Communication Theory of Secrecy Systems by C. E. Shanon
http://www. socialresearchmethods. net/kb/sampaper. php Communication Theory of Secrecy Systems? By C. E. SHANNON 1 INTRODUCTION AND SUMMARY The problems of cryptography and secrecy systems furnish an interesting application of communication theory1. In this paper a theory of secrecy systems is developed. The approach is on a theoretical level and is intended to complement the treatment found in standard works on cryptography2. There, a detailed study is made of the many standard types of codes and ciphers, and of the ways of breaking them.
We will be more concerned with the general mathematical structure and properties of secrecy systems. The treatment is limited in certain ways. First, there are three general types of secrecy system: (1) concealment systems, including such methods as invisible ink, concealing a message in an innocent text, or in a fake covering cryptogram, or other methods in which the existence of the message is concealed from the enemy; (2) privacy systems, for example speech inversion, in which special equipment is required to recover the message; (3) “true” secrecy systems where the meaning of the message is concealed by cipher, code, etc. although its existence is not hidden, and the enemy is assumed to have any special equipment necessary to intercept and record the transmitted signal. We consider only the third type—concealment system are primarily a psychological problem and privacy systems a technological one. Secondly, the treatment is limited to the case of discrete information where the message to be enciphered consists of a sequence of discrete symbols, each chosen from a finite set. These symbols may be letters in a language, words of a language, amplitude levels of a “quantized” speech or video signal, etc. but the main emphasis and thinking has been concerned with the case of letters. The paper is divided into three parts. The main results will now be briefly summarized. The first part deals with the basic mathematical structure of secrecy systems. As in communication theory a language is considered to be represented by a stochastic process which produces a discrete sequence of ? The material in this paper appeared in a confidential report “A Mathematical Theory of Cryptography” dated Sept. 1, 1946, which has now been declassified. 1 Shannon, C. E. “A Mathematical Theory of Communication,” Bell System Technical Journal, July 1948, p. 623. 2 See, for example, H. F. Gaines, “Elementary Cryptanalysis,” or M. Givierge, “Cours de Cryptographie. ” symbols in accordance with some system of probabilities. Associated with a language there is a certain parameter D which we call the redundancy of the language. D measures, in a sense, how much a text in the language can be reduced in length without losing any information. As a simple example, since u always follows q in English words, the u may be omitted without loss.
Considerable reductions are possible in English due to the statistical structure of the language, the high frequencies of certain letters or words, etc. Redundancy is of central importance in the study of secrecy systems. A secrecy system is defined abstractly as a set of transformations of one space (the set of possible messages) into a second space (the set of possible cryptograms). Each particular transformation of the set corresponds to enciphering with a particular key. The transformations are supposed reversible (non-singular) so that unique deciphering is possible when the key is known.
Each key and therefore each transformation is assumed to have an a priori probability associated with it—the probability of choosing that key. Similarly each possible message is assumed to have an associated a priori probability, determined by the underlying stochastic process. These probabilities for the various keys and messages are actually the enemy cryptanalyst’s a priori probabilities for the choices in question, and represent his a priori knowledge of the situation. To use the system a key is first selected and sent to the receiving point. The choice of a key determines a particular transformation in the set forming the system.
Then a message is selected and the particular transformation corresponding to the selected key applied to this message to produce a cryptogram. This cryptogram is transmitted to the receiving point by a channel and may be intercepted by the “enemy? ” At the receiving end the inverse of the particular transformation is applied to the cryptogram to recover the original message. If the enemy intercepts the cryptogram he can calculate from it the a posteriori probabilities of the various possible messages and keys which might have produced this cryptogram.
This set of a posteriori probabilities constitutes his knowledge of the key and message after the interception. “Knowledge” is thus identified with a set of propositions having associated probabilities. The calculation of the a posteriori probabilities is the generalized problem of cryptanalysis. As an example of these notions, in a simple substitution cipher with random key there are 26! transformations, corresponding to the 26! ways we can substitute for 26 different letters. These are all equally likely and each therefore has an a priori probability 1 26! . If this is applied to “normal English” The word “enemy,” stemming from military applications, is commonly used in cryptographic work to denote anyone who may intercept a cryptogram. 657 the cryptanalyst being assumed to have no knowledge of the message source other than that it is producing English text, the a priori probabilities of various messages of N letters are merely their relative frequencies in normal English text. If the enemy intercepts N letters of cryptograms in this system his probabilities change. If N is large enough (say 50 letters) there is usually a single message of a posteriori probability nearly unity, while all others ave a total probability nearly zero. Thus there is an essentially unique “solution” to the cryptogram. For N smaller (say N = 15) there will usually be many messages and keys of comparable probability, with no single one nearly unity. In this case there are multiple “solutions” to the cryptogram. Considering a secrecy system to be represented in this way, as a set of transformations of one set of elements into another, there are two natural combining operations which produce a third system from two given systems.
