[Cryptography] Unicity distance of Playfair

John Denker jsd at av8n.com
Fri Mar 25 12:21:06 EDT 2016 

On 03/24/2016 02:41 PM, Ray Dillinger wrote:

>  The cipher produces one output letter per input letter.

Not true.

Given N input letters, Playfair produces
M = 2 * ceil(N / 2)
output letters. M is always an even number.

The average M/N converges to 1 in the limit of very long
messages, but that's not the same thing.

============================
Much more importantly, on 03/24/2016 05:38 PM, Ray Dillinger wrote:

> You don't have to know how a particular cipher works to calculate
> the Unicity distance.  Every cipher that has the same key length
> will have the same unicity distance when used to encrypt English.
> So thinking of pairs is strictly a distraction here.

That's categorically wrong in principle.  Among other things,
it is wrong as applied to block ciphers, of which Playfair
is a famous early example.

It might be sometimes kinda sorta useful as an approximation,
but elevating it to a categorical general proposition is just
wrong.

If it were true, there would be no need to talk of both
"diffusion" and "confusion" in the context of a block cipher.

> Using different units will not affect the unicity distance any
> more than the difference between measuring a distance in miles
> or kilometers affects the distance.  I got my answer in letters
> because I worked the problem using bits of information per letter
> to calculate the redundancy of English text.

The more emphatically you state it, the more wrong it is.
Block ciphers exist for a reason.  The first half of the
block serves as an "autokey" for the second half (and vice
versa), which changes the unicity calculation.  The block
size in Playfair is not big enough to make a huge difference,
but it does make a difference ... which I assume was the
point of the original question in this thread.

Block ciphers exist for a reason.  Chaining modes exist for
a reason.  IMHO the reasoning is not as good as people tend
to assume, and people rely far too much on dubious assumptions,
but that's a topic for another day.

============

Here is a particularly simple counterexample, applicable
even in the absence of blocking.  Consider the contrast:

  Cipher #1 represents English using 5-bit Baudot code, 
   and enciphers it character by character, using a 40-bit
   key.  Then the unicity distance is
         U1 = 40 / (5 - 1.5) = 11.43

  Cipher #2 represents English using 8-bit bytes, and 
   enciphers it character by character, again using a 40-bit
   key.  Then the unicity distance is
         U2 = 40 / (8 - 1.5) = 6.15

>  Unicity distance is not a measure of security.

Also not true.  Unicity is not the be-all and end-all, but it
is "a" measure.  In this example, it tells us that cipher #2 is
less secure than cipher #1.  Enciphering those three unused
bits is a Bad Idea.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160325/428bd4f5/attachment.sig>

More information about the cryptography mailing list