Confidentiality in a very strong sense. Ciphers reaching perfect-secrecy can't be broken to disclose informations over the plaintext from the ciphertext, even with unlimited computing power. The most known example cipher reaching perfect screcy is the one-time-pad.
Questions tagged [perfect-secrecy]
191 questions
17
votes
12 answers
Are one-time pads crackable in theory?
I've been taught that one-time pads are the only perfect encryption since the only way to recover the message is by knowing the key.
For example, for a target bitstring of 100 bits, I cannot scan all bitstrings of 100 bits and XOR each with the…
yters
- 429
- 1
- 3
- 9
17
votes
2 answers
Is perfect-forward secrecy achieved with RSA?
I am new to cryptography and am going through the book Understanding Cryptography by Paar and Pelzl.
From what I understand Symmetric key distribution systems like Kerberos do not provide PFS because an attacker will be able to decrypt every…
Ben Lamm
- 273
- 1
- 2
- 6
14
votes
2 answers
Can one claim that AES has perfect secrecy for a key size and message size of 128 bits?
While looking at this question I discovered the following here (question 5), and wanted to ask it as a separate question.
Alice knows that she will want to send a single 128-bit message to Bob
at some point in the future. To prepare, Alice and…
daniel
- 912
- 5
- 15
13
votes
3 answers
One time pad: why is it useless in practice?
The symmetric cryptosystem one-time pad (OTP) seems to be very beautiful since it is perfectly secret according to Shannon. Many books, however, point out the main drawback: one must create a secret key the same length as the plaintext. For this…
Dubious
- 273
- 1
- 2
- 6
12
votes
2 answers
Definitions of secrecy
I found terms like "forward secrecy", "future secrecy", "backwards secrecy" and "perfect forward secrecy" and I would like to know their definitions and to understand the differences among them.
I found several confusing definitions online,…
M-elman
- 1,278
- 3
- 16
- 24
9
votes
1 answer
What are the ways to generate Beaver triples for multiplication gate?
So to speed up the function evaluation we use beaver trick, to generate raw data in the offline phase and use them in the online phase to get the output share for the multiplication gate. So what are the methods to generate these raw data i.e.…
7sujit
- 583
- 4
- 9
9
votes
1 answer
Does perfect forward secrecy (using DH or ECDH) imply quantum resistance?
Does perfect forwarding secrecy, as used for e.g. the DHE_ and ECDHE_ TLS ciphersuites make it impossible for quantum analysis to retrieve the plaintext data within the connection?
Maarten Bodewes
- 96,351
- 14
- 169
- 323
9
votes
5 answers
Perfectly secret cipher can leak about the key?
As defined by Shannon, a cipher is perfectly secure if ciphertext leaks no information about the plain text.
Under this definition, can ciphertext leak something about the key? Are there any ciphers for which this is true?
Pratik Soni
- 133
- 1
- 8
8
votes
2 answers
What is the difference between information-theoretic and perfect types of security?
I'm having a hard time pinning down an exact definition of the difference between information-theoretic and perfect types of security. A rigorous definition seems elusive...
A. Wikipedia puts the difference down to the perfect type being a…
Paul Uszak
- 15,905
- 2
- 32
- 83
8
votes
1 answer
Does Shannon perfect secrecy imply a deterministic encryption algorithm?
Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c \leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$…
user308485
- 203
- 1
- 3
8
votes
2 answers
Proof that perfect privacy implies that the number of keys is at least the number of messages
I was reading a proof to the statement:
Perfect privacy implies that $|K| = |M|$
where I am pretty sure that $K$ is the set of keys and $M$ is the set of messages.
The proof is the following, but I don't understand it (maybe because of the…
user25579
7
votes
3 answers
Manual secret sharing?
What are feasible options for an equivalent of Shamir Secret Sharing using small tables, preferably usable with pen-and-paper? We want to share a secret $K$ into $n\ge2$ shares, so that $m$ shares ($2\le m\le n$) are necessary to reconstruct the…
fgrieu
- 149,326
- 13
- 324
- 622
7
votes
6 answers
why XOR is recommended/Used in every paper I read for encryption and decryption stream cipher?
Stream ciphers use a deceptively simple mechanism: you combine the plaintext data, bit by bit, with “key” bits, using the exclusive or operation.
Why can't I use other opeartions such as NAND, AND, OR . Can you guys give me one real time example…
Bhargav
- 261
- 3
- 8
6
votes
1 answer
perfectly secret with key chosen uniformly
Prove or refute: Every encryption scheme for which the size of the keyspace equals the size of the message space, and for which the key is chosen uniformly from the keyspace, is perfectly secret.
My attempt:
I think the statement is false because I…
Amanda
- 61
- 1
6
votes
2 answers
Why is PerfectForwardSecrecy considered OK, when it has same defects as salt-less password hashing?
PFS suites suffer from the same defects as any other salt-less password hashing scheme.
Why is everyone promoting Perfect Forward Secrecy (PFS) ciphersuites so fiercely?
Namely, when the group/hash weakens, then the attacker can invests into a…
user185953
- 123
- 8