# 2. Prove that if a cryptosystem has perfect secrecy and |K|= |C|= |P|, then every ciphertext is equally probable.

We say that a cryptosystem has perfect secrecy if the probability of a message, given a ciphertext, is the same as the probability of the message in spite of the received ciphertext. Hence, knowing the ciphertext gives no information about the original message:

$$
p(a|b) = p(a)
$$

for any $a \in P$ (the plaintext) and $y \in C$ (the ciphertext). 

Now, given that our cryptosystem has perfect secrecy, we can try to use Baye's Theorem:

$$
p(a|b) = \frac{p(b|a)p(a)}{p(b)}
$$

because of perfect secrecy, we get:
$$
p(a) = \frac{p(b|a)p(a)}{p(b)}
$$

$$
p(b|a) = p(b)
$$

which means that the probability of obtaining an specific ciphertext $b$ given a plaintext $a$ is the same as just obtaining $b$.

Now, we know that $|K| = |C| = |P|$, where:

* $|K|$: all the possible keys
* $|C|$: all the possible ciphertexts
* $|P|$: all the possible plaintexts

we can state that all this "sets" have a one-to-one correspondance, which means that we can map each plaintext to a unique ciphertext using a unique key $k$ (each pair (a,b) can be uniquely linked through $k$). So there is only **one** key $k$ that satisfies:

$$
e_k(a) = b
$$

Now, to obtain an specific $k_i$ from the set of all possible keys ($|K|$), we need every key $k_i$ to have the same probability since we have perfect secrecy, which ensures that there is no key more "special" or "more likely" to be picked than the other keys that form the set $|K|$ of all possible keys:

$$
p(k) = \frac{1}{|K|}
$$

this equality ensures that each plaintext has a unique key that can map it to a given ciphertext, and all keys are equally likely.

Now, let’s calculate the probability of a specific ciphertext ($p(b)$). To find it, it is neccessary to take into consideration all possible plaintext messages $a \in P$ that could have been turned into the ciphertext $b$. For this, the law of Total Probability is neccesary:

$$
p(b) = \sum_{a \in P}^{} p(b|a)p(a)
$$

where it is also taken into consideration the probability that a ciphertext $b$ is the result of encrypting a given plaintext $a$ and the probability of picking a plaintext $a$.

Now, given a plaintext $a$ and its corresponding ciphertext $b$ the encryption function $e_k(a)=b$ implies that:

$$
p(b|a) = \frac{1}{|K|}
$$

because there is exactly one key that maps a to b, and each key has the same probability to be picked, so:

$$
p(b) = \sum_{a \in P}^{} p(b|a)p(a) = \sum_{a \in P}^{} \frac{1}{|K|}p(a)
$$

$$
p(b) = \frac{1}{|K|}\sum_{a \in P}p(a)
$$

assuming a perfect distribution over plain text messages, which means that every $a \in P$ has an equal probability, $\sum_{a \in P}p(a) = 1$:

$$
p(b) = \frac{1}{|K|}
$$

and since $|K| = |C|$:

$$
p(b) = \frac{1}{|C|}
$$

which means that each ciphertext $b$ has the same probability of being picked $\blacksquare$.

# 3. Suppose that APNDJI or XYGROBO are ciphertexts that are obtained from encryption using the Shift Cipher. Show in each case that there are two ”meaningful” plaintexts that could encrypt to the given ciphertext.

We can use a caesar decryption proccess in order to fulfill this task. 

In [1]:
def caesar_decrypt(ciphertext, shift):
    decrypted_text = ""
    
    for char in ciphertext:
        if char.isalpha():  # we only work with alphabetic characters
            ascii_offset = 65 if char.isupper() else 97 # deal with lower or uppercase 
            decrypted_text += chr((ord(char) - ascii_offset - shift) % 26 + ascii_offset)
        else:
            decrypted_text += char 

    return decrypted_text

In order to prove that there are at two "meaningful" plaintexts as a result of the decryption process, we can donwload a list of english words from a source like https://github.com/dwyl/english-words, list that can be found in the `words.txt` file. The use of it is justified since it serves as a reference to determine which decrypted outputs are valid English words.

In [7]:
# Load a list of English words
with open("words.txt") as word_file:
    english_words = set(word.strip().lower() for word in word_file)

Once that is done, the rest is just try the 26 possibilities of shift that are available

## For the ciphertext **APNDJI**

In [8]:
# Check if each decrypted text is a valid English word
for shift in range(26):
    decrypted_message = caesar_decrypt("APNDJI", shift).lower()
    if decrypted_message in english_words:
        print(f"Shift {shift}: {decrypted_message.upper()} is a valid word")

Shift 15: LAYOUT is a valid word
Shift 21: FUSION is a valid word


## For the ciphertext **XYGROBO**

In [9]:
# Check if each decrypted text is a valid English word
for shift in range(26):
    decrypted_message = caesar_decrypt("XYGROBO", shift).lower()
    if decrypted_message in english_words:
        print(f"Shift {shift}: {decrypted_message.upper()} is a valid word")

Shift 10: NOWHERE is a valid word
Shift 23: ABJURER is a valid word


Thus, for each ciphertext, two different shifts that produce meaningful plaintexts were shown, meeting the requirements of the problem $\blacksquare$.