A Provably-Secure Strongly-Randomized Cipher

  • Ueli M. Maurer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 473)


Shannon’s pessimistic theorem, which states that a cipher can be perfect only when the entropy of the secret key is at least as great as that of the plaintext, is relativized by the demonstration of a randomized cipher in which the secret key is short but the plaintext can be very long. This cipher is shown to be “perfect with high probability”. More precisely, the enemy is unable to obtain any information about the plaintext when a certain security event occurs, and the probability of this event is shown to be arbitrarily close to one unless the enemy performs an infeasible computation. This cipher exploits the existence of a publicly-accessible string of random bits whose length is much greater than that of all the plaintext to be encrypted before the secret key and the randomizer itself are changed. Two modifications of this cipher are discussed that may lead to practical provably-secure ciphers based on either of two assumptions that appear to be novel in cryptography, viz., the (sole) assumption that the enemy’s memory capacity (but not his computing power) is restricted and the assumption that an explicit function is, in a specified sense, controllably-difficult to compute, but not necessarily one-way.


  1. [1]
    J.L. Massey, An introduction to contemporary cryptology, Proceedings of the IEEE, vol. 76, no. 5, pp. 533–549, May 1988.CrossRefGoogle Scholar
  2. [2]
    J.L. Massey and I. Ingemarsson, The Rip van Winkle cipher — a simple and provably computationally secure cipher with a finite key, in IEEE Int. Symp. Info. Th., Brighton, England, (Abstracts), p. 146, June 24–28, 1985.Google Scholar
  3. [3]
    U.M. Maurer, Conditionally-perfect secrecy and a provably-secure randomized cipher, to appear in Journal of Cryptology, special issue EUROCRYPT’90.Google Scholar
  4. [4]
    U.M. Maurer and J.L. Massey, Local randomness in pseudo-random sequences, to appear in Journal of Cryptology, special issue CRYPTO’89.Google Scholar
  5. [5]
    U.M. Maurer and J.L. Massey, Cascade ciphers: the importance of being first, presented at the 1990 IEEE Int. Symp. Inform. Theory, San Diego, CA, Jan. 14–19, 1990 (submitted to J. of Cryptology).Google Scholar
  6. [6]
    C.E. Shannon, Communication theory of secrecy systems, Bell Syst. Tech. J., vol. 28, pp. 656–715, Oct. 1949.MathSciNetMATHGoogle Scholar
  7. [7]
    G.S. Vernam, Cipher printing telegraph systems for secret wire and radio telegraphic communications, J. American Inst. Elec. Eng., vol. 55, pp. 109–115, 1926.Google Scholar
  8. [8]
    A. Wyner, The wire-tap channel, Bell Systems Technical Journal, vol. 54, no. 8, pp. 1355–1387, Oct. 1975.MathSciNetMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • Ueli M. Maurer
    • 1
  1. 1.Institute for Signal and Information ProcessingSwiss Federal Institute of TechnologyZurich

Personalised recommendations