 So let's look at something called the Vernum cryptosystem. So we should always aspire to perfection, but of course we can't ever achieve it. Or can we? And the rather remarkable thing is that we have a perfect cryptosystem. The Vernum cipher has perfect secrecy. The cipher was invented by Gilbert Vernum, a Worcester Polytechnic Institute graduate who in 1917 obtained a patent for a secret signaling system. The Vernum cipher works as follows. Let our message be a string of ones and zeros. What we're going to do is we're going to construct an encryption key consisting of an equally long string of ones and zeros where the ones and zeros are chosen randomly with equal probabilities, say by flipping a coin. We'll encrypt P in the plain text by adding the key value using what's known as bitwise addition. And that works as follows. Zero plus zero, we're going to be unconventional and say that that's equal to zero. Well, actually, I guess that's normal. One plus zero, we'll say that's one, zero plus one, also one. And so far, nothing unusual has happened. The reason that this is called bitwise addition comes from when we add one plus one and we're going to call that result zero. So if you recognize the term, this is also known as addition mod two. So, for example, let's say we want to encrypt using a Vernum cipher, one zero one one zero zero one zero. We'll construct a key by flipping a coin and recording one if the coin lands heads and zero if it lands tails. We'll then add the key to the message using bitwise addition. So we flip our coin and it lands heads. So our key is one. We'll flip again and this time we get tails. So our key is zero and we'll continue to flip the coin, recording a one if we get heads and a zero if we get tails. Once we've constructed the key, we can make the ciphertext by bitwise addition. So now we'll add the key and the message bitwise to get the ciphertext. Remember, one plus one is zero. Zero plus zero is one plus zero is one. And we can continue to add the rest of the message and the key to get the ciphertext. Now, so far this looks like a pretty standard cryptosystem and so you might wonder, why is this a perfect cryptosystem? And the answer comes as follows. Suppose message yes is one and no is zero. Also suppose that, I don't know, 80% of the messages sent are yes messages, they're ones. So Eve intercepts the message. But before she can decrypt it, an intern spills coffee on the message and destroys it. Now after suitably chastising the intern and cleaning up the mess, Eve still has this problem of trying to figure out what the message is. Because she knows that 80% of the time the message is yes, she guesses that the message is yes and she has an 80% chance of being correct. In other words, Eve could guess the message even if she didn't have it. But what if she had a different intern? To see how this might work, suppose we intercept 100 messages. Now under our assumption, that message is zero, 20% of the time, and one, 80% of the time. So of those 100 messages, 20 of them are zeroes and 80 of them are ones. Now if we're using the Vernum Cryptosystem, then we're either going to encrypt using a zero or one with equal probability. So half the time our key is zero and the other half the time our key is one. So now let's consider the possibilities. If the message is zero and the key is zero, the ciphertext is also going to be zero. And that occurs half the time the message is zero and since the message is zero 20 times, that means 10 times we'll get ciphertext zero. The rest of the time the key will be one and so adding message to key gives a ciphertext one and that's going to occur 10 times. On the other hand, if the message is one and the key is zero, the ciphertext is going to be one and that'll occur half the time the message is one, 40 times. And again if the message is one and the key is also one, then our ciphertext is going to be zero and that's going to occur half the time again, another 40. Now if we put this all together, we see that the ciphertext zero appears 40 times when the message is one and 10 times when the message is zero, so it appears 50 times. And the ciphertext one appears 40 times when the message is one and 10 times when the message is zero, it also appears 50 times. Now suppose we intercept the ciphertext zero. If we guess that ciphertext zero must be message one, we're going to be correct 40 times out of 50 and that's these 40 times where the ciphertext is one and the message is one. And the thing to notice here is this. If the ciphertext message was destroyed and Eve just guessed that the message was yes, she has an 80% chance of being correct. But if she actually has a ciphertext message and guesses that it's yes, she still has an 80% chance of being correct. And what this means is that having or not having the ciphertext made no difference. Her interns can spill coffee anywhere they want to and it won't make a difference in Eve's ability to decrypt the messages. Now in case it's not clear what just happened, let's say that our key zero doesn't occur 50% of the time but say 40% of the time, then our table would change slightly. So again 80% of the time the message is one, 20% of the time the message is zero. But now 40% of the time the key is zero and so that means 40% of the time message zero is going to be encrypted as ciphertext zero, that's eight times and the remaining 12 times the key will be one and the ciphertext will be one. Meanwhile 40% of the time the message one and key zero will give a ciphertext one, so that's 32 times and the remaining 48 times our message one will be encrypted with key one giving a ciphertext zero. And again suppose we see the ciphertext zero and we'll get ciphertext zero eight plus 48 56 times but of those 56 times 48 of those times it corresponds to message one. So about 48, 56, about 86% of the time it's going to correspond to message M equals one so getting the ciphertext makes us more confident that our message is one and this means the ciphertext itself conveys some information and it can't be ignored. And that means the verdium cipher is a perfect cipher but if the verdium cipher is perfect why isn't it used for everything? And there are two problems. First, the perfection relies on the key being randomly generated, so how do you construct it? And second, the key is as long as the message so how do you communicate the key securely? And there are two solutions. The verdium cipher itself is based on what's known as a one-time pad and so what we'll do is we'll produce an arbitrarily long list of random numbers we'll send these lists to everyone who needs one and we'll use each list exactly once. The other approach is to use a formula that generates the key. Since the key must consist of a list of random numbers the formula must produce random numbers. Except it can't. However, we can hope to produce a formula that makes a sequence of pseudo-random numbers and we'll take a look at that next.