5) mod 26. Even though he doesn't know the key and cannot read m, he knows that his change will alter m in a similar way, changing m to (m + 5) mod 26. Why? Let's do the calculations, where all arithmetic is done modulo 26: D k (c) = D k (c + 5) = c + 5 − k = D k (c) + 5 = m + 5. Depending on the application, this could be a devastating attack. Suppose Alice were a financial institution that was making a direct deposit of m thousand dollars to Mallory's bank account at the Bob bank. By this attack, Mallory could get an extra 5 thousand dollars put into his account each month. For another application, note that the English vowels are all represented by even numbers in …