Divergence Bounds on Key Equivocation and Error Probability in Cryptanalysis

  • Johan van Tilburg
  • Dick E. Boekee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 218)

0. Abstract

A general method, based on the f-divergence (Csiszar) is presented to obtain divergence bounds on error probability and key equivocation. The method presented here is applicable for discrete data as well as for continuous data. As a special case of the f-divergence it is shown that the upper bound on key equivocation derived by Blom is of the Bhattacharyya type. For a pure cipher model using a discrete memoryless message source a recursive formula is derived for the error probability. A generalization of the β-unicity distance is given, from which it is shown why the key equivocation is a poor measure of theoretical security in many cases, and why lower bounds on error probability must be considered instead of upper bounds. Finally the concept of unicity distance is generalized in terms of the error probability and is called the PeSecurity Distance.


  1. [1]
    C.E. Shannon, Communication theory of secrecy systems, Bell Syst. Tech. J. 28, pp. 656–715, (1948).MathSciNetGoogle Scholar
  2. [2]
    H. Jürgensen and D.E. Matthews, Some results on the information theoretic analysis of cryptosystems, Proc. of CRYPTO’83, Santa Barbara, California, August 1983, pp. 303–356.Google Scholar
  3. [3]
    M.E. Hellman, An extension of the Shannon Theory Approach to Cryptography, IEEE Trans. Inform. Theory IT-23, pp. 289–294 (1977).CrossRefMathSciNetGoogle Scholar
  4. [4]
    R. Blom, Bounds on Key Equivocation for Simple Substitution Ciphers, IEEE Trans. Inform. Theory IT-25, pp. 8–18 (1979).CrossRefMathSciNetGoogle Scholar
  5. [5]
    R. Blom, An Upper Bound on the Key Equivocation for Pure Ciphers, IEEE Trans. Inform. Theory IT-30, pp. 82–84 (1984).CrossRefGoogle Scholar
  6. [6]
    J.G. Dunham, Bounds on Message Equivocation for Simple Substitution Ciphers, IEEE Trans. Inform. Theory IT-26, pp. 522–527 (1980).CrossRefMathSciNetGoogle Scholar
  7. [7]
    A. Sgarro, Error Probabilities for Simple Substitution Ciphers, IEEE Trans. Inform. Theory IT-29, pp. 190–198 (1983).CrossRefMathSciNetGoogle Scholar
  8. [8]
    S.C. Lu, The Existence of Good Cryptosystems for Key Rates Greater than the Message Redundancy, IEEE Trans. Inform. Theory IT-25, pp. 475–477 (1979).Google Scholar
  9. [9]
    L. Kanal, Patterns in pattern recognition: 1968–1974, IEEE Trans. Inform. Theory IT-20, pp. 697–722 (1974).CrossRefMathSciNetGoogle Scholar
  10. [10]
    C.H. Chen, Statistical pattern recognition, Hayden Book Co., Rochelle Park, New Jersey (1973).Google Scholar
  11. [11]
    I. Csiszar, Information-type measures of difference of probability distributions and indirect observations, Stud. Sci. Math. Hungary. 2, pp. 299–318 (1967).zbMATHMathSciNetGoogle Scholar
  12. [12]
    D.E. Boekee and J. van Tilburg, Bounds on the Bayesian Error Probability using Concave Functions, to appear.Google Scholar
  13. [13]
    D.E. Boekee and J.C. Ruitenbeek, A Class of Lower Bounds on the Bayesian Probability of Error, Information Sciences 25, pp. 21–35, (1981).zbMATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    D.E. Boekee and J.C.A. van der Lubbe, Some Aspects of Error Bounds in Feature Selection, Pattern recognition, Vol. 11, pp. 353–360 (1979).zbMATHCrossRefMathSciNetGoogle Scholar
  15. [15]
    T. Ito, Approximate Error Bounds in Pattern Recognition, Machine Intelligence, Vol. 7, pp. 369–376, Edinburgh Univ. Press (1972).zbMATHGoogle Scholar
  16. [16]
    R. Blom, On Pure Ciphers, Internal. Rep. LiTH-ISY-I-0286, Linköping University, Sweden (1979).Google Scholar
  17. [17]
    V.A. Kovalevsky, On the Criteria for the Information Content of a System of Features, In: Image Pattern Recognition, pp. 67–90, (1980).Google Scholar
  18. [18]
    J. van Tilburg, Decisions and Selections based on the Bayesian Error Probability with Shannon Information, Certainty and f-divergence, Thesis, Delft Univ. of Techn. (1984, in Dutch).Google Scholar
  19. [19]
    C.H. Meyer and S.M. Matyas, Cryptography: a new dimension in computer data security, Wiley, NY (1982).zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1986

Authors and Affiliations

  • Johan van Tilburg
    • 1
  • Dick E. Boekee
    • 1
  1. 1.Department of Electrical Engineering Information Theory GroupDelft University of TechnologyDelftThe Netherlands

Personalised recommendations