Provably Secure Encryption

Abstract

This chapter deals with provable security. It is desirable that mathematical proofs show that a given cryptosystem resists certain types of attacks. The security of cryptographic schemes and randomness are closely related. An encryption method provides secrecy only if the ciphertexts appear sufficiently random to the adversary. Therefore, probabilistic encryption algorithms are required. The pioneering work of Shannon on provable security, based on his information theory, is discussed in Section 9.1. For example, we prove that Vernam’s one-time pad is a perfectly secret encryption. Shannon’s notion of perfect secrecy may be interpreted in terms of probabilistic attacking algorithms, which try to distinguish between two candidate plaintexts (Section 9.2). Unfortunately, Vernam’s one-time pad is not practical in most situations. In Section 9.3, we give important examples of probabilistic encryption algorithms that are practical. One-way permutations with hard-core predicates yield computationally perfect pseudorandom bit generators (Chapter 8), and these can be used to define “public-key pseudorandom one-time pads”, by analogy to Vernam’s one-time pad: the plaintext bits are XORed with pseudorandom bits generated from a short, truly random (one-time) seed. More recent notions of provable security, which include the computational complexity of attacking algorithms, are considered in Section 9.4. The computational analogue of Shannon’s perfect secrecy is defined. A typical security proof for probabilistic public-key encryption schemes is given. We show that the public-key one-time pads, introduced in Section 9.3, provide computationally perfect secrecy. Finally, a short introduction to some results of the “unconditional security approach” is given in Section 9.5. In this approach, the goal is to design practical cryptosystems which provably come close to perfect information-theoretic security, without relying on unproven assumptions about problems from computational number theory.