ASSIGNMENT - 3

1. Give some examples of cryptographic systems that offer information-theoretic

security.

ANSWER: Information-Theoretic Security in Cryptographic Systems

Concept:

Information-Theoretic Security (also called unconditional security) means:

Even if the attacker has unlimited computing power and infinite time, they still cannot break the encryption
or learn anything about the original message.

 The security does not depend on how hard it is to solve a problem (like factoring large numbers).
 It depends on the fact that, mathematically, there is no information in the ciphertext that helps to
guess the plaintext.

Key Features:

 Security is based on pure information theory.

 The attacker gains zero information from the ciphertext.
 Independent of the attacker's computational power.

Origin:

The concept was first formalized by Claude Shannon (the father of information theory) in1949.
He proved that a system can be unbreakable if it satisfies certain conditions — e.g., the One-Time Pad.

Examples of Information-Theoretic Secure Systems

One-Time Pad (OTP)

This is the classic and most famous example.

How it works:

 The key used is completely random, at least as long as the message, and used only once.
 The plaintext is combined with the key using bitwise XOR operation to generate the ciphertext.

Why it is perfectly secure:

 Each possible plaintext is equally likely, no matter what ciphertext the attacker sees.
 The attacker cannot extract any information from the ciphertext without knowing the key.

Simple Example:

Plaintext H E L L O
ASCII 72 69 76 76 79
Random Key 21 54 12 99 34
XOR Output (Ciphertext) 93 115 64 43 113
  Without the key 21 54 12 99 34, the ciphertext gives zero information.
 Even with infinite computational power, attacker can't guess the original message.

Problems of OTP:

 Key distribution is very difficult.

 Key management becomes impractical for large-scale use.
 If the key is reused, security breaks completely.

Secret Sharing Schemes (Shamir’s Secret Sharing)

 A secret is divided into multiple parts.

 Only a minimum number of parts (threshold) is required to reconstruct the secret.
 If an attacker has less than the threshold, they have no information about the secret.

Example:
A bank vault code is split into 5 parts; any 3 parts can reconstruct it.
An attacker with only 2 parts learns nothing.

Quantum Key Distribution (QKD)

 Uses principles of quantum mechanics.

 Any eavesdropping can be detected automatically.
 If successfully implemented, it provides information-theoretic security.

Example: BB84 protocol — based on Heisenberg's uncertainty principle.

Summary Table
Scheme Security Level Practicality
One-Time Pad Perfect Difficult
Secret Sharing Perfect (partial) Practical in some systems
Quantum Key Distribution Perfect (in theory) High cost, early stage

Comparison with Computational Security

Information-Theoretic Security Computational Security

Perfect security Security depends on computational hardness
Safe even against infinite computing power Safe as long as computers can't solve hard problems
Rarely used in large-scale systems Common in real-world systems (RSA, AES, ECC)
2. Explain how two parties can establish a shared secret key. Describe the Diffie-
Hellman key exchange protocol in detail, and illustrate it with a step-by-step
numerical example.

3. Describe the Advanced Encryption Standard (AES), including its architecture and
key characteristics. Also, demonstrate the AES encryption process for a 128-bit
plaintext block with a detailed example.

ANSWER: you can find this answers in Abhishek Sharma videos lecture that I have
send. You can also see in https://www.geeksforgeeks.org/.
And also all the algorithm that are in your syllabus like in question1 One time Pad also so
you can go through that for better explanation and understanding.

4. What are side-channel attacks? Provide examples of various types of side-channel

attacks and discuss methods to prevent them in cryptographic applications.

Side-Channel Attacks (SCAs)

Side-channel attacks are a type of cryptographic attack where the attacker exploits physical information
leakage from a cryptographic system rather than targeting the mathematical algorithm itself. These leakages
include variations in computation time, power consumption, electromagnetic emissions, sound, or faults
during processing. Even a mathematically strong cryptosystem can be compromised if its physical
implementation leaks sensitive information.