The first combining operation is called the product operation and corresponds to enciphering the message with the first secrecy system R and enciphering the resulting cryptogram with the second system S, the keys for R and S being chosen independently. This total operation is a secrecy system whose transformations consist of all the products (in the usual sense of products of transformations) of transformations in S with transformations in R. The probabilities are the products of the probabilities for the two transformations.
The second combining operation is “weighted addition. ” T = pR + qS p + q = 1 It corresponds to making a preliminary choice as to whether system R or S is to be used with probabilities p and q, respectively. When this is done R or S is used as originally defined. It is shown that secrecy systems with these two combining operations form essentially a “linear associative algebra” with a unit element, an algebraic variety that has been extensively studied by mathematicians.
Among the many possible secrecy systems there is one type with many special properties. This type we call a “pure” system. A system is pure if all keys are equally likely and if for any three transformations Ti; Tj; Tk in the set the product TiT?????? 1 j Tk is also a transformation in the set. That is, enciphering, deciphering, and enciphering with any three keys must be equivalent to enciphering with some key. With a pure cipher it is shown that all keys are essentially equivalent— they all lead to the same set of a posteriori probabilities.
Furthermore, when 658 a given cryptogram is intercepted there is a set of messages that might have produced this cryptogram (a “residue class”) and the a posteriori probabilities of message in this class are proportional to the a priori probabilities. All the information the enemy has obtained by intercepting the cryptogram is a specification of the residue class. Many of the common ciphers are pure systems, including simple substitution with random key. In this case the residue class consists of all messages with the same pattern of letter repetitions as the intercepted cryptogram.
Two systems R and S are defined to be “similar” if there exists a fixed transformation A with an inverse, A?????? 1, such that R = AS: If R and S are similar, a one-to-one correspondence between the resulting cryptograms can be set up leading to the same a posteriori probabilities. The two systems are cryptanalytically the same. The second part of the paper deals with the problem of “theoretical secrecy”. How secure is a system against cryptanalysis when the enemy has unlimited time and manpower available for the analysis of intercepted cryptograms?
The problem is closely related to questions of communication in the presence of noise, and the concepts of entropy and equivocation developed for the communication problem find a direct application in this part of cryptography. “Perfect Secrecy” is defined by requiring of a system that after a cryptogram is intercepted by the enemy the a posteriori probabilities of this cryptogram representing various messages be identically the same as the a priori probabilities of the same messages before the interception. It is shown that perfect secrecy is possible but requires, if the number of messages is finite, the same number of possible keys.
If the message is thought of as being constantly generated at a given “rate” R (to be defined later), key must be generated at the same or a greater rate. If a secrecy system with a finite key is used, and N letters of cryptogram intercepted, there will be, for the enemy, a certain set of messages with certain probabilities that this cryptogram could represent. As N increases the field usually narrows down until eventually there is a unique “solution” to the cryptogram; one message with probability essentially unity while all others are practically zero.
A quantity H(N) is defined, called the equivocation, which measures in a statistical way how near the average cryptogram of N letters is to a unique solution; that is, how uncertain the enemy is of the original message after intercepting a cryptogram of N letters. Various properties of the equivocation are deduced—for example, the equivocation of the key never increases with increasing N. This equivocation is a theoretical secrecy 659 index—theoretical in that it allows the enemy unlimited time to analyse the cryptogram. The function H(N) for a certain idealized type of cipher called the random cipher is determined.
With certain modifications this function can be applied to many cases of practical interest. This gives a way of calculating approximately how much intercepted material is required to obtain a solution to a secrecy system. It appears from this analysis that with ordinary languages and the usual types of ciphers (not codes) this “unicity distance” is approximately H(K) D . Here H(K) is a number measuring the “size” of the key space. If all keys are a priori equally likely H(K) is the logarithm of the number of possible keys.
D is the redundancy of the language and measures the amount of “statistical constraint” imposed by the language. In simple substitution with random key H(K) is log 1026! or about 20 and D (in decimal digits per letter) is about :7 for English. Thus unicity occurs at about 30 letters. It is possible to construct secrecy systems with a finite key for certain “languages” in which the equivocation does not approach zero as N! 1. In this case, no matter how much material is intercepted, the enemy still does not obtain a unique solution to the cipher but is left with many alternatives, all of reasonable probability.
Such systems we call ideal systems. It is possible in any language to approximate such behavior—i. e. , to make the approach to zero of H(N) recede out to arbitrarily large N. However, such systems have a number of drawbacks, such as complexity and sensitivity to errors in transmission of the cryptogram. The third part of the paper is concerned with “practical secrecy”. Two systems with the same key size may both be uniquely solvable when N letters have been intercepted, but differ greatly in the amount of labor required to effect this solution.
