## Some Mathematics and a bit of Logic

**"In Principio erat Verbum and after that we invented numbers."**

Our contact email:wandeethaweetham@gmail.com

**Uncertainty - Entropy:**

When Shannon discussed with a friend the problem which word he
should choose for 'uncertainty' in the paper he was going to publish, his friend advised him to use 'entropy' since *nobody anyway knew the meaning*. The absence of information would give the entropy of a
system system or the increase in information would reduce entropy (uncertainty). The expression or term entropy is borrowed from thermodynamics where it is used to describe
disorder and providing a numerical measure for the state of disorder. For example, if we take five cards containing on their faces the numbers one to five and
shuffle them very well and place them face down on a desk and ask an observer to give us the value number three (card) contains, the probability that the observer gets it
right will be 1/5. We can repeat that process as often as we want but the probability
for an observer doesn't change. Entropy will always as it highest and the sequence of the cards on the desk doesn't matter because predictability or randomness
for the observer doesn't change. If we turn one card around we have reduced entropy and randomness for the observer.

_____________

The operation of a stream cipher in mathematical terms can be
shown by designating *X, Y, Z* as plaintext alphabet (*X*), ciphertext alphabet (*Y*) and the key-stream alphabet as (*Z*).
We define *K* as the key space and *S* as the internal state space. Our plaintext symbol becomes *
xi*, the ciphertext symbol*
yi* and key-steam symbol as *
zi*
and the internal state as *i*.
*F* will be the next state function and
*f* the output function that gives us *k Є K*.

The resulting key-stream (*sequence*) is
{*zi* = *f*
(*k, s**i* ) : *i* ≥ 1}, with the internal state being the same all
the time. Here let us recall what we said about the permutation cipher; that a single character encrypted (using the English alphabet) by mapping plaintext alphabet
against ciphertext alphabet always provides a cipher character that offers a 1/26
probability when trying to guess the plaintext character. By using one unique permutation for each single plaintext character we ensure that ℓ = 1 (*length*) and
that the internal state always matches *i* ≥ 1. The encryption process in the OTP achieves the same by relying on the human operator and here too we find
*i* ≥ 1. The operator always matches a plaintext character with a randomly selected key character (*next state function - F*) and uses modular
arithmetic to achieve *k = c* (*output function - f*) leading to the equation that c = k ⊕ m. As in the permutation cipher, which uses the plaintext
as next state function - F -, the OTP uses human intervention to fulfil that function. But what is important is the fact that in both encryption methods a key is
always selected from a full set of a ciphertext alphabet (*26 characters in the English language language - see Image 1, page 2 - the_one_time_pad.html*)
; otherwise he would fall short of the definition coined by Claude Shannon when describing the operation of the OTP. To comply with the first condition requested by the OTP (** the key
must be truly random**) the operator picks the key character and in that moment randomisation takes place.

_____________

Now let's take a look at the system we suggest. We know that
we have a stream cipher based on permutations that change during the encryption process. We know the mathematics applied when using a stream cipher (*see above*)
. We know that the * next state function* -

*F*in the OTP is invoked by the actions of a human operator to ensure that entropy and randomness are maintained to grant perfect secrecy; in our system plaintext and randomised strings (

*permutations*) fulfil that function. The IV exchanged between sender and recipient is build around two strings of a modified ASCII set. An adversary would not know the length of these two strings or the modifications in the character sets. The options we have are to extend the ASCII strings above the length of 256; reduce the length if we don't use plaintext that uses the complete ASC set or we can leave it at a length of 256. The important point is that an adversary gains no knowledge of the length of these two ASCII strings. Without having knowledge of the length of the two strings a brute-force attack (

*meaning testing all possible permutations*) on the ciphers will fail. The reason is a simple one, since mathematically it wouldn't be possible to go through all possible permutations. The length of our ASCII strings would always be defined by

*with*

**n***being any natural number. One of the comments we received was:*

**n***The pre-shared key. Just like a traditional OTP, your system is symmetrical and requires a pre-shared key. With a normal OTP, this key is equal or greater to the size of the plaintext so it cannot be brute-forced (or rather, brute-forcing would result in every possible result). In your system it is not necessary for the key to be as large as the plaintext. No matter how good your permutation cipher is, it does open up the possibility of brute-forcing. I can't say exactly how this would work, but brute-forcing goes from mathematically impossible to mathematically possible. Even if it would take longer than the age of the universe to compute, it looks like it would still be theoretically possible.*

Three short answers in reply to the comment. 1) We don't have a pre-shared key but our two ASCII strings are IVs (

*initialisation values*) that combined with the plaintext create the key during encryption. 2) The cipher we create will also reflect the length of the key (

*our key is mapped from plaintext alphabet to ciphertext alphabet*) since each single plaintext character is encrypted by matching it with a cipher character - plaintext character, key and cipher character always have the same length. 3) If it takes longer than the age of the universe to compute, it will be theoretically and practically impossible to compute. Brute-force means going through all possible combinations and if the universe comes to an end so comes computing, and not being sarcastic yet, mathematics too; at least logic should tell us that.

Here let us take a short look at the mathematics involved an adversary would face when applying a brute-force attack. An adversary not knowing the length of our two strings would have for a starter to choose

*(*

**n***length for each string*), which might not be the length we selected (

*and that will be the most likely scenario*). If,

*for the sake of argument let us assume we haven't increased the size of our strings*, the length of both strings contains 256 characters, an adversary would face for each string P256! permutations which he would need to check. (

*) An adversary would have to check the first permutation of*

**P256! = 8.5781777534284265411908227168123e+506***string number one*against all P256! permutations of

*string number two*and that process would need to be repeated with all permutations string one holds. This on its own would require a tremendous amount of computing power and time (Professor Keith Martin - Will superfast 'quantum' computers mean the end of unbreakable encryption?) But this is not the end of the story as readers might conclude that have read our PDF file. There we explained that the ASCII extended set contains control characters (

*control of peripherals*), which we might replace with characters that are used during our encryption. An adversary without knowledge about the amount of characters we have replaced would also have to test all possible permutations. For example let us assume we have replaced one control character with the letter

**A**. Certainly will the change have an impact on the encryption process (

*depending on the length of our plaintext and the length of our exchanged IV strings*). But the more important point is the fact that changing one character created a new string and each of the P256! permutations will not match any of the permutations in the unaltered string. Let's assume now that the pool of characters we could replace is 12 (

*there are more control characters that could be replaced*) and the pool of available characters to replace them with is about 100 (

*that would cover the English alphabet, numbers, punctuation marks etc.*) the amount of possible permutations becomes astronomical. We have still not reached the end of our story since the length of our two IV strings isn't bound to be 256 but could be less or more. String one for example could have a length of 256+

**n**and

**n**could be 1, 100 or any rational number. We would have to repeat the same procedure mentioned above to break our cipher. In doing so an adversary would end up with all possible solutions and that would not only include text but images, media files etc, which leads us to the last part. Here we will take a look what other options an adversary has to break our cipher.

_____________

### Some personal thoughts

_____________

### Page Selection

Copyright (c) 2014/2017 - Wandee Thaweetham, Chanthaburi, Thailand - Last update 10th January 2017