cn]f}fr\n'.i'rfox tiieory or si'ARrx v .svsTi':.]rs 663 



even when an entirely new system is devised, so that the enemy cannot 

 assign any a priori probability to it without discovering it himself, 

 one must still live with the expectation of his eventual knowledge. 



The situation is similar to that occurring in the theory of games* where it 

 is assumed that the opponent "finds out" the strategy of play being used. 

 In both cases the assumption serves to delineate sharply the opponent's 

 knowledge. 



A second possible objection to our definition of secrecy systems is that no 

 account is taken of the common practice of inserting nulls in a message and 

 the use of multiple substitutes. In such cases there is not a unique crypto- 

 gram for a given message and key, but the encipherer can choose at will 

 from among a number of different cryptograms. This situation could be 

 handled, but would only add complexity at the present stage, without sub- 

 stantially altering any of the basic results. 



If the messages are produced by a MarkofT process of the type described 

 in (') to represent an information source, the probabilities of various mes- 

 sages are determined by the structure of the Markoflf process. For the present, 

 however, we wish to take a more general view of the situation and regard 

 the messages as merely an abstract set of entities with associated prob- 

 abilities, not necessarily composed of a sequence of letters and not neces- 

 sarily produced by a Markoff process. 



It should be emphasized that throughout the paper a secrecy system 

 means not one, but a set of many transformations. After the key is chosen 

 only one of these transformations is used and one might be led from this to 

 define a secrecy system as a single transformation on a language. The 

 enemy, however, does not know what key was chosen and the "might have 

 been" keys are as important for him as the actual one. Indeed it is only the 

 existence of these other possibilities that gives the system any secrecy. 

 Since the secrecy is our primary interest, we are forced to the rather elabor- 

 ate concept of a secrecy system defined above. This type of situation, where 

 possibilities are as important as actualities, occurs frequently in games of 

 strategy. The course of a chess game is largely controlled by threats which 

 are not carried out. Somewhat similar is the "virtual existence" of unrealized 

 imputations in the theory of games. 



It may be noted that a single operation on a language forms a degenerate 

 type of secrecy system under our definition — a system with only one key of 

 unit probability. Such a system has no secrecy — the cryi)tanalyst finds the 

 message by applying the inverse of this transformation, the only one in the 

 system, to the intercepted cryptogram. The decipherer and cryptanalyst 

 in this case possess the same information. In general, the only difference be- 

 tween the decipherer's knowledge and the enemy cryptanalyst 's knowledge 



^See von Neumann and Morgenstern "The Theory of Games," Princeton 1947, 



