Stream Cipher Equivocation (SCE) is an investigation into cryptographic constructions for personal use that offer ideal resistance to cryptanalytic attacks by a resourceful adversary.
Vernam ciphers employ one-time secret keys having the same length as the form of the message being encrypted. The cipher is sometimes referred to as a One Time Pad (OTP) [cipher] because of historical techniques for sharing the one-time secret keys. Shannon  demonstrated that Vernam ciphers are perfect in a particular sense. No other cipher can do better under the same assumptions and conditions. There is no "more-perfect." This does not assure that a Vernam-encrypted message cannot be cracked by a determined adversary with sufficient time and resources. The assumptions and conditions are critical. These are identified and reviewed for SCE.
Vernam encryption/decryption is straightforward and appealing for digital processing. The practical limitations arise in producing, exchanging, and protecting the never-duplicated one-time keys. It is also challenging to produce cryptographic-quality keys that approach satisfaction of the perfect-cipher conditions.
Practical stream ciphers are not perfect. Instead, a cryptographically-derived, quasi-perfect cipher is obtained from a reasonable-length one-time secret key that is easier to share between the parties involved. The question for the design and use of such ciphers is how they can be strong enough to defeat feasible cryptanalysis while falling short of perfection. The goal is to have a less-than-perfect but ideal cipher that provides effective protection against a resourceful adversary.
Shannon introduces equivocation as a measure of the degree of uncertainty in discerning the message that was sent given only the cryptogram (the enciphered text) and complete knowledge of the encryption procedure apart from the secret key. Equivocation is 0 when there is no uncertainty and 1 when there is complete uncertainty. Under certain conditions, a cryptogram stream equivocation decreases until it reaches 0 (the unicity point) given a sufficiently lengthy stream. At the unicity point, the encrypted message is theoretically completely determined.
Equivocation of a stream cipher is a non-increasing function of cryptogram length. A cipher is considered ideal if it can forestall cryptograms reaching the unicity point indefinitely for any finite-length message. A cipher is strongly ideal if the equivocation does not decrease as cryptogram streams lengthen.
It is commonplace to express resistance to cryptanalytic attack as being of the same order as the brute-force probability of guessing a k-bit number. Since there are 2k values with that many bits, the ability to guess a given one at random is 1/2k, usually written 2-k.
There are many factors that lead to reduction of k in practice, and equivocation is an important one. Some efforts to make resistance more difficult by increasing the work required do not change the order of difficulty. Powerful resistance improvements increase k without corresponding penalty for encryption/decryption.
To assess stream-cipher approaches, it is valuable to estimate k as a function of underlying characteristics of the cipher, of the key source, and of the messages being encrypted. Appraisals of SCE shall provide such accounts.
SCE investigates prospects of quasi-Vernam approaches that have an ideal cryptanalytic resistance level. Of particular concern is identification of constraints and parameters sufficient for a desired threshhold of resistance (k) against particular adversarial capabilities.
- n170401b: SCE Development [Latest]
- n170401c: SCE Background
- n170401a: Diary & Job Jar
- n170401-assets: Assets used/cited for SCE Development
- n130101: NIST Cryptographic Resources
Additional assets and guidance used in the characterization of SCE approaches
-  Wikipedia. One-time pad. Article. 2017-04-07 version accessed on the Internet at <https://en.wikipedia.org/w/index.php?title=One-time_pad&oldid=774221178>. An informal introduction to the practical situation that does not address equivocation and how perfect need not be synonymous with unbreakable. SCE development is intended to clarify that situation and the hypothesis of "all equally likely" plaintexts being neither a consequence nor a guarantee.
- [Pierce1980] Pierce, John R. An Introduction to Information Theory: Symbols, Signals, and Noise. Dover Publications (New York: 1980). ISBN 0-486-24061-4 pbk. An unabridged and revised edition of the author's 1961 popular account. The survey of information theory keeps mathematical aspects mainly accessible. This is recommended along with [Shannon1963] for helpful background before tackling [Shannon1949].
- [Shannon1963] Shannon, Claude E., Weaver, Warren. The Mathematical Theory of Communication. University of Illinois Press (Urbana: 1963). The 1998 Illini Books Edition reissue with Foreword by Richard E. Blahut and Bruce Hajek. ISBN 0-252-72548-4 pbk. Kindle edition available. Includes expanded expository paper by Warren Weaver and, with minor corrections, the original [Shannon1948].
- [Shannon1948] Shannon, Claude E. A Mathematical Theory of Communication. Bell Systems Technology Journal 27, 3 (July 1948), pp. 379-423; 27, 4 (October 1948), pp. 623-666. The foundation of Information Theory.
- [Shannon1949] Shannon, Claude E. Communication Theory of Secrecy Systems. Bell Systems Technology Journal 28, 4 (October 1949), pp. 656-715. Building on [Shannon1948], this paper applies information theory to communication ciphers, introducing important distinctions of perfect secrecy, ideal secrecy, and practical measures.
- Hamilton, Dennis E.
- SCE: Stream Cipher Equivocation. nfoWorks nfoNote folio n170401 0.0.5, April 22, 2017. Accessed at <http://nfoWorks.org/notes/2017/04/n170401.htm>.
created 2017-04-11-10:22 -0700