There are several types of side-channel attacks:

1. Timing Attacks: These attacks analyze the time taken to execute cryptographic operations.
Variations in execution time may reveal information about secret keys.
2. Power Analysis Attacks: These involve measuring the power consumption of a device during
cryptographic operations.
o Simple Power Analysis (SPA) observes power traces directly.
o Differential Power Analysis (DPA) uses statistical methods on multiple traces to extract
secret keys.
3. Electromagnetic Attacks: These monitor electromagnetic radiation emitted by the hardware while
performing cryptographic functions to retrieve keys.
4. Acoustic Cryptanalysis: Sound waves generated by hardware components during cryptographic
operations may carry information about processed data.
5. Cache Attacks: These exploit variations in memory access times (cache hits and misses) to infer
secret data.
6. Fault Injection Attacks: By introducing faults (e.g., through voltage glitches or lasers), attackers
analyze faulty outputs to deduce keys.
To prevent side-channel attacks, various countermeasures are employed:

 Use constant-time algorithms to eliminate timing variations.

 Introduce noise and dummy operations to obscure power and timing patterns.
 Implement hardware shielding to block EM emissions.
 Use power balancing techniques in circuit design.
 Apply randomization and blinding techniques to prevent key leakage.
 Deploy tamper-resistant hardware modules like HSMs and TPMs.

Examples of Various Types of Side-Channel Attacks

Type of Side-Channel
Description Example
Attack
Measure the time taken by cryptographic
If an encryption algorithm takes
operations. Different operations may take
Timing Attacks slightly longer for certain key bits,
different amounts of time based on the
attackers can infer the key bit-by-bit.
key or input.
- Simple Power Analysis (SPA):
Directly observe power traces.
Analyze power consumption during
Power Analysis Attacks - Differential Power Analysis
cryptographic computations.
(DPA): Use statistical analysis on
multiple traces to extract keys.
Electromagnetic (EM) Capture electromagnetic radiations EM emissions during smart card
Attacks emitted during computation. encryption can reveal secret keys.
Use sound produced by hardware (like
The noise of a CPU running RSA can
Acoustic Cryptanalysis CPU noise, fan noise) to extract
leak bits of the private key.
information.
Cache Attacks Flush+Reload attack against AES
Exploit the cache access patterns of the
(Microarchitectural implementations running on shared
processor.
Attacks) hardware.
Use high-speed cameras or laser probes to
Laser fault injection to modify
Optical Attacks observe physical changes or interfere with
operations and recover keys.
processing.
DFA (Differential Fault Analysis)
Introduce faults intentionally (e.g. voltage
attacks on RSA or AES recover keys
Fault Injection Attacks glitching, temperature variations) and
by comparing correct and faulty
analyze faulty outputs.
outputs.

Methods to Prevent Side-Channel Attacks

Method Description
Ensure that cryptographic operations always take the same amount of time,
Constant-Time Algorithms
regardless of input or key.
Add random delays or dummy operations to make timing and power analysis
Noise Introduction
more difficult.
Power Balancing Use circuit designs (like dual-rail logic) to equalize power consumption for
Techniques different data.
Physically shield devices to block electromagnetic emissions and filter out
Shielding and Filtering
power fluctuations.
Randomize internal states or keys (blinding techniques) so that repeated
Randomization Techniques
operations don't leak useful patterns.
 Method Description
Use tamper-resistant hardware modules like Hardware Security Modules
Secure Hardware
(HSMs) and Trusted Platform Modules (TPMs).
Regularly change keys to minimize the amount of data leaked for any given
Frequent Key Updates
key.
Monitoring and Intrusion Detect unusual environmental changes or attack attempts (like laser or EM
Detection probes).

ASSIGNMENT - 4

1. Explain the fundamental ideas behind rate-distortion theory in secrecy systems.

How is it applied to optimize secure source encoding? Illustrate with a detailed
example.

Introduction

In information theory, Rate-Distortion Theory (RDT) is a framework that studies how efficiently
information can be compressed when some distortion (loss of quality or accuracy) is allowed in the
reconstruction of the original data. The core idea is to balance compression rate (bits used) and distortion
(quality loss) according to application needs.

In secrecy systems (secure communication), this theory plays a crucial role in optimizing secure source
encoding by jointly considering:

 Compression efficiency
 Security constraints
 Acceptable distortion at the legitimate receiver

This combination is important because secure systems often work under limited bandwidth, power, and
computational resources. Allowing controlled distortion can help achieve security goals while using fewer
resources.

