Cryptography and network security

1. Define perfect security in cryptography?

➢ Perfect security refers to a cryptographic system where the ciphertext

provides no information about the plaintext, even to an adversary with
unlimited computational resources. The only way to reveal the plaintext
is by having the exact key used for encryption.
2. What is Shannon's theorem regarding perfect
security?
➢ Shannon's theorem states that a cryptographic system has perfect
security if the size of the key is at least as large as the size of the
message, and the key is used only once (as in a one-time pad), making
it impossible for an attacker to gain any information from the
ciphertext.
3. What is the main requirement for a
cryptographic system to achieve perfect security?

➢ The main requirement is that the encryption key must be random, at

least as long as the message, and used only once. Additionally, the key
must remain completely secret from any potential adversary.
4.How does perfect security differ from
computational security?
➢ Perfect security guarantees that the ciphertext reveals no information
about the plaintext, regardless of the computational power of an
attacker. In contrast, computational security relies on the assumption
that decrypting the ciphertext is computationally infeasible given the
time and resources available.
5. Why is the one-time pad considered a perfectly
secure encryption scheme?

➢ The one-time pad is considered perfectly secure because each bit of the
plaintext is encrypted with a completely random bit from the key, and the
key is as long as the message. If the key is truly random and used only
once, the ciphertext gives no information about the plaintext, ensuring
perfect security.
16 mark:

1. Explain the concept of perfect security in

cryptography and why it is difficult to achieve
in practice?
❖ Perfect secrecy in cryptography means that no computational power can
guess or obtain any information about the plain text or secret keys from
encrypted or cipher text. The concept is most famously associated with
the one-time pad (OTP), a symmetric encryption method proven to be
perfectly secure by Claude Shannon in 1949.

Pr [ E(k,m0) = c ] = Pr [ E(k,m1) = c ]
Key Characteristics of Perfect Security:

➢ Unbreakable Encryption: In a perfectly secure system, even if a hacker

intercepts the ciphertext, they cannot derive any information about the original
plaintext without the key.

➢ One-Time Pad Example: In the OTP system, each bit of the plaintext
is encrypted with a random bit of the key. The key is the same length as
the message and is used only once. If the key is truly random,
completely independent of the plaintext, and never reused, the
encryption cannot be cracked. Even if the attacker intercepts the
encrypted message (ciphertext), every possible plaintext of the same
length is equally likely.
Example:

Plaintext: HELLO (7, 4, 11, 11, 14)

Random key: XMCKL (23, 12, 2, 10, 11)
H(7) + X(23) = (7 + 23) % 26 = 4 -> E
E(4) + M(12) = (4 + 12) % 26 = 16 -> Q
L(11) + C(2) = (11 + 2) % 26 = 13 -> N
L(11) + K(10) = (11 + 10) % 26 = 21 -> V
O(14) + L(11) = (14 + 11) % 26 = 25 -> Z

Ciphertext: E Q N V Z
Why It's Difficult to Achieve in Practice:

➢ Key Distribution: For perfect security, both sender and receiver must
have the same key, which must be securely distributed before
communication. In real-world applications, distributing long, random
keys securely is highly impractical, especially over insecure channels
like the internet.

➢ Key Management: Since the key must be at least as long as the

message, storing and managing such long keys becomes a logistical
challenge.
Reusability Issues: The key can never be reused. In practical systems,
reusing the key compromises security. However, ensuring that a truly
random, unique key is used each time requires a robust system, which is
challenging to maintain.