# Information Security

### CMP-5006

### Alejandro Proano, PhD

## Probabilities

A discrete random variable, say $X$, consists of a finite set $X$ and a probability distribution defined on $X$. The probability that the random variable $X$ takes on the value $x$ is denoted $Pr[X = x]$; sometimes we will abbreviate this to $Pr[ x ]$ if the random variable $X$ is fixed. It must be the case that:

> $0 ≤ Pr[ x ], \forall x \in X$

> $\sum_{x \in X} Pr[x] = 1$.

### Bayes' Theorem


If $Pr[y] > 0$, then

> $Pr[ x |y] = \frac{Pr[x]Pr[y|x]}{Pr[y]}$


**COROLLARY:** If $X$ and $Y$ are independent random variables if and only if 

> $Pr[ x |y] = Pr[ x ]$

> $\forall x\in X, y\in Y$


## Perfect Secrecy

A cryptosystem has perfect secrecy if 

> $Pr[ x |y] = Pr[ x ]$

> $\forall x ∈ P , y ∈ C$ 

That is, the a posteriori probability that the plaintext is $x$, given that the ciphertext $y$ is observed, is identical to the a priori probability that the plaintext is $x$.

### Example

Shifter cryptosystem


## Entropy

- In cryptography, entropy refers to the randomness collected by a system for use in algorithms that require random data. 
- Entropy is a measure of the unpredictability of information contained in a message. In other words, it is the expected value of the information contained in each message.

### Definition

Suppose $X$ is a discrete random variable that takes on values from a finite set $X$. Then, the entropy of the random variable $X$ is defined to be the quantity:

> $H (X) = − \sum_{x \in X} Pr[ x ] \log_2 Pr[ x ]$.


### Conditional Entropy

Suppose $X$ and $Y$ are two random variables. Then for any fixed value $y$ of $Y$, we get a (conditional) probability distribution on $X$; we denote the associated random variable by $X|y$. Clearly,

> $H (X|y) = − \sum_x Pr[ x |y] \log_2 Pr[ x |y]$

We define the conditional entropy, denoted $H(X|Y)$, to be the weighted average $(with respect to the probabilities $Pr[y]$) of the entropies $H(X|y)$ over all possible values $y$. It is computed to be

> $H (X|Y) = − \sum_x \sum_y Pr[y]Pr[ x |y] \log_2 Pr[ x |y]$.

The conditional entropy measures the average amount of information about $X$ that is not revealed by $Y$.


### Key Equivocation

It is a measure of the amount of uncertainty of the key remaining when the ciphertext is known.

> $H ( K | C ) = H ( K ) + H ( P ) − H ( C )$


### Spurious Keys

If a cryptoanalyst is trying to figure out the key used to encrypt a ciphertext. She will reduce the set of keys to a smaller set of keys. Of those keys, there is one that is the true key **k**. The other keys in this small set are called **spurious keys**




### Redundancy

Suppose $L$ is a natural language. The entropy of $L$ is defined to be the quantity

> $H_L = \lim_{n \rightarrow \infty} \frac{H({\bf P}^n)}{n}$

where $P^n$ is the random variable that has as its probability distribution that of all n-grams of plaintext


The redundancy of $L$ is defined to be

> $R_L = 1 − \frac{H_L}{\log_2 |P |}$

$H_L$ measures the entropy per letter of the language $L$. A random language would have entropy $log_2 |P |$. So the quantity $R_L$ measures the fraction of **excess characters**, which we think of as redundancy.


### Theorem

Suppose there is a cryptosystem where $|C| = |P |$ and keys are chosen equiprobably. Let $R_L$ denote the redundancy of the underlying language. Then given a string of ciphertext of length $n$, where $n$ is sufficiently large, the expected number of spurious keys, $s_n$, satisfies

> $\hat{s_n} \geq \frac{|K|}{|P|^{nR_L}}$ - 1


This quantity approaches 0 exponentially quickly as $n$ increases. 

### Unicity Distance 

A cryptosystem has a unicity distance is defined to be the value of $n$, denoted by $n_0$ , at which the expected number of spurious keys becomes zero; i.e., the average amount of ciphertext required for an opponent to be able to uniquely compute the key, given enough computing time.
