Cryptographic security of individual instances

Abstract

There are two principal notions of security for cryptographic systems. For a few systems, they can be proven to have perfect secrecy against an opponent with unlimited computational power, in terms of information theory. However, the security of most systems, including public key cryptosystems, is based on complexity theoretic assumptions. In both cases there is an implicit notion of average-case analysis. In the case of conditional security, the underlying assumption is usually average-case, not worst case hardness. And for unconditional security, entropy itself is an average case notion of encoding length. Kolmogorov complexity (the size of the smallest program that generates a string) is a rigorous measure of the amount of information, or randomness, in an individual string x. By considering the time-bounded Kolmogorov complexity (program limited to run in time t(|x|)) we can take into account the computational difficulty of extracting information. We present a new notion of security based on Kolmogorov complexity. The first goal is to provide a formal definition of what it means for an individual instance to be secure. The second goal is to bridge the gap between information theoretic security, and computational security, by using time-bounded Kolmogorov complexity. In this paper, we lay the groundwork of the study of cryptosystems from the point of view of security of individual instances by considering three types of information-theoretically secure cryptographic systems: cipher systems (such as the one-time pad), threshold secret sharing, and authentication schemes. © 2009 Springer-Verlag Berlin Heidelberg.