In this exercise, we aim to prove the inequality $H(K|C) \geq H(P|C)$, where:

• $K$ represents the key,
• $C$ represents the ciphertext,
• $P$ represents the plaintext, and
• $H(\cdot | \cdot)$ denotes conditional entropy.

The goal is to understand how the uncertainty of the key given the ciphertext relates to the uncertainty of the plaintext given the ciphertext in a cryptosystem, and then determine the condition under which equality holds.

Step-by-Step Explanation:

1. Key and Plaintext in Cryptosystems:

   • In a cryptosystem, the ciphertext $C$ is generated by encrypting the plaintext $P$ using the key $K$, i.e., $C = \text{Enc}(P, K)$.
   • The entropy $H(K|C)$ measures the uncertainty (or randomness) of the key $K$ given the ciphertext $C$.
   • Similarly, $H(P|C)$ measures the uncertainty of the plaintext $P$ given the ciphertext $C$.

2. Applying the Data Processing Inequality:

   • The Data Processing Inequality states that processing data cannot increase the amount of information. More specifically, if $K \rightarrow P \rightarrow C$ forms a Markov chain (as it typically does in a cryptosystem), then we have: $I(K; C) \leq I(P; C),$ where $I(X; Y)$ is the mutual information between random variables $X$ and $Y$.
   • This inequality says that the mutual information between the key and the ciphertext is less than or equal to the mutual information between the plaintext and the ciphertext.

3. Using the Chain Rule of Entropy:

   • The conditional entropy can be expressed using the following chain rule: $H(K|C) = H(K) - I(K; C),$ $H(P|C) = H(P) - I(P; C).$
   • Since $I(K; C) \leq I(P; C)$, we get: $H(K) - I(K; C) \geq H(P) - I(P; C).$
   • Therefore, we have the desired inequality: $H(K|C) \geq H(P|C).$

4. Condition for Equality:

   • The condition for equality in the inequality $H(K|C) = H(P|C)$ occurs when $I(K; C) = I(P; C)$. This happens when the key and the plaintext are equally "informative" with respect to the ciphertext.
   • In cryptographic terms, equality holds when the key fully determines the plaintext (i.e., perfect encryption) and there is no additional uncertainty about the plaintext once the ciphertext and key are known.

Conclusion:

We have shown that in any cryptosystem, it holds that: $H(K|C) \geq H(P|C).$ Equality occurs when the mutual information between the key and the ciphertext is the same as the mutual information between the plaintext and the ciphertext, i.e., when the key uniquely determines the plaintext for a given ciphertext (perfect secrecy).

---

Do you want any further details or have any questions about the explanation?

Here are some related questions to expand your understanding:

1. How is the concept of entropy applied in symmetric key cryptography?
2. What role does the Data Processing Inequality play in cryptographic security?
3. How does perfect secrecy relate to the conditional entropy of the key and plaintext?
4. Can you explain Shannon's definition of perfect secrecy in cryptosystems?
5. What is the mutual information $I(X; Y)$ and how does it relate to entropy?

Tip: In cryptography, minimizing the conditional entropy $H(K|C)$ is key to ensuring that the encryption process is secure and resistant to attacks.