- Information theoretic security
cryptosystemis information-theoretically secure if its security derives purely from information theory. That is, it is secure even when the adversary has unbounded computing power. An example of an information-theoretically secure cryptosystem is the one-time pad.
An interesting special case is perfect security: an encryption algorithm is perfectly secure if a
ciphertextproduced using it provides no information about the plaintextwithout knowledge of the key. If "E" is a perfectly secure encryption function, for any fixed message "m" there must exist for each ciphertext "c" at least one key such that .
It is quite possible, and common for a cryptosystem to leak some information, but nevertheless have the property that whatever security properties it achieves hold even when the adversary is computationally unbounded. Such a cryptosystem would have information theoretic but not perfect security. The exact definition of security would depend on the cryptosystem in question.
There are a variety of cryptographic tasks for which information theoretic security or privacy is a meaningful and useful requirement. A few of these are:
Secret sharingschemes such as Shamir's are information theoretically secure (and in fact perfectly secure) in that less than the requisite number of shares of the secret provide no information about the secret.
# More generally,
secure multiparty computationprotocols often, but not always have information theoretic security.
Private information retrievalwith multiple databases can be achieved with information theoretic privacy for the user's query.
# Reductions between cryptographic primitives or tasks can often be achieved information theoretically. Such reductions are important from a theoretical perspective, because they establish that primitive can be realized if primitive can be realized.
Symmetric encryptioncan be constructed under an information theoretic notion of security called entropic security, which assumes that the adversary knows almost nothing about the message being sent. The goal here is to hide "all functions" of the plaintext rather than all information about it.
When possible, an algorithm or protocol with information theoretic security has advantages: it does not depend on unproven assumptions about computational hardness, and it is not vulnerable to developments in
Information-theoretic security is often used interchangable with unconditional security. However the latter term can also refer to systems that don't rely on unproven computational hardness assumptions. Today these systems are essentially the same as those that are information-theoretical secure. However it does not always have to be that way. One day
RSAmight be proved secure, thus becoming unconditional secure, but it will never be information-theoretical secure.
Leftover hash-lemma(Privacy amplification)
* A. Russell, H. Wang. "How to fool an unbounded adversary with a short key." Eurocrypt 2002. ( [http://www.engr.uconn.edu/~acr/Papers/encryption-euro-final.ps postscript] )
Wikimedia Foundation. 2010.
Look at other dictionaries:
Information theory — Not to be confused with Information science. Information theory is a branch of applied mathematics and electrical engineering involving the quantification of information. Information theory was developed by Claude E. Shannon to find fundamental… … Wikipedia
Private information retrieval — In cryptography, a private information retrieval (PIR) protocol allows a user to retrieve an item from a server in possession of a database without revealing which item she is retrieving. PIR is a weaker version of 1 out of n oblivious transfer,… … Wikipedia
List of information theory topics — This is a list of information theory topics, by Wikipedia page.*A Mathematical Theory of Communication *algorithmic information theory *arithmetic encoding *channel capacity *Communication Theory of Secrecy Systems *conditional entropy… … Wikipedia
Extreme physical information — (EPI) is a principle, first described and formulated in 1998 Frieden, B. Roy Physics from Fisher Information: A Unification , 1st Ed. Cambridge University Press, ISBN 0 521 63167 X, pp328, 1998 ( [ref name= Frieden6 ] shows 2nd Ed.)] by B. Roy… … Wikipedia
One-time pad — Excerpt from a one time pad In cryptography, the one time pad (OTP) is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit … Wikipedia
Computational hardness assumption — In cryptography, a major goal is to create cryptographic primitives with provable security. In some cases cryptographic protocols are found to have information theoretic security, the one time pad is a common example. In many cases, information… … Wikipedia
Reihaneh Safavi-Naini — Reihaneh (Rei) Safavi Naini (PerB|ريحانه صفوی نائينی ) is the [http://www.icore.ca/ iCORE] Chair in Information Security at the University of Calgary, Canada. Before joining University of Calgary in 2007, she was a Professor of Computer Science,… … Wikipedia
Secret sharing — refers to any method for distributing a secret amongst a group of participants, each of which is allocated a share of the secret. The secret can only be reconstructed when the shares are combined together; individual shares are of no use on their … Wikipedia
List of cryptology conferences — This is a list of conferences and workshops in the area of cryptology. The most important events in thisarea are organized by or somehow affiliated with the IACR. =IACR conferences = IACR sponsors the following three conferences: * CRYPTO (an… … Wikipedia
Shamir's Secret Sharing — is an algorithm in cryptography. It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret.Counting on… … Wikipedia