Fundamental Concepts

a) Basic Rate-Distortion Function:

The classic RDT defines the minimum required rate R(D) (in bits per symbol) to encode a source such that
the expected distortion does not exceed D.

Mathematically:
b) Application to Secrecy Systems:

In secrecy systems, RDT is combined with information-theoretic security constraints (like Shannon's
secrecy capacity) to ensure that:

 The authorized receiver can reconstruct within acceptable distortion.

 The eavesdropper learns as little as possible about X, even with access to cipher text.

This leads to secure lossy compression, where compression and secrecy are jointly optimized.

How is it Applied?

In practical secure source encoding:

 The sender compresses the source below its lossless rate, allowing controlled distortion.
 A secret key (or a public key encryption system) is used to further encrypt critical information.
 Even if an eavesdropper intercepts the encoded data, the distortion and lack of key prevent
meaningful recovery.

This reduces the amount of data transmitted while maintaining security and acceptable fidelity at the
receiver.

Benefits:

 Saves bandwidth and storage.

 Reduces computational load for encryption.
 Provides graceful trade-off between security, quality, and compression.

Illustrative Example

Scenario:
A surveillance drone captures high-definition video and transmits it to a control center over a wireless
channel vulnerable to eavesdropping.

 The raw video requires 10 Mbps for lossless transmission.

  Using rate-distortion theory, the video is compressed to 3 Mbps allowing small distortion (e.g., slight
loss in frame detail).
 A secure encryption layer encrypts sensitive parts (e.g., faces, license plates) using a secret key.
 The rest of the data remains distorted, but still useful for authorized users.
 The eavesdropper, even with full access to transmitted data, cannot reconstruct meaningful details
because:
o The overall data is compressed and partially distorted.
o The critical areas are fully encrypted.

Thus, rate-distortion theory allows trading off perfect reconstruction for higher security and better
resource utilization.

Summary

 Rate-distortion theory helps secrecy systems by allowing controlled quality loss.

 It enables efficient secure compression by reducing data size while protecting sensitive information.

 The combined system optimizes security, bandwidth, and computational efficiency.

 Applications include video surveillance, sensor networks, IoT security, secure multimedia
streaming, etc.

2. Discuss the core concepts of distributed channel synthesis. How is this approach
used to enable secure communication in distributed networks? Support your answer
with a detailed example.

Introduction

In modern communication systems, particularly distributed networks (like IoT, wireless sensor networks,
cloud systems), achieving secure communication across multiple nodes is challenging due to:

 Limited trusted infrastructure.

 Unreliable or public channels.
 Presence of multiple eavesdroppers.

Distributed Channel Synthesis (DCS) is a technique from information theory that allows multiple parties
to simulate a communication channel jointly without actual data transmission — enabling secure and
efficient communication.

Core Concepts of Distributed Channel Synthesis

The fundamental idea of Distributed Channel Synthesis is:

 Instead of transmitting real data over insecure channels, the sender and receiver use shared
randomness or correlated randomness to create (synthesize) the output of a virtual communication
channel at both ends.
 The synthesized outputs are statistically indistinguishable from outputs of a real channel.

Main Components:
  Shared Randomness: A pre-established common random source known to both sender and receiver
but unknown to eavesdroppers.
 Channel Simulation: Both ends simulate what would have been received if real data had been sent
through a noisy or secure channel.
 Privacy Amplification: Ensures that any residual information leakage is minimized, securing the
synthesized communication.

Key Information-Theoretic Tools Involved:

 Mutual Information
 Common Information (Wyner’s and Gács-Körner’s common information)
 Coordination capacity
 Strong secrecy constraints

How DCS Enables Secure Communication

In distributed networks:

 Nodes often operate in resource-constrained environments.

 Using DCS, nodes avoid actual data exchange and instead use shared randomness to coordinate
and simulate communication outcomes.
 Since no real data is transmitted, even if a channel is tapped, no meaningful information is leaked.

DCS can:

 Reduce bandwidth usage (as no full payload is sent).