An analysis of the basic weaknesses of secrecy systems is made. This leads to methods for constructing systems which will require a large amount of work to solve. Finally, a certain incompatibility among the various desirable qualities of secrecy systems is discussed. Inquiring Thinking Abstract This paper has three main objectives. First, it examines five inquiring systems drawn from the western philosophical perspective which can be used in the design professions, such as architecture, engineering and urban planning.
Second, it illustrates through hypothetical examples, how to use inquiring systems for decision-making using statistical analysis and/or the Delphi Method, based on the inquiry systems derived from the philosophies of Leibniz, Locke, Kant, Hegel, and Singer. And third, it demonstrates and discusses the appropriateness of using each of these systems of inquiry. It is concluded that designers can effectively utilize these systems of inquiry for decision making while dealing with projects ranging from the most benign to the highly complex.
Key words : Decision Making; Delphi Method; Engineering Management; Expert Knowledge; Inquiring Systems Stress In The Workplace Abstract This paper will address the subject of stress in today's workplace and the resulting adverse health affects by identifying the health problems associated with untreated stress, indicators of stress, the sources of stress within organizations, the stress involved with organizational change, and interventions available to combat the adverse affects of stress.
Unhealthy or unproductive stress levels must be addressed in any organization in order for businesses to survive and grow while simultaneously maintaining an acceptable level of employee satisfaction. Long-Term Contracts For Natural Gas Abstract In this paper, we analyze the determinants of contract duration in a large number of natural gas contracts. We test the impact of different institutional and structural variables on the duration of contracts. We find that in general, contract duration decreases as the market structure of the industry develops from monopolistic to more competitive regimes.
Our main finding is that contracts that are linked to an asset-specific investment are on average 7 years longer than the others; however, their duration decreases with liberalization as well. Keywords: long-term contracts, asset-specificity, natural gas Anger and emotion ABSTRACT: A series of surveys on the everyday experience of anger is described, and a sample of data from these surveys is used to address a number of issues related to the social bases of anger. These issues include the connection between anger and aggression; he targets, instigations, and consequences of typical episodes of anger; the differences between anger and annoyance; and possible sex differences in the experience and/or expression of anger. In a larger sense, however, the primary focus of the paper is not on anger and aggression. Rather, anger is used as a paradigm case to explore a number of issues in the study of emotion, including the advantages and limitations of laboratory research, the use of self-reports, the proper unit of analysis for the study of emotion, the relationship between human and animal emotion, and he authenticity of socially constituted emotional responses. The Effects of a Supported Employment Program on Psychosocial Indicators for Persons with Severe Mental Illness William M. K. Trochim Cornell University Abstract This paper describes the psychosocial effects of a program of supported employment (SE) for persons with severe mental illness. The SE program involves extended individualized supported employment for clients through a Mobile Job Support Worker (MJSW) who maintains contact with the client after job placement and supports the client in a variety of ways.
A 50% simple random sample was taken of all persons who entered the Thresholds Agency between 3/1/93 and 2/28/95 and who met study criteria. The resulting 484 cases were randomly assigned to either the SE condition (treatment group) or the usual protocol (control group) which consisted of life skills training and employment in an in-house sheltered workshop setting. All participants were measured at intake and at 3 months after beginning employment, on two measures of psychological functioning (the BPRS and GAS) and two measures of self esteem (RSE and ESE).
Significant treatment effects were found on all four measures, but they were in the opposite direction from what was hypothesized. Instead of functioning better and having more self esteem, persons in SE had lower functioning levels and lower self esteem. The most likely explanation is that people who work in low-paying service jobs in real world settings generally do not like them and experience significant job stress, whether they have severe mental illness or not. The implications for theory in psychosocial rehabilitation are considered. Abstract Example Tan, A. , Fujioka, Y. and Tan G. 2000). Television use, stereotypes of African Americans and opinions on Affirmative Action: An affective model of policy reasoning. Communication Monographs, 67 (4) 362-371. Policy reasoning has been a source of research for many years, because the political arena is such a strong determinant of the way our society functions. Many works have emerged on why people take the sides they do when deciding on political issues. However, Tan, Fujioka & Tan believed political reasoning has not been explored as effectively as possible because of the heuristic models utilized to analyze this behavior.
They believed that the most heuristic models don't incorporate media as a variable in affecting policy reasoning. In order to explore this further, they looked at "the power of the model to explain how citizens make up their minds regarding government policies on affirmative action, with stereotypes of African Americans as the second stage, affective variable" (p. 362). This abstract outlines the findings of their research by analyzing, section by section, the process they used to conduct their research and results.