Secure Authentication from a Weak Key, Without Leaking Information

We study the problem of authentication based on a weak key in the information-theoretic setting. A key is weak if its min-entropy is an arbitrary small fraction of its bit length. This problem has recently received considerable attention, with different solutions optimizing different parameters. We study the problem in an extended setting, where the weak key is a one-time session key that is derived from a public source of randomness with the help of a (potentially also weak) long-term key. Our goal now is to authenticate a message by means of the weak session key in such a way that (nearly) no information on the long-term key is leaked. Ensuring privacy of the long-term key is vital for the long-term key to be re-usable. Previous work has not considered such a privacy issue, and previous solutions do not seem to satisfy this requirement. We show the existence of a practical four-round protocol that provides message authentication from a weak session key and that avoids non-negligible leakage on the long-term key. The security of our scheme also holds in the quantum setting where the adversary may have limited quantum side information on the weak session key. As an application of our scheme, we show the existence of an identification scheme in the bounded quantum storage model that is secure against a man-in-the-middle attack and that is truly password-based: it does not need any high entropy key, in contrast to the scheme proposed by Damgard et al.

[1]  Enkatesan G Uruswami Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes , 2008 .

[2]  Sophia Yakoubov,et al.  Alternating Extractors and Leakage-Resilient Stream Ciphers , 2011 .

[3]  Renato Renner,et al.  The Exact Price for Unconditionally Secure Asymmetric Cryptography , 2004, EUROCRYPT.

[4]  Robert König,et al.  Universally Composable Privacy Amplification Against Quantum Adversaries , 2004, TCC.

[5]  Leonid Reyzin,et al.  Key Agreement from Close Secrets over Unsecured Channels , 2009, IACR Cryptol. ePrint Arch..

[6]  Ivan Damgård,et al.  A Tight High-Order Entropic Quantum Uncertainty Relation with Applications , 2006, CRYPTO.

[7]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[8]  Serge Fehr,et al.  Composing Quantum Protocols in a Classical Environment , 2009, TCC.

[9]  Jeroen van de Graaf,et al.  Towards a formal definition of security for quantum protocols , 1998 .

[10]  Rafail Ostrovsky,et al.  Privacy amplification with asymptotically optimal entropy loss , 2010, STOC '10.

[11]  Yevgeniy Dodis,et al.  Correcting errors without leaking partial information , 2005, STOC '05.

[12]  Renato Renner,et al.  Security of quantum key distribution , 2005, Ausgezeichnete Informatikdissertationen.

[13]  Ueli Maurer,et al.  A Provably-Secure Strongly-Randomized Cipher , 1991, EUROCRYPT.

[14]  Anindya De,et al.  Trevisan's Extractor in the Presence of Quantum Side Information , 2009, SIAM J. Comput..

[15]  Stefan Dziembowski,et al.  Intrusion-Resilient Secret Sharing , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[16]  Renato Renner,et al.  Unconditional Authenticity and Privacy from an Arbitrarily Weak Secret , 2003, CRYPTO.

[17]  Robert König,et al.  The Operational Meaning of Min- and Max-Entropy , 2008, IEEE Transactions on Information Theory.

[18]  Ivan Damgård,et al.  Secure identification and QKD in the bounded-quantum-storage model , 2007, Theor. Comput. Sci..

[19]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[20]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[21]  Serge Fehr,et al.  Randomness Extraction Via delta -Biased Masking in the Presence of a Quantum Attacker , 2007, TCC.

[22]  Ivan Damgård,et al.  Improving the Security of Quantum Protocols via Commit-and-Open , 2009, CRYPTO.