COMMUNICATION THEORY OF SECRFX'Y SYSTEMS 657 



he represented by a stochastic process which produces a discrete sequence of 

 s)-mbols in accordance with some system of probabilities. Associated with a 

 language there is a certain parameter D which we call the redundancy of 

 the language. D measures, in a sense, how much a text in the language can 

 l)c reduced in length without losing any information. As a simple example, 

 since u always follows q in English words, the u may be omitted without loss. 

 Considerable reductions are possible in English due to the statistical struc- 

 ture of the language, the high frequencies of certain letters or words, etc. 

 Redundancy is of central importance in the study of secrecy systems. 



A secrecy system is defined abstractly as a set of transformations of one 

 space (the set of possible messages) into a second space (the set of possible 

 cryptograms). Each particular transformation of the set corresponds to 

 enciphering with a particular key. The transformations are supposed rever- 

 sible (non-singular) so that unique deciphering is possible when the key 

 is known. 



Each key and therefore each transformation is assumed to have an a 

 priori probability associated with it — the probability of choosing that key. 

 Similarly each possible message is assumed to have an associated a priori 

 probability, determined by the underlying stochastic process. These prob- 

 abilities for the various keys and messages are actually the enemy crypt- 

 analyst's a priori probabilities for the choices in question, and represent his 

 a priori knowledge of the situation. 



To use the system a key is first selected and sent to the receiving point. 

 The choice of a key determines a particular transformation in the set 

 forming the system. Then a message is selected and the particular trans- 

 formation corresponding to the selected key applied to this message to 

 produce a cryptogram. This cryptogram is transmitted to the receiving point 

 by a channel and may be intercepted by the "enemy*." At the receiving 

 end the inverse of the particular transformation is applied to the cryptogram 

 to recover the original message. 



If the enemy intercepts the cryptogram he can calculate from it the 

 a posteriori probabilities of the various possible messages and keys which 

 might have produced this cryptogram. This set of a posteriori probabilities 

 constitutes his knowledge of the key and message after the interception. 

 "Knowledge" is thus identified with a set of propositions having associated 

 probabilities. The calculation of the a posteriori probabilities is the gen- 

 eralized problem of cryptanalysis. 



As an example of these notions, in a simple substitution cipher with ran- 

 dom key there are 26! transformations, corresponding to the 26! ways we 



*The word "enemy," stemming from military applications, is commonly used in cryiv 

 tographic work to denote anyone who may intercept a cryptogram. 



