Shannon impossibility, revisited

Yevgeniy Dodis

doi:10.1007/978-3-642-32284-6_6

Shannon impossibility, revisited

Yevgeniy Dodis

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this note we revisit the famous result of Shannon [Sha49] stating that any encryption scheme with perfect security against computationally unbounded attackers must have a secret key as long as the message. This result motivated the introduction of modern encryption schemes, which are secure only against a computationally bounded attacker, and allow some small (negligible) advantage to such an attacker. It is a well known folklore that both such relaxations - limiting the power of the attacker and allowing for some small advantage - are necessary to overcome Shannon's result. To our surprise, we could not find a clean and well documented proof of this folklore belief. (In fact, two proofs are required, each showing that only one of the two relaxations above is not sufficient.) Most proofs we saw either made some limiting assumptions (e.g., encryption is deterministic), or proved a much more complicated statement (e.g., beating Shannon's bound implies the existence of one-way functions [IL89].)

Original language	English (US)
Title of host publication	Information Theoretic Security - 6th International Conference, ICITS 2012, Proceedings
Pages	100-110
Number of pages	11
DOIs	https://doi.org/10.1007/978-3-642-32284-6_6
State	Published - 2012
Event	6th International Conference on Information Theoretic Security, ICITS 2012 - Montreal, QC, Canada Duration: Aug 15 2012 → Aug 17 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7412 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	6th International Conference on Information Theoretic Security, ICITS 2012
Country/Territory	Canada
City	Montreal, QC
Period	8/15/12 → 8/17/12

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-642-32284-6_6

Cite this

Shannon impossibility, revisited. / Dodis, Yevgeniy.
Information Theoretic Security - 6th International Conference, ICITS 2012, Proceedings. 2012. p. 100-110 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7412 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Dodis, Y 2012, Shannon impossibility, revisited. in Information Theoretic Security - 6th International Conference, ICITS 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7412 LNCS, pp. 100-110, 6th International Conference on Information Theoretic Security, ICITS 2012, Montreal, QC, Canada, 8/15/12. https://doi.org/10.1007/978-3-642-32284-6_6

@inproceedings{b2bce0504e884513bab3d4b43b5ed499,

title = "Shannon impossibility, revisited",

abstract = "In this note we revisit the famous result of Shannon [Sha49] stating that any encryption scheme with perfect security against computationally unbounded attackers must have a secret key as long as the message. This result motivated the introduction of modern encryption schemes, which are secure only against a computationally bounded attacker, and allow some small (negligible) advantage to such an attacker. It is a well known folklore that both such relaxations - limiting the power of the attacker and allowing for some small advantage - are necessary to overcome Shannon's result. To our surprise, we could not find a clean and well documented proof of this folklore belief. (In fact, two proofs are required, each showing that only one of the two relaxations above is not sufficient.) Most proofs we saw either made some limiting assumptions (e.g., encryption is deterministic), or proved a much more complicated statement (e.g., beating Shannon's bound implies the existence of one-way functions [IL89].)",

author = "Yevgeniy Dodis",

year = "2012",

doi = "10.1007/978-3-642-32284-6_6",

language = "English (US)",

isbn = "9783642322839",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "100--110",

booktitle = "Information Theoretic Security - 6th International Conference, ICITS 2012, Proceedings",

}

TY - GEN

T1 - Shannon impossibility, revisited

AU - Dodis, Yevgeniy

PY - 2012

Y1 - 2012

N2 - In this note we revisit the famous result of Shannon [Sha49] stating that any encryption scheme with perfect security against computationally unbounded attackers must have a secret key as long as the message. This result motivated the introduction of modern encryption schemes, which are secure only against a computationally bounded attacker, and allow some small (negligible) advantage to such an attacker. It is a well known folklore that both such relaxations - limiting the power of the attacker and allowing for some small advantage - are necessary to overcome Shannon's result. To our surprise, we could not find a clean and well documented proof of this folklore belief. (In fact, two proofs are required, each showing that only one of the two relaxations above is not sufficient.) Most proofs we saw either made some limiting assumptions (e.g., encryption is deterministic), or proved a much more complicated statement (e.g., beating Shannon's bound implies the existence of one-way functions [IL89].)

AB - In this note we revisit the famous result of Shannon [Sha49] stating that any encryption scheme with perfect security against computationally unbounded attackers must have a secret key as long as the message. This result motivated the introduction of modern encryption schemes, which are secure only against a computationally bounded attacker, and allow some small (negligible) advantage to such an attacker. It is a well known folklore that both such relaxations - limiting the power of the attacker and allowing for some small advantage - are necessary to overcome Shannon's result. To our surprise, we could not find a clean and well documented proof of this folklore belief. (In fact, two proofs are required, each showing that only one of the two relaxations above is not sufficient.) Most proofs we saw either made some limiting assumptions (e.g., encryption is deterministic), or proved a much more complicated statement (e.g., beating Shannon's bound implies the existence of one-way functions [IL89].)

UR - http://www.scopus.com/inward/record.url?scp=84865034944&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84865034944&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-32284-6_6

DO - 10.1007/978-3-642-32284-6_6

M3 - Conference contribution

AN - SCOPUS:84865034944

SN - 9783642322839

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 100

EP - 110

BT - Information Theoretic Security - 6th International Conference, ICITS 2012, Proceedings

T2 - 6th International Conference on Information Theoretic Security, ICITS 2012

Y2 - 15 August 2012 through 17 August 2012

ER -

Shannon impossibility, revisited

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this