On information-theoretic metrics for symmetric-key encryption and privacy

摘要

Most practical security systems do not achieve perfect secrecy, i.e. the information observed by a computationally unbounded eavesdropper is not independent of the plaintext message. Nevertheless, there may still be properties of the plaintext that the eavesdropper cannot reliably infer. In this paper, we build on previous work by the authors and introduce new bounds that are used to quantify how well an adversary can estimate certain functions of the plaintext in the non-perfect secrecy regime. In particular, we present lower bounds for the minimum-mean-squared-error of estimating a target function of the plaintext given that a certain class of functions of the plaintext is known to be hard (or easy) to infer, either by design of the security system or by restrictions imposed on the adversary. We demonstrate how these bounds can be applied to characterize fundamental security properties of symmetric-key encryption schemes. Our results also shed light on the fundamental privacy-utility tradeoff that exists in privacy-preserving systems.