682 BELL SYSTEM TECHNICAL JOURNAL 



In a secrecy system there are two statistical choices involved, that of the 

 message and of the key. We may measure the amount of information pro- 

 duced when a message is chosen by H(M) : 



H{M) = - S P{M) log P{M), 



the summation being over all possible messages. Similarly, there is an un- 

 certainty associated with the choice of key given by : 



H{K) = - Z P{K) log P{K). 



In perfect systems of the type described above, the amount of informa- 

 tion in the message is at most log n (occurring when all messages are equi- 

 probable). This information can be concealed completely only if the key un- 

 certainty is at least log n. This is the first example of a general principle 

 which will appear frequently: that there is a limit to what we can obtain 

 with a given uncertainty in key — the amount of uncertainty we can intro- 

 duce into the solution cannot be greater than the key uncertainty. 



The situation is somewhat more complicated if the number of messages 

 is infinite. Suppose, for example, that they are generated as infinite se- 

 quences of letters by a suitable Markoff process. It is clear that no finite key 

 will give perfect secrecy. We suppose, then, that the key source generates 

 key in the same manner, that is, as an infinite sequence of symbols. Suppose 

 further that only a certain length of key Lk is needed to encipher and de- 

 cipher a length Lm of message. Let the logarithm of the number of letters 

 in the message alphabet be Rm and that for the key alpiiabet be Rk ■ Then, 

 from the finite case, it is evident that perfect secrecy requires 



RmLm ^ RrLk . 



This type of perfect secrecy is realized by the Vernam system. 



These results have been deduced on the basis of unknown or arbitrary 

 a priori probabilities for the messages. The key required for perfect secrecy 

 depends then on the total number of possible messages. 



One would expect that, if the message space has fixed known statistics, 

 so that it has a definite mean rate R of generating information, in the sense 

 of MTC, then the amount of key needed could be reduced on the average 



in just this ratio ^— , and this is indeed true. In fact the message can be 

 Rm 



passed through a transducer which eliminates the redundancy and reduces 

 the expected length in just this ratio, and then a Vernam system may be 

 applied to the result. Evidently the amount of key used per letter of message 



D 



is statistically reduced by a factor -^— and in this case the key source and 



Rm 



information source are just matched — a bit of key completely conceals a 



