5 research outputs found
Centralized vs Decentralized Multi-Agent Guesswork
We study a notion of guesswork, where multiple agents intend to launch a
coordinated brute-force attack to find a single binary secret string, and each
agent has access to side information generated through either a BEC or a BSC.
The average number of trials required to find the secret string grows
exponentially with the length of the string, and the rate of the growth is
called the guesswork exponent. We compute the guesswork exponent for several
multi-agent attacks. We show that a multi-agent attack reduces the guesswork
exponent compared to a single agent, even when the agents do not exchange
information to coordinate their attack, and try to individually guess the
secret string using a predetermined scheme in a decentralized fashion. Further,
we show that the guesswork exponent of two agents who do coordinate their
attack is strictly smaller than that of any finite number of agents
individually performing decentralized guesswork.Comment: Accepted at IEEE International Symposium on Information Theory (ISIT)
201
Brute force searching, the typical set and Guesswork
Abstract—Consider the situation where a word is chosen probabilistically from a finite list. If an attacker knows the list and can inquire about each word in turn, then selecting the word via the uniform distribution maximizes the attacker’s difficulty, its Guesswork, in identifying the chosen word. It is tempting to use this property in cryptanalysis of computationally secure ciphers by assuming coded words are drawn from a source’s typical set and so, for all intents and purposes, uniformly distributed within it. By applying recent results on Guesswork, for i.i.d. sources it is this equipartition ansatz that we investigate here. In particular, we demonstrate that the expected Guesswork for a source conditioned to create words in the typical set grows, with word length, at a lower exponential rate than that of the uniform approximation, suggesting use of the approximation is ill-advised. I
Guesswork
The security of systems is often predicated on a user or application selecting an object, a password
or key, from a large list. If an inquisitor wishing to identify the object in order to gain access to a
system can only query each possibility, one at a time, then the number of guesses they must make in
order to identify the selected object is likely to be large. If the object is selected uniformly at random
using, for example, a cryptographically secure pseudo-random number generator, then the analysis of
the distribution of the number of guesses that the inquisitor must make is trivial.
If the object has not been selected perfectly uniformly, but with a distribution that is known to the
inquisitor, then the quantification of security is relatively involved. This thesis contains contributions
to the study of this subject, dubbed Guesswork, motivated both by fundamental investigations into
computational security as well as modern applications in secure storage and communication.
This thesis begins with two introductory chapters. One describes existing results in Guesswork and
summarizes the contributions found in the thesis. The other recapitulates some of the mathematical
tools that are employed in the thesis. The other five chapters of contain new contributions to our
understanding of Guesswork, much of which has already experienced peer review and been published.
The chapters themselves are designed to be self-contained and so readable in isolation
An Overview of Cryptography (Updated Version, 3 March 2016)
There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations.
A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998
Guesswork
The security of systems is often predicated on a user or application selecting an object, a password
or key, from a large list. If an inquisitor wishing to identify the object in order to gain access to a
system can only query each possibility, one at a time, then the number of guesses they must make in
order to identify the selected object is likely to be large. If the object is selected uniformly at random
using, for example, a cryptographically secure pseudo-random number generator, then the analysis of
the distribution of the number of guesses that the inquisitor must make is trivial.
If the object has not been selected perfectly uniformly, but with a distribution that is known to the
inquisitor, then the quantification of security is relatively involved. This thesis contains contributions
to the study of this subject, dubbed Guesswork, motivated both by fundamental investigations into
computational security as well as modern applications in secure storage and communication.
This thesis begins with two introductory chapters. One describes existing results in Guesswork and
summarizes the contributions found in the thesis. The other recapitulates some of the mathematical
tools that are employed in the thesis. The other five chapters of contain new contributions to our
understanding of Guesswork, much of which has already experienced peer review and been published.
The chapters themselves are designed to be self-contained and so readable in isolation