Brute force searching, the typical set and Guesswork
This work addresses a potential flaw in cryptanalysis methods for computationally secure ciphers, highlighting an incremental refinement in understanding attacker difficulty.
The paper investigates the assumption that words from a typical set are uniformly distributed for cryptanalysis, showing that the expected Guesswork for i.i.d. sources conditioned on the typical set grows at a lower exponential rate than the uniform approximation, indicating the approximation is unreliable.
Consider the situation where a word is chosen probabilistically from a finite list. If an attacker knows the list and can inquire about each word in turn, then selecting the word via the uniform distribution maximizes the attacker's difficulty, its Guesswork, in identifying the chosen word. It is tempting to use this property in cryptanalysis of computationally secure ciphers by assuming coded words are drawn from a source's typical set and so, for all intents and purposes, uniformly distributed within it. By applying recent results on Guesswork, for i.i.d. sources it is this equipartition ansatz that we investigate here. In particular, we demonstrate that the expected Guesswork for a source conditioned to create words in the typical set grows, with word length, at a lower exponential rate than that of the uniform approximation, suggesting use of the approximation is ill-advised.