Centralized vs Decentralized Multi-Agent Guesswork

We study a notion of guesswork, where multiple agents intend to launch a coordinated brute-force attack to find a single binary secret string, and each agent has access to side information generated through either a BEC or a BSC. The average number of trials required to find the secret string grows exponentially with the length of the string, and the rate of the growth is called the guesswork exponent. We compute the guesswork exponent for several multi-agent attacks. We show that a multi-agent attack reduces the guesswork exponent compared to a single agent, even when the agents do not exchange information to coordinate their attack, and try to individually guess the secret string using a predetermined scheme in a decentralized fashion. Further, we show that the guesswork exponent of two agents who do coordinate their attack is strictly smaller than that of any finite number of agents individually performing decentralized guesswork.Comment: Accepted at IEEE International Symposium on Information Theory (ISIT) 201

Brute force searching, the typical set and Guesswork

Abstract—Consider the situation where a word is chosen probabilistically from a finite list. If an attacker knows the list and can inquire about each word in turn, then selecting the word via the uniform distribution maximizes the attacker’s difficulty, its Guesswork, in identifying the chosen word. It is tempting to use this property in cryptanalysis of computationally secure ciphers by assuming coded words are drawn from a source’s typical set and so, for all intents and purposes, uniformly distributed within it. By applying recent results on Guesswork, for i.i.d. sources it is this equipartition ansatz that we investigate here. In particular, we demonstrate that the expected Guesswork for a source conditioned to create words in the typical set grows, with word length, at a lower exponential rate than that of the uniform approximation, suggesting use of the approximation is ill-advised. I

Guesswork

The security of systems is often predicated on a user or application selecting an object, a password or key, from a large list. If an inquisitor wishing to identify the object in order to gain access to a system can only query each possibility, one at a time, then the number of guesses they must make in order to identify the selected object is likely to be large. If the object is selected uniformly at random using, for example, a cryptographically secure pseudo-random number generator, then the analysis of the distribution of the number of guesses that the inquisitor must make is trivial. If the object has not been selected perfectly uniformly, but with a distribution that is known to the inquisitor, then the quantification of security is relatively involved. This thesis contains contributions to the study of this subject, dubbed Guesswork, motivated both by fundamental investigations into computational security as well as modern applications in secure storage and communication. This thesis begins with two introductory chapters. One describes existing results in Guesswork and summarizes the contributions found in the thesis. The other recapitulates some of the mathematical tools that are employed in the thesis. The other five chapters of contain new contributions to our understanding of Guesswork, much of which has already experienced peer review and been published. The chapters themselves are designed to be self-contained and so readable in isolation

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998

Guesswork

The security of systems is often predicated on a user or application selecting an object, a password or key, from a large list. If an inquisitor wishing to identify the object in order to gain access to a system can only query each possibility, one at a time, then the number of guesses they must make in order to identify the selected object is likely to be large. If the object is selected uniformly at random using, for example, a cryptographically secure pseudo-random number generator, then the analysis of the distribution of the number of guesses that the inquisitor must make is trivial. If the object has not been selected perfectly uniformly, but with a distribution that is known to the inquisitor, then the quantification of security is relatively involved. This thesis contains contributions to the study of this subject, dubbed Guesswork, motivated both by fundamental investigations into computational security as well as modern applications in secure storage and communication. This thesis begins with two introductory chapters. One describes existing results in Guesswork and summarizes the contributions found in the thesis. The other recapitulates some of the mathematical tools that are employed in the thesis. The other five chapters of contain new contributions to our understanding of Guesswork, much of which has already experienced peer review and been published. The chapters themselves are designed to be self-contained and so readable in isolation