We use encryption technologies to keep
our secret data safe and secure. But, there are a number of pitfalls
associated with this.

We take a secret plaintext message and
encrypt it using a strong secret encryption key to generate the
ciphertext. The purpose is, an adversary should not be able to
retrieve the secret plaintext message from the ciphertext, provided
he does not know the secret key. But, no modern encryption algorithm
is absolutely secure. Many a times attackers manage to extract
meaningful information about the plaintext message from the
ciphertext. Entropic Security is a security definition which is used
to indicate how difficult it is for an attacker to extract meaningful
information about the plaintext from the ciphertext when he does not
know the secret key.

**What is Entropy ?**

In cryptography, a cryptosystem is said
to be

**semantically secure**if it is computationally infeasible for an attacker to extract any knowledge of the plaintext based on the ciphertext and its length.
Some encryption schemes, such as RSA
without encryption padding and many block ciphers used in Electroninc
Codebook or ECB more or with a constant initialization vector cannot
be called semantically secure. They always produce the same
ciphertext for a given plaintext and key, even over separate
executions of the encryption algorithm. So, an attacker can use this
knowledge to do some statistical analysis on the ciphertext and gain
much knowledge on the plaintext.

**Entropic security**of an encryption scheme is similar to semantic security when the message spaces have highly entropic distribution. In other words, an encryption is said to be entropically secure if it is computationally infeasible for an adversary to extract any information about the plaintext from the corresponding ciphertext.

In Information Theory, an

**entropy**is a measure of unpredictability of information content in a message. In other words, it is the expected value of the information contained in each message. Randomness is a measure of uncertainty in an outcome and thus is applied to the concept of information entropy.**Entropy and Modern Cryptosystems**

Modern cryptosystems rely heavily on
randomly generated keys. We randomly generate a secret key and
encrypt secret data using that key.

For example, in SSL communications, we
generate a very large random number and utilize that to encrypt the
communication. These random keys are generated based on specific
information from some predefined sources. From some specific sources,
entropy is collected and then it is utilized to generate the random
keys. And, that is how entropy, randomness and modern cryptosystems
are related to each other.

**How is entropy generated**

There are a number of ways entropy is
generated and collected in a modern system. A number of them are
mentioned below :

- Linux kernel generates entropy from keyboard timings, mouse movements and IDE timings and make the random data available through the special files /dev/random and /dev/urandom.
- Some software packages use userspace processes to gather random characters and utilize them.
- Modern CPUs and hardware often use integrated generators to create high quality and high speed entropy and rovide that to the Operating System through /dev/hw_random.
- Some companies manufacture entropy generation devices to generate high quality entropy in an efficient manner.
- One can even collect entropy of a system from the computer's microphone or by building a sensor to measure the air turbulence inside a disk drive or even from webcams.

This article gives the basic
information on entropy and how it is related to modern cryptosystems.
Hope you enjoyed this.

## No comments:

## Post a Comment