 Increase secrecy (as data never traverses insecure paths).
 Support coordination (nodes synchronize their actions based on the synthesized channel output).

Illustrative Example

Scenario:
Consider a secure IoT system for smart energy management in a building:

 Multiple IoT devices (sensors, controllers, and actuators) coordinate energy usage.
 Devices have pre-shared randomness (e.g., generated during initial setup or via physical unclonable
functions).
 When coordination is required, rather than sending actual measurements, devices independently
generate control signals based on:
o Local data (temperature, load, etc.)
o Shared randomness.
 The control center also uses the same shared randomness to reconstruct what actions the devices are
taking.

Outcome:

 Data Privacy: No raw sensor data is sent, protecting user privacy.

 Security: Eavesdroppers see no useful information, as transmitted data appears random.
 Efficiency: Minimal communication overhead, reducing network congestion and energy
consumption.

Applications of Distributed Channel Synthesis

 Secure distributed control systems.

 Wireless sensor networks.
  Secret key generation.
 Cloud computing coordination.
 Covert communications (hiding communication presence itself).

Summary

 Distributed Channel Synthesis allows simulating secure channels by leveraging shared

randomness.

 It minimizes data transmission, enhances privacy, and ensures security even on insecure physical
channels.

 DCS is especially powerful for distributed networks where trusted infrastructures are minimal or
absent.

3. Define semantic security and explain its importance in evaluating the strength of
cryptographic systems. Provide a detailed explanation with suitable examples.

Definition of Semantic Security

Semantic security is a formal notion of security for encryption systems introduced by Goldwasser and
Micali in 1982. It ensures that an adversary cannot learn any meaningful information about the plaintext
from the ciphertext, even if the adversary knows some prior information about the plaintext.

Formally, an encryption scheme is semantically secure if, for any two plaintexts of the adversary's choice,
the ciphertexts corresponding to those plaintexts are computationally indistinguishable. In other words,
given the ciphertext, an attacker cannot tell whether it corresponds to plaintext M0 or M1, even if both were
chosen by the attacker.

This is often called IND-CPA (Indistinguishability under Chosen Plaintext Attack).

Why Semantic Security is Important

 Strong Confidentiality Guarantee:

Semantic security ensures that even if attackers know some aspects of the plaintext (like structure,
language, or format), they cannot infer any additional information from the ciphertext.
 Real-World Applicability:
In most real-world systems (like emails, secure messaging, online transactions), attackers may
observe multiple ciphertexts and try to analyze them. Semantic security ensures no useful
information leaks.
 Foundation for Stronger Security Models:
Semantic security is often the starting point for stronger security models like IND-CCA
(indistinguishability under chosen ciphertext attacks), which protect against more advanced attacks.

Example to Illustrate Semantic Security

Consider Alice sending encrypted salary data to Bob using an encryption scheme.

 Suppose the plaintexts are:

o M0: "Salary = $50,000"
o M1: "Salary = $70,000"
 The attacker Eve wants to find out whether Bob’s salary is $50,000 or $70,000 by observing the
ciphertext.
  If the encryption scheme is semantically secure, Eve sees ciphertext CCC but cannot deduce whether
it corresponds to M0 or M1 with any advantage better than random guessing (i.e., 50%).
 Even if Eve knows the possible salary values, semantic security ensures that ciphertext reveals no
additional clues.

Non-Semantically Secure Example

 Deterministic encryption like basic RSA without padding:

o Encrypting the same message twice produces the same ciphertext.
o An attacker who observes repeated ciphertexts can infer message repetition.
o This leaks information — thus, not semantically secure.

How Semantic Security is Achieved

 Randomized Encryption:
Each encryption of the same plaintext produces different ciphertexts using randomness.
 Use of Secure Padding Schemes:
o E.g., RSA-OAEP, AES-GCM, which incorporate randomness or nonces.
 Provable Security:
Modern algorithms are mathematically proven to be semantically secure under certain hardness
assumptions (e.g., factoring is hard, discrete logarithm is hard).

Real-World Applications

 Secure messaging (e.g., WhatsApp, Signal)

 SSL/TLS protocols for secure web browsing
 Encrypted databases and cloud storage
 Financial transactions and online banking

Summary

 Semantic security ensures no meaningful information leaks from ciphertext.

