One-Time-Pad is information theoretically secure as long as the random number st

Question

One-Time-Pad is information theoretically secure as long as the random number stream is evenly long or longer than the data stream it encrypts, for a "decyphered" message could have been any message with the same length as the given with the same probabillity. Does the same apply to symmetric ciphers, too?

For instance if I have 1024 bits to encrypt, break it into chunks 128 bits and encrypt it with AES-128, each with a different (assume: true) random key, will that be information theoretically secure just as OTP? Or would a hypothecial prime factorization algorithm (let's assume it would be as quick as the encryption function) impact the (theoretical) security?

In other words: Does using a symmetric encryption algorithm (such as AES) lower the probabillity of a ciphertext being originated from a specific plaintext even if the used key has "OTP-length" and is completely unknown?

Explanation / Answer

AFAIK, no one has proven that AES on a single 128-bit block with a true-random 128-bit key does not provide information theoretic security (such a proof would probably be the end of AES as it would demonstrate a weakness). OTOH, no one has proven that it does. I suppose it is possible that it does, but such a proof is likely to be extremely difficult. Just look at the simplicity of the ciphers which do provide information theoretic security. The simplicity of the cipher is part of what made it possible to prove. Therefore, due to the lack of a proof showing such a high level of security, and the perceived difficulty of formalizing such a proof, I'm going to have to say the answer is no.

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.