Unconditional Authenticity and Privacy from an Arbitrarily Weak Secret

Unconditional cryptographic security cannot be generated simply from scratch, but must be based on some given primitive to start with (such as, most typically, a private key). Whether or not this implies that such a high level of security is necessarily impractical depends on how weak these basic primitives can be, and how realistic it is therefore to realize or find them in|classical or quantum|reality. A natural way of minimizing the required resources for information-theoretic security is to reduce the length of the private key. In this paper, we focus on the level of its secrecy instead and show that even if the communication channel is completely insecure, a shared string of which an arbitrarily large fraction is known to the adversary can be used for achieving fundamental cryptographic goals such as message authentication and encryption. More precisely, we give protocols|using such a weakly secret key|allowing for both the exchange of authenticated messages and the extraction of the key’s entire amount of privacy into a shorter virtually secret key. Our schemes, which are highly interactive, show the power of two-way communication in this context: Under the given conditions, the same objectives cannot be achieved by one-way communication only.

[1]  Ran Raz,et al.  Error reduction for extractors , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[2]  Ueli Maurer,et al.  Secret-key agreement over unauthenticated public channels III: Privacy amplification , 2003, IEEE Trans. Inf. Theory.

[3]  Ueli Maurer,et al.  Secret-key agreement over unauthenticated public channels II: the simulatability condition , 2003, IEEE Trans. Inf. Theory.

[4]  Ueli Maurer,et al.  Secret-key agreement over unauthenticated public channels I: Definitions and a completeness result , 2003, IEEE Trans. Inf. Theory.

[5]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[6]  Ueli Maurer,et al.  Privacy Amplification Secure Against Active Adversaries , 1997, CRYPTO.

[7]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[8]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[9]  Moni Naor,et al.  Codes for Interactive Authentication , 1994, CRYPTO.

[10]  Ran Raz,et al.  Extracting all the randomness and reducing the error in Trevisan's extractors , 1999, STOC '99.

[11]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[12]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[13]  Yonatan Aumann,et al.  Everlasting security in the bounded storage model , 2002, IEEE Trans. Inf. Theory.

[14]  Ueli Maurer,et al.  Tight security proofs for the bounded-storage model , 2002, STOC '02.

[15]  I. Motivation,et al.  Secret-Key Agreement Over Unauthenticated Public Channels—Part III: Privacy Amplification , 2003 .

[16]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[17]  Stefan Wolf,et al.  Strong Security Against Active Attacks in Information-Theoretic Secret-Key Agreement , 1998, ASIACRYPT.

[18]  Benny Pinkas,et al.  On the Impossibility of Private Key Cryptography with Weakly Random Keys , 1990, CRYPTO.

[19]  Joel H. Spencer,et al.  On the (non)universality of the one-time pad , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[20]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[21]  Stefan Wolf,et al.  Information-theoretically and computationally secure key agreement in cryptography , 1999 .

[22]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[23]  Douglas R. Stinson Universal Hashing and Authentication Codes , 1991, CRYPTO.

[24]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..