 It is essential for any practical cryptographic system.
 Modern encryption protocols are designed to meet semantic security under realistic attack models.

4. Describe rate-distortion theory as it applies to secrecy systems. Explain in detail how

it helps optimize secure source coding.

Introduction to Rate-Distortion Theory

Rate-Distortion Theory (RDT) is a branch of information theory developed by Claude Shannon. It

addresses the problem of how much data (rate) is required to encode a source while allowing a certain level
of distortion (loss of information). This is useful in lossy compression systems, where perfect reconstruction
of data is not necessary.

The central goal is to find the minimum rate R(D) required to transmit data such that the expected
distortion does not exceed a threshold D.

The basic rate-distortion function is given by:

Application of Rate-Distortion Theory in Secrecy Systems

In secrecy systems, secure source coding needs to satisfy both:

 Compression Efficiency: Reduce the amount of data transmitted.

 Security: Prevent unauthorized users from learning useful information.

By integrating RDT into secrecy systems:

 We allow controlled distortion in the transmitted data.

 The legitimate receiver, who has additional decoding information (e.g., secret keys or side
information), can reconstruct the source within acceptable distortion limits.
 An unauthorized receiver (eavesdropper) sees highly distorted data, making it useless.

Thus, rate-distortion theory provides a flexible trade-off between compression, fidelity, and security.

How Rate-Distortion Helps Optimize Secure Source Coding

 Efficient Bandwidth Usage:

Compress data to minimal size without sacrificing critical information needed for the intended
receiver.
 Enhanced Security:
Even if an eavesdropper intercepts the message, controlled distortion ensures they get little or no
useful information.
 Graceful Degradation:
Instead of a full loss of security when keys are compromised, rate-distortion adds another layer
where unauthorized parties still see incomplete or degraded data.
 Resource Optimization:
Especially in resource-constrained environments like IoT, wireless sensor networks, or military
applications, rate-distortion helps balance security and communication costs.

Illustrative Example

Imagine a secure video surveillance system:

 A high-definition video stream is captured and needs to be sent securely.

 Using rate-distortion theory, the video is compressed to reduce bandwidth, allowing slight distortion
(e.g., minor loss of image sharpness).
 Sensitive regions (like faces or license plates) are fully encrypted.
 The authorized receiver, using the decryption key, reconstructs the video with acceptable quality.
  An eavesdropper, even if intercepting the transmission, receives a partially distorted and encrypted
video, making critical information inaccessible.

This joint application of compression and encryption ensures both efficiency and security.

Summary

 Rate-distortion theory allows secrecy systems to balance data rate, distortion, and security.
 It enables efficient secure source coding by compressing data with controlled information loss
while protecting sensitive data from eavesdroppers.
 Applications include multimedia streaming, IoT security, cloud storage, and military communication.

5. What is the difference between strong secrecy and weak secrecy? Give examples of
cryptographic methods that provide partial secrecy.

Introduction

In cryptographic and information-theoretic security, secrecy refers to how well information is protected from
an eavesdropper. Two important levels of secrecy are:

 Weak Secrecy
 Strong Secrecy

Both concepts are used to analyze the level of confidentiality achieved in secure communication systems,
especially in information-theoretic secrecy models (where security doesn’t rely on computational hardness
assumptions).

Weak Secrecy (Asymptotic or Shannon Secrecy)

 Definition:
A system achieves weak secrecy if the information leakage per bit approaches zero as the block
length n becomes large.

Formally:

 Interpretation:
The eavesdropper gains negligible information per bit as the message length increases. However,
small total leakage may still exist for finite nnn.
  Limitation:
For small block lengths, some information might still leak.
 Example:
Wyner’s wiretap channel model often achieves weak secrecy.

Strong Secrecy

 Definition:
A system achieves strong secrecy if the total mutual information between the message and the
eavesdropper’s observation approaches zero.

Formally:

 Interpretation:
Regardless of message length, the eavesdropper obtains virtually no information about the message.
 Advantage:
Stronger protection against all types of passive eavesdropping, even for finite block lengths.
 Example:
o One-Time Pad (OTP): Provides perfect secrecy, which is stronger than strong secrecy.
o Modern key agreement protocols (with privacy amplification) aim for strong secrecy.

