Converses For Secret Key Agreement and Secure Computing

We consider information theoretic secret key (SK) agreement and secure function computation by multiple parties observing correlated data, with access to an interactive public communication channel. Our main result is an upper bound on the SK length, which is derived using a reduction of binary hypothesis testing to multiparty SK agreement. Building on this basic result, we derive new converses for multiparty SK agreement. Furthermore, we derive converse results for the oblivious transfer problem and the bit commitment problem by relating them to SK agreement. Finally, we derive a necessary condition for the feasibility of secure computation by trusted parties that seek to compute a function of their collective data, using an interactive public communication that by itself does not give away the value of the function. In many cases, we strengthen and improve upon previously known converse bounds. Our results are single-shot and use only the given joint distribution of the correlated observations. For the case when the correlated observations consist of independent and identically distributed (in time) sequences, we derive strong versions of previously known converses.

[1]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[2]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1951 .

[3]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[4]  Solomon Kullback,et al.  Information Theory and Statistics , 1970, The Mathematical Gazette.

[5]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[6]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[7]  Alon Orlitsky,et al.  Communication with secrecy constraints , 1984, STOC '84.

[8]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[9]  Joe Kilian,et al.  Weakening Security Assumptions and Oblivious Transfer (Abstract) , 1988, CRYPTO.

[10]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[11]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[12]  Russell Impagliazzo,et al.  How to recycle random bits , 1989, 30th Annual Symposium on Foundations of Computer Science.

[13]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[14]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[15]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[16]  Charles H. Bennett,et al.  Mixed-state entanglement and quantum error correction. , 1996, Physical review. A, Atomic, molecular, and optical physics.

[17]  Charles M. Grinstead,et al.  Introduction to probability , 1999, Statistics for the Behavioural Sciences.

[18]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[19]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[20]  V. Vedral,et al.  Entanglement measures and purification procedures , 1997, quant-ph/9707035.

[21]  Ueli Maurer,et al.  Unconditionally Secure Key Agreement and the Intrinsic Conditional Information , 1999, IEEE Trans. Inf. Theory.

[22]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[23]  Tomohiro Ogawa,et al.  Strong converse and Stein's lemma in quantum hypothesis testing , 2000, IEEE Trans. Inf. Theory.

[24]  Ueli Maurer,et al.  Authentication theory and hypothesis testing , 2000, IEEE Trans. Inf. Theory.

[25]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[26]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[27]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[28]  S. Massar,et al.  Multipartite classical and quantum secrecy monotones , 2002, quant-ph/0202103.

[29]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[30]  Masahito Hayashi,et al.  General formulas for capacity of classical-quantum channels , 2002 .

[31]  Hideki Imai,et al.  Commitment Capacity of Discrete Memoryless Channels , 2003, IMACC.

[32]  Masahito Hayashi,et al.  General formulas for capacity of classical-quantum channels , 2003, IEEE Transactions on Information Theory.

[33]  Renato Renner,et al.  New Bounds in Secret-Key Agreement: The Gap between Formation and Secrecy Extraction , 2003, EUROCRYPT.

[34]  Imre Csiszár,et al.  Secrecy capacities for multiple terminals , 2004, IEEE Transactions on Information Theory.

[35]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[36]  Stefan Wolf,et al.  Oblivious Transfer Is Symmetric , 2006, EUROCRYPT.

[37]  Matthias Fitzi,et al.  Pseudo-signatures, Broadcast, and Multi-party Computation from Correlated Randomness , 2004, CRYPTO.

[38]  Renato Renner,et al.  Security of quantum key distribution , 2005, Ausgezeichnete Informatikdissertationen.

[39]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[40]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[41]  Imre Csiszár,et al.  Secrecy Capacities for Multiterminal Channel Models , 2005, IEEE Transactions on Information Theory.

[42]  A. Winter,et al.  Distillation of secret key and entanglement from quantum states , 2003, Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[43]  林 正人 Quantum information : an introduction , 2006 .

[44]  Hideki Imai,et al.  Efficient Protocols Achieving the Commitment Capacity of Noisy Correlations , 2006, 2006 IEEE International Symposium on Information Theory.

[45]  Michal Horodecki,et al.  Unifying Classical and Quantum Key Distillation , 2007, TCC.

[46]  A. Winter,et al.  Robustness of Quantum Markov Chains , 2006, quant-ph/0611057.

[47]  Jonathan Katz,et al.  Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[48]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[49]  Rudolf Ahlswede,et al.  On Oblivious Transfer Capacity , 2007, 2007 IEEE International Symposium on Information Theory.

[50]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[51]  L. Dworsky An Introduction to Probability , 2008 .

[52]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[53]  Anderson C. A. Nascimento,et al.  On the Oblivious-Transfer Capacity of Noisy Resources , 2008, IEEE Transactions on Information Theory.

[54]  Stefan Wolf,et al.  New Monotones and Lower Bounds in Unconditional Two-Party Computation , 2008, IEEE Transactions on Information Theory.

[55]  Robert König,et al.  The Operational Meaning of Min- and Max-Entropy , 2008, IEEE Transactions on Information Theory.

[56]  Nilanjana Datta,et al.  Min- and Max-Relative Entropies and a New Entanglement Monotone , 2008, IEEE Transactions on Information Theory.

[57]  H. Vincent Poor,et al.  Channel Coding Rate in the Finite Blocklength Regime , 2010, IEEE Transactions on Information Theory.

[58]  Venkat Anantharam,et al.  Information-Theoretic Key Agreement of Multiple Terminals—Part I , 2010, IEEE Transactions on Information Theory.

[59]  Chung Chan,et al.  Mutual dependence for