Re: Confirmation of Shannon's Mistake about Perfect Secrecy of One-time-pad

On 10 31 , 4 03 , hagman <goo...@xxxxxxxxxxxxx> wrote:
On 31 Okt., 04:14, wangyong <hell...@xxxxxxx> wrote:

On 10 31 , 10 04 , William Hughes <wpihug...@xxxxxxxxxxx> wrote:

On Oct 30, 7:50 pm, wangyong <hell...@xxxxxxx> wrote:

On 10 30 , 11 14 , William Hughes <wpihug...@xxxxxxxxxxx> wrote:

[snipped a lot of back-and-forth arguments]





Under this precondition: for a fixed cyphertext the
probability distriution on the keys in unknown.

For a fixed cyphertext the probability of the keys depends
on the probability of the plaintext, which is unknown. So for
a fixed cyphertext the probability distribution on the keys
is unknown.

-------------------you repeat question regardless of my replies.

can you tell me
If so, for a fixed cyphertext , the postior probability of plaintext
=the prior????

Yes. If you make an observation that tells you nothing about
the probability of the plaintext (e.g. the value of the cyphertext)
the posterior probability is equal to the prior probability.

- William Hughes- -

- -

Your precondition is

There is no information about the probability distribution
on the plaintext. Only information about the OTP is used.

-----------------my precondition is only consider cipertext fixed, key
simiarly likey.

in that condition keys and plaintexts are both simiarly likey, but
not unknown.

Yes. If you make an observation that tells you nothing about
the probability of the plaintext (e.g. the value of the cyphertext)
the posterior probability is equal to the prior probability.

---------------------That is not unknown.If so, the the
probability of K is known for the one-to-one corr--- between M and
K.Then you are self-contradictory

In your favourite example of plaintext probabilities
P(M=0) = 0.9 P(M=1) = 0.1
P(K=0) = 0.5 P(K=1) = 0.5
the following events (plaintext,key,cyphertext) occur with
the following probabilities:
(0,0,0) 0.45
(0,1,1) 0.45
(1,0,1) 0.05
(1,1,0) 0.05
Now you insist on using a "fixed" cyphertext.
There are two possibilities for a fixed cyphertext; let's treat
one after the other:
1) C=0:
Note: This cyphertext occurs with probaility 0.45 + 0.05 = 0.5
The conditional probability of plaintext M=0 is 0.45/(0.45+0.05) =
0.9
The conditional probability of key K=0 is 0.45/(0.45+0.05) = 0.9
Just divide "hit probabilities by "allowed" probabilities.
2) C=1:
Note: This cyphertext occurs with probaility 0.45 + 0.05 = 0.5
The conditional probability of plaintext M=0 is 0.45/(0.45+0.05) =
0.9
The conditional probability of key K=0 is 0.05/(0.45+0.05) = 0.1
Just divide "hit probabilities by "allowed" probabilities.

Conclusion: Whatever fixed value of C we observe,
there is no difference between the a-priori and the a-posteriori
probabilities for the plain texts.
We *do* however gain additional information about the key K,
i.e. the a-posteriori probabilities for K differ from the
a-priori probabilities.
And of course we do so: After all, we READ a number o fcharacters
and DO get information. The trick of OTP is to make the
information useless by letting us learn only useless stuff
about the key, not the plaintext.
This knowledge about the key might be helpful in decryptign a message
IF(!!) the key is reused in a different message (or part of the same
message).
Do you know what the letters OT in OTP stand for?

Recall the challenge I posted?
A priori it would have been hard to huess my 1000 digit key
and get significantly more than 500 digits correct.
A posteriori, you can simply guess K=C and will get about
900 digits correct (because of the plaintext distribution).
This does NOT help you in decrypting the message.
The message is still perfectly secure.

hagman- -

- -

In your favourite example of plaintext probabilities
P(M=0) = 0.9 P(M=1) = 0.1
P(K=0) = 0.5 P(K=1) = 0.5
the following events (plaintext,key,cyphertext) occur with
the following probabilities:
(0,0,0) 0.45
(0,1,1) 0.45
(1,0,1) 0.05
(1,1,0) 0.05
Now you insist on using a "fixed" cyphertext.
There are two possibilities for a fixed cyphertext; let's treat
one after the other:
1) C=0:
Note: This cyphertext occurs with probaility 0.45 + 0.05 = 0.5
The conditional probability of plaintext M=0 is 0.45/(0.45+0.05) =
0.9
The conditional probability of key K=0 is 0.45/(0.45+0.05) = 0.9
Just divide "hit probabilities by "allowed" probabilities.
2) C=1:
Note: This cyphertext occurs with probaility 0.45 + 0.05 = 0.5
The conditional probability of plaintext M=0 is 0.45/(0.45+0.05) =
0.9
The conditional probability of key K=0 is 0.05/(0.45+0.05) = 0.1
Just divide "hit probabilities by "allowed" probabilities.
==========================================================================================================================================================================================you
are wrong as same as Shannon and other's proof. you just use the
probability in the case of prior conditions, that is when encryption.
do you ever consider this time what is the probability of K. is the
probability of K insistant with uniform probability.


Conclusion: Whatever fixed value of C we observe,
there is no difference between the a-priori and the a-posteriori
probabilities for the plain texts.

==as analyzed above, you conclusion is under the same precondtion as
encryption , then wrong.
We *do* however gain additional information about the key K,
i.e. the a-posteriori probabilities for K differ from the
a-priori probabilities.
And of course we do so: After all, we READ a number o fcharacters
and DO get information. The trick of OTP is to make the
information useless by letting us learn only useless stuff
about the key, not the plaintext.

-----you do not realize the conditions cann't coexist as we analyzed.

This knowledge about the key might be helpful in decryptign a message
IF(!!) the key is reused in a different message (or part of the same
message).

Do you know what the letters OT in OTP stand for?

=====of course.

Recall the challenge I posted?
A priori it would have been hard to huess my 1000 digit key
and get significantly more than 500 digits correct.
A posteriori, you can simply guess K=C and will get about
900 digits correct (because of the plaintext distribution).
This does NOT help you in decrypting the message.
The message is still perfectly secure.
=====your example is useless to prove OPT perfect.

.

Relevant Pages