Key Differences Between Strong and Weak Secrecy

Aspect Weak Secrecy Strong Secrecy

Leakage Vanishes per bit Vanishes totally

Security Level Lower Higher

Practical Use Wiretap channels Cryptographic protocols

Suitability Asymptotic analysis Finite and practical systems

Partial Secrecy (Examples of Cryptographic Methods)

Partial secrecy refers to systems that do not offer full secrecy but still limit information leakage. Some
examples include:

 Deterministic Encryption without Randomization:

Leaks patterns in ciphertext when plaintext repeats.
 Block Ciphers in ECB Mode:
Repeats identical ciphertext for identical plaintext blocks, leaking information about data patterns.
 Watermarking and Steganography:
Hide information within other data but may still leak partial information under analysis.
  Key Exchange with Short Keys:
Small key sizes may protect against casual attacks but remain vulnerable to brute force.
 Side-Channel Secure Systems:
Cryptosystems that are secure under standard models but may leak partial information via side-
channels (power, timing, EM emissions).

Summary

 Weak secrecy minimizes leakage per bit, but may leak some total information.
 Strong secrecy ensures almost zero total leakage.
 Partial secrecy systems leak some information but may still offer practical protection depending on
the threat model.

For truly secure communication, strong secrecy or perfect secrecy (like One-Time Pad) is desired, but
often difficult to achieve practically. Hence, designers balance between strong secrecy, performance, and
complexity.

6. Explain how side information at the receiver’s end contributes to secure

communication systems.

Introduction

 In many secure communication scenarios, the receiver may have access to side information —
additional knowledge correlated with the transmitted message. This side information can
significantly improve both:

 Decoding efficiency
 Security level against eavesdroppers

Side information may come from:

 Prior knowledge
 Contextual data
 Correlated observations
 Shared randomness or keys

In information-theoretic terms, such systems are often modeled using Slepian-Wolf coding, Wyner-Ziv
coding, and Shannon’s secrecy models.

How Side Information Enhances Secure Communication

a) Improved Decoding with Lower Communication Rate

 With side information, the legitimate receiver doesn’t need the full message to recover the source
data.
 The sender can transmit compressed information, knowing the receiver will combine it with side
information to reconstruct the full message.
 This reduces bandwidth requirements and increases efficiency.
b) Enhanced Secrecy Against Eavesdroppers

 If the eavesdropper lacks the side information, they cannot correctly reconstruct the message even if
they intercept the transmission.
 This introduces an asymmetry between the receiver and the eavesdropper, enhancing
confidentiality.

c) Keyless Security or Reduced Key Length

 In some cases, side information can replace or reduce the need for shared secret keys.
 Secure compression schemes like Wyner-Ziv coding for secrecy use side information at the
decoder to maintain privacy.

Information-Theoretic Background

 Let:
o X: Source message
o Y: Side information at receiver
o Z: Eavesdropper’s observation
 Slepian-Wolf Theorem:
Allows lossless compression with side information at the receiver.
 Wyner’s Wiretap Channel:
Achieves secrecy capacity by exploiting the channel difference between legitimate receiver and
eavesdropper.
 Secrecy Capacity (Cs):

The secrecy capacity increases when the legitimate receiver’s side information provides more knowledge
than the eavesdropper’s.

Practical Example

Secure Cloud Storage System:

 A user stores encrypted files in the cloud.

 The user’s device retains metadata or file hashes (side information).
 During retrieval, the device combines downloaded (possibly compressed or partially encrypted) data
with side information to reconstruct the full file.
 An eavesdropper, lacking metadata, cannot correctly reconstruct files from intercepted data.
Applications

 Distributed storage systems

 Multimedia streaming with personalized decoding
 IoT and sensor networks
 Cooperative wireless networks
 Content distribution with DRM (Digital Rights Management)

Summary

 Side information at the receiver helps reduce communication rate while maintaining reliability.
 It enhances security by making it difficult for eavesdroppers without side information to reconstruct
messages.
 Modern secure systems leverage side information for efficient, robust, and secure data transmission.