Guesswork and Variation Distance as Measures of Cipher Security

  • John O. Pliam
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1758)


Absolute lower limits to the cost of cryptanalytic attacks are quantified, via a theory of guesswork. Conditional guesswork naturally expresses limits to known and chosen plaintext attacks. New inequalities are derived between various forms of guesswork and variation distance. The machinery thus offers a new technique for establishing the security of a cipher: When the work-factor of the optimal known or chosen plaintext attack against a cipher is bounded below by a prohibitively large number, then no practical attack against the cipher can succeed. As an example, we apply the technique to iterated cryptosystems, as the Markov property which results from an independent subkey assumption makes them particularly amenable to analysis.


Variation Distance Block Cipher Provable Security Plaintext Attack Codeword Length 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    David J. Aldous and Persi Diaconis. Shuffling cards and stopping times. Amer. Math. Monthly, 93:333–348, 1986.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Eli Biham and Adi Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer-Verlag, New York, 1993.zbMATHGoogle Scholar
  3. 3.
    Christian Cachin. Entropy Measures and Unconditional Security in Cryptography. PhD thesis, ETH Zürich, 1997.Google Scholar
  4. 4.
    Thomas M. Cover and Joy A. Thomas. Elements of Information Theory. John Wiley & Sons, New York, 1991.zbMATHGoogle Scholar
  5. 5.
    Persi Diaconis. Group Representations in Probability and Statistics. Institute of Mathematical Statistics, Hayward, CA, 1988.zbMATHGoogle Scholar
  6. 6.
    John D. Dixon and Brian Mortimer. Permutation Groups. Springer-Verlag, New York, 1996.zbMATHGoogle Scholar
  7. 7.
    William Fulton and Joe Harris. Representation Theory: A First Course. Springer-Verlag, New York, 1991.zbMATHGoogle Scholar
  8. 8.
    G. R. Grimmett and D. R. Stirzaker. Probability and Random Processes. Oxford University Press, Oxford, 2nd edition, 1992.Google Scholar
  9. 9.
    Xuejia Lai, James L. Massey, and Sean Murphy. Markov ciphers and differentical cryptanalysis. In D. W. Davies, editor, Advances in Cryptology-EUROCRYPT’ 91, pages 17–38, Berlin, 1991. Springer-Verlag.Google Scholar
  10. 10.
    M. O. Lorenz. Methods of measuring concentration of wealth. J. Amer. Statist. Assoc., 9:209–219, 1905.Google Scholar
  11. 11.
    Michael Luby and Charles Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM Jour. Comput., 75(2), 1988.Google Scholar
  12. 12.
    Albert W. Marshall and Ingram Olkin. Inequalities: Theory of Majorization and Its Applications. Academic Press, San Diego, 1979.zbMATHGoogle Scholar
  13. 13.
    James L. Massey. Guessing and entropy. Proc. 1994 IEEE Int’l Symp. on Information Theory, page 204, 1994.Google Scholar
  14. 14.
    Alec Muffett. Crack Version 5.0a User Manual. URL:
  15. 15.
    Moni Naor and Omer Reingold. On the construction of pseudorandom permutations: Luby-Rackoff revisited. Journal of Cryptology, 12:29–66, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Kaisa Nyberg and Lars Ramkilde Knudsen. Provable security against a differential attack. Journal of Cryptology, 8:27–37, 1995.zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Luke O’Connor and Jovan Dj. Golić. A unified Markov approach to differential and linear cryptanalysis. In Josef Pieprzyk and Reihanah Safavi-Naini, editors, Advances in Cryptology-ASIACRYPT’ 94, pages 387–397, New York, 1994. Springer-Verlag.Google Scholar
  18. 18.
    John O. Pliam. Ciphers and their Products: Group Theory in Private Key Cryptography. PhD thesis, University of Minnesota, July 1999.Google Scholar
  19. 19.
    Joseph J. Rotman. An Introduction to the Theory of Groups. Wm. C. Brown, Dubuque, IA, 3rd edition, 1988.Google Scholar
  20. 20.
    Claude E. Shannon. Communication theory of secrecy systems. Bell System Tech. Jour., 28:656–715, 1949.MathSciNetGoogle Scholar
  21. 21.
    Serge Vaudenay. Provable security for block ciphers by decorrelation. In STACS’ 98, pages 249–275, Berlin, 1998. Springer-Verlag.Google Scholar
  22. 22.
    Serge Vaudenay. The decorrelation technique, 1999. URL:
  23. 23.
    Ralph Wernsdorf. The one-round functions of DES generate the alternating group. In R.A. Reuppel, editor, Advances in Cryptology-EUROCRYPT’ 92, pages 99–112, Berlin, 1993. Springer-Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • John O. Pliam
    • 1
  1. 1.Department of Control Science & Dynamical SystemsUniversity of MinnesotaMinneapolisUSA

Personalised recommendations