2

I have the following question:

Which of the following attackers can be used to demonstrate that the shift cipher for 3-character messages does not satisfy perfect indistinguishability?

Output m0 = 'aaa' and m1 = 'bbb'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.

Output m0 = 'abc' and m1 = 'bcd'. Given challenge ciphertext C, output 1 if the three characters of C are all different.

Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 1 if the three characters of C are all different.

Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.

I assumed it was "Output m0 = 'aaa' and m1 = 'bbb'. Given challenge ciphertext C, output 0 if the first character of C is 'a'." since the shift cipher would be predictable (this is what I think) if the messages had the same characters in a row.

Can anyone explain why it should be : Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 1 if the three characters of C are all different.

Lilz
  • 153
  • 8

1 Answers1

3

I'm assuming that, that attacker produce $m_0$ and $m_1$ and given one of their ciphertext as a challenge.

  1. given $c$, the attacker cannot distinguish whether it is encryption of $m_1$ or $m_2$. Since, he doesn't know the key. He can guess only 1/2 probability. For this attacker, it has perfect indistinguishability.

  2. given $c$, the attacker can distinguish that the plaintext has all characters different. Because the shift cipher's property, $$c = E_k(m_1) \text{ and } c=E_k(m_1) \Leftrightarrow m_1 = m_2$$ and he output $m_0$ and $m_1$ with all different characters.

  3. given $c$, the attacker can distinguish that the plaintext has all characters different. Because the shift cipher's property and and he was output $m_0$ as $aaa$ and $m_1$ as all different characters.

  4. given $c$, the attacker can distinguish that because the attacker output $m_0$ and $m_1$, on advance he knows that first letter is always an $a$

As a result; 2,3, and 4 can be used to demonstrate that the shift cipher for 3-character messages does not satisfy perfect indistinguishability

kelalaka
  • 48,443
  • 11
  • 116
  • 196