由于网络考试要考,所以最近在看密码学的东西。先在IBM的技术网站上找到一个翻译过来的系列文章,非常全面,不用我自己去整理了。奇怪的是我是从google搜索到这个网址的,但是在ibm的网站里搜索同样标题却没有搜到,而且右侧的列表里只到part6,而google搜出来的还有part7,太诡异了。
原文地址

为什么one time pad加密是perfect的?这篇文章解释了原因
http://world.std.com/~franl/crypto/one-time-pad.html
关键的一段如下,其中举的例子很直接了当

Why Are One-Time Pads Perfectly Secure?

If the key is truly random, an xor-based one-time pad is perfectly secure against ciphertext-only cryptanalysis. This means an attacker can't compute the plaintext from the ciphertext without knowlege of the key, even via a brute force search of the space of all keys! Trying all possible keys doesn't help you at all, because all possible plaintexts are equally likely decryptions of the ciphertext.

This result is true regardless of how few bits the key has or how much you know about the structure of the plaintext. To see this, suppose you intercept a very small, 8-bit, ciphertext. You know it is either the ASCII character 'S' or the ASCII character 'A' encrypted with a one-time pad. You also know that if it's 'S', the enemy will attack by sea, and if it's 'A', the enemy will attack by air. That's a lot to know. All you are missing is the key, a silly little 8-bit one-time pad.

You assign your crack staff of cryptanalysts to try all 256 8-bit one-time pads. This is a brute force search of the keyspace.

The results of the brute force search of the keyspace is that your staff finds one 8-bit key that decrypts the ciphertext to 'S' and one that decrypts it to 'A'. And you still don't know which one is the actual plaintext.

This argument is easilly generalized to keys (and plaintexts) of arbitrary length.

ps:一边看书,一边google,效率非常高

Posted on 2004-11-09 11:27  Frankel  阅读(745)  评论(0编辑  收藏  举报