Essay: Communication Theory of Secrecy Systems
Scope and model
Claude Shannon recasts cryptography as a special case of communication theory. A secrecy system is a stochastic mapping from messages to ciphertext under control of a secret key. The message source is statistical and typically redundant; the key is chosen at random; the cryptanalyst observes ciphertext produced by a public encryption rule. Using the same entropy and mutual information measures that underlie noisy-channel coding, Shannon defines the fundamental quantities of secrecy: the equivocation of the message given the ciphertext and the equivocation of the key given the ciphertext. The aim is to design enciphering transformations so that the ciphertext discloses as little information as possible about either the message or the key.
Perfect secrecy and the one-time pad
Shannon’s central definition is perfect secrecy: observing the ciphertext does not change the a priori probabilities of the messages. In modern terms, the mutual information between message and ciphertext is zero. He proves necessary and sufficient conditions for perfect secrecy over finite alphabets: the key must be at least as unpredictable as the message ensemble, keys must be used only once, and the encryption must map each plaintext to ciphertexts with equal likelihood when averaged over keys. He shows that the one-time pad satisfies these conditions when the key is a random sequence at least as long as the message and never reused. Any departure from these requirements, biased keys, insufficient key length, or reuse, destroys perfect secrecy by introducing statistical dependencies exploitable by an adversary.
Redundancy, equivocation, and unicity distance
Because natural language is highly redundant, ciphertext tends to carry side information about the plaintext structure. Shannon quantifies redundancy as the gap between the maximum entropy of the alphabet and the actual per-symbol entropy of the source. This redundancy governs how fast uncertainty about the key and message disappears as more ciphertext is observed. He introduces the unicity distance: the approximate ciphertext length at which the expected number of spurious keys compatible with the ciphertext falls to about one. It is roughly the key entropy divided by the redundancy per character. Below this length, many keys can explain the data; above it, only the true key is likely to remain. Equivocation curves formalize this: as ciphertext grows, H(key | ciphertext) and H(message | ciphertext) typically decrease toward zero for practical systems, though they need not do so monotonically.
Practical ciphers: product constructions, confusion, and diffusion
Most classical ciphers are not perfectly secret but can be strengthened by compounding simple operations. Shannon analyzes substitution and transposition and shows that alternating them multiplies their effects. He coins two design principles: diffusion spreads the statistical structure of the plaintext over many ciphertext symbols, reducing the impact of any single plaintext letter; confusion makes the relationship between ciphertext and key as intricate as possible, obscuring how key changes affect output. Product ciphers that achieve strong diffusion and confusion can force cryptanalysis to rely on long texts or auxiliary information, raising the unicity distance even if perfect secrecy is unattainable.
Implications for cryptanalysis and system design
Shannon frames cryptanalysis as an inference problem: the adversary reduces uncertainty by exploiting redundancy, language models, and any known plaintext. Known-plaintext data lowers key equivocation rapidly and often linearly with its length; systems must therefore avoid key reuse and limit the amount of text encrypted under a single key. He highlights two broad strategies for defenders: reduce source redundancy before encryption (compression), and inject truly random keying to simulate noise. The paper establishes that secrecy can be treated with the same rigor as reliability in communications, yielding absolute limits like perfect secrecy and operational tradeoffs like unicity distance that guide the design of practical ciphers.
Claude Shannon recasts cryptography as a special case of communication theory. A secrecy system is a stochastic mapping from messages to ciphertext under control of a secret key. The message source is statistical and typically redundant; the key is chosen at random; the cryptanalyst observes ciphertext produced by a public encryption rule. Using the same entropy and mutual information measures that underlie noisy-channel coding, Shannon defines the fundamental quantities of secrecy: the equivocation of the message given the ciphertext and the equivocation of the key given the ciphertext. The aim is to design enciphering transformations so that the ciphertext discloses as little information as possible about either the message or the key.
Perfect secrecy and the one-time pad
Shannon’s central definition is perfect secrecy: observing the ciphertext does not change the a priori probabilities of the messages. In modern terms, the mutual information between message and ciphertext is zero. He proves necessary and sufficient conditions for perfect secrecy over finite alphabets: the key must be at least as unpredictable as the message ensemble, keys must be used only once, and the encryption must map each plaintext to ciphertexts with equal likelihood when averaged over keys. He shows that the one-time pad satisfies these conditions when the key is a random sequence at least as long as the message and never reused. Any departure from these requirements, biased keys, insufficient key length, or reuse, destroys perfect secrecy by introducing statistical dependencies exploitable by an adversary.
Redundancy, equivocation, and unicity distance
Because natural language is highly redundant, ciphertext tends to carry side information about the plaintext structure. Shannon quantifies redundancy as the gap between the maximum entropy of the alphabet and the actual per-symbol entropy of the source. This redundancy governs how fast uncertainty about the key and message disappears as more ciphertext is observed. He introduces the unicity distance: the approximate ciphertext length at which the expected number of spurious keys compatible with the ciphertext falls to about one. It is roughly the key entropy divided by the redundancy per character. Below this length, many keys can explain the data; above it, only the true key is likely to remain. Equivocation curves formalize this: as ciphertext grows, H(key | ciphertext) and H(message | ciphertext) typically decrease toward zero for practical systems, though they need not do so monotonically.
Practical ciphers: product constructions, confusion, and diffusion
Most classical ciphers are not perfectly secret but can be strengthened by compounding simple operations. Shannon analyzes substitution and transposition and shows that alternating them multiplies their effects. He coins two design principles: diffusion spreads the statistical structure of the plaintext over many ciphertext symbols, reducing the impact of any single plaintext letter; confusion makes the relationship between ciphertext and key as intricate as possible, obscuring how key changes affect output. Product ciphers that achieve strong diffusion and confusion can force cryptanalysis to rely on long texts or auxiliary information, raising the unicity distance even if perfect secrecy is unattainable.
Implications for cryptanalysis and system design
Shannon frames cryptanalysis as an inference problem: the adversary reduces uncertainty by exploiting redundancy, language models, and any known plaintext. Known-plaintext data lowers key equivocation rapidly and often linearly with its length; systems must therefore avoid key reuse and limit the amount of text encrypted under a single key. He highlights two broad strategies for defenders: reduce source redundancy before encryption (compression), and inject truly random keying to simulate noise. The paper establishes that secrecy can be treated with the same rigor as reliability in communications, yielding absolute limits like perfect secrecy and operational tradeoffs like unicity distance that guide the design of practical ciphers.
Communication Theory of Secrecy Systems
Paper applying information-theoretic methods to cryptography: formalizes secrecy systems, analyzes cipher entropy and unicity distance, and discusses theoretical limits of secure communication (including the one-time pad concept).
- Publication Year: 1949
- Type: Essay
- Genre: Cryptography, Information theory
- Language: en
- View all works by Claude Shannon on Amazon
Author: Claude Shannon
More about Claude Shannon
- Occup.: Mathematician
- From: USA
- Other works:
- A Symbolic Analysis of Relay and Switching Circuits (1937 Non-fiction)
- An Algebra for Theoretical Genetics (1940 Non-fiction)
- A Mathematical Theory of Communication (1948 Essay)
- The Mathematical Theory of Communication (1949 Book)
- Programming a Computer for Playing Chess (1950 Essay)
- Prediction and Entropy of Printed English (1951 Essay)
- The Bandwagon (1956 Essay)
- The Zero Error Capacity of a Noisy Channel (1956 Essay)