Now we're ready to define what a perfect cipher is
and to see why the one-time pad satisfies this property.
The notion that we want a perfect cipher to mean
is that if an attacker intercepts a message they receive the cipher text
that provides them with no additional information at all about what the plain text was.
We have a message. It's being encrypted with a key.
The attacker is intercepting that cipher text as it's sent over the insecure channel.
What we want to know is that an attacker who sees just the cipher text
learns nothing about the message.
If you followed the definition of conditional probability,
you should be able to decide how to define that formally.
We'll make that a quiz.
The question is which of these is the property that we want in order for a cipher to be perfect?
That is, to have this property that the cipher text reveals no information about the plain text.
I'm going to introduce some notation.
Our message is selected from the set of all possible messages.
We have some other message we'll call m, also selected from M.
We don't know if M is equal to m.
Both of these we could think of being drawn from the set of messages.
We have some key drawn from the set of possible keys.
For this quiz your goal is to understand how we can formally define what a perfect cipher is.
This is the scenario: we have an attacker whose heard of cipher text.
We want to know that by hearing just the cipher text the attacker has learned
nothing new about the message.
We've introduced some notation here.
We have a set of possible messages--the uppercase M.
We can select lowercase message m. Those are both messages selected from M.
The attacker's goal would be to tell is the intercepted cipher text the same as message m.
That's the attacker's guess.
We have encryption using some key selected from the set of all possible keys.
We don't know what the key is. Here are the possible choices.
