Does Shannon perfect secrecy imply a deterministic encryption algorithm?












6












$begingroup$


Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.



In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?



i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.










share|improve this question









$endgroup$

















    6












    $begingroup$


    Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.



    In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?



    i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.










    share|improve this question









    $endgroup$















      6












      6








      6





      $begingroup$


      Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.



      In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?



      i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.










      share|improve this question









      $endgroup$




      Consider an encryption scheme $(Gen,Enc,Dec)$ where $Gen$ is the key generation algorithm, $Enc$ is the encryption algorithm, where $c leftarrow Enc_{k}(m) $ is taken to mean that the message $m$ in some message space $M$ encrypted with a key $k$ generated from some keyspace $K$ using $Gen$ produces the ciphertext $c$ which belongs to some cipherspace $C$, and where $Dec_{k}(c) = m$ is the decryption algorithm which is always deterministic.



      In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic?



      i.e. is it impossible that there exist two different ciphertexts $c_{1},c_{2} in C$ that are both produced by encrypting the same (message, key) pair? It seems once you restrict the three spaces to have equal cardinality, the encryption algorithm must be deterministic, but I cannot seem to prove this formally.







      perfect-secrecy






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Feb 13 at 21:05









      user308485user308485

      1383




      1383






















          1 Answer
          1






          active

          oldest

          votes


















          6












          $begingroup$


          In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic




          Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.



          In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)




          Does this imply that $Enc$ is deterministic?




          Yes; the pigeon-hole principal is your friend.



          Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).



          We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.



          There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).



          Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.






          share|improve this answer









          $endgroup$









          • 2




            $begingroup$
            It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
            $endgroup$
            – kodlu
            Feb 13 at 23:05












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "281"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67284%2fdoes-shannon-perfect-secrecy-imply-a-deterministic-encryption-algorithm%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          6












          $begingroup$


          In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic




          Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.



          In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)




          Does this imply that $Enc$ is deterministic?




          Yes; the pigeon-hole principal is your friend.



          Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).



          We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.



          There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).



          Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.






          share|improve this answer









          $endgroup$









          • 2




            $begingroup$
            It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
            $endgroup$
            – kodlu
            Feb 13 at 23:05
















          6












          $begingroup$


          In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic




          Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.



          In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)




          Does this imply that $Enc$ is deterministic?




          Yes; the pigeon-hole principal is your friend.



          Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).



          We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.



          There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).



          Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.






          share|improve this answer









          $endgroup$









          • 2




            $begingroup$
            It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
            $endgroup$
            – kodlu
            Feb 13 at 23:05














          6












          6








          6





          $begingroup$


          In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic




          Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.



          In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)




          Does this imply that $Enc$ is deterministic?




          Yes; the pigeon-hole principal is your friend.



          Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).



          We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.



          There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).



          Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.






          share|improve this answer









          $endgroup$




          In Shannon perfect secrecy, it is assumed that $|K| = |M| = |C|$. Does this imply that $Enc$ is deterministic




          Actually, the standard definition doesn't actually imply that. It is necessary that $|K| ge |M|$ and $|K| ge |C|$, however in neither case does equality have to hold.



          In any case, I'll proceed with the assumption that we have $|M| = |C|$ (the length of the key turns out not to matter for your question)




          Does this imply that $Enc$ is deterministic?




          Yes; the pigeon-hole principal is your friend.



          Consider any fixed key $k$, and all plaintexts of length $n$ (there are $2^n$ of them). If you encrypt any one of them with the key, it will result in a ciphertext of length $n$ (and, again, there are $2^n$ possible ciphertexts).



          We assume that the encryption process is invertible (that is, $Dec_k(Enc_k(m)) = m$ for any $m$), and so two different plaintexts must result in different ciphertexts.



          There are $2^n$ plaintexts mapping to $2^n$ ciphertexts, and so each plaintext must map to precisely one ciphertext (pigeon-hole principle; if there was a plaintext that could map to two different ciphertexts, there must be a plaintext that doesn't map to any, and we assume that doesn't happen).



          Hence, the encryption for any specific key is deterministic; that means that encryption for all keys is deterministic.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Feb 13 at 21:43









          ponchoponcho

          94.5k2151248




          94.5k2151248








          • 2




            $begingroup$
            It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
            $endgroup$
            – kodlu
            Feb 13 at 23:05














          • 2




            $begingroup$
            It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
            $endgroup$
            – kodlu
            Feb 13 at 23:05








          2




          2




          $begingroup$
          It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
          $endgroup$
          – kodlu
          Feb 13 at 23:05




          $begingroup$
          It's also a nice way to see clearly that for perfect secrecy, the strength of the scheme comes exclusively from the randomness in the key. This then supports the logical foundation of Kerchoff's principle.
          $endgroup$
          – kodlu
          Feb 13 at 23:05


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Cryptography Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67284%2fdoes-shannon-perfect-secrecy-imply-a-deterministic-encryption-algorithm%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Human spaceflight

          Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

          張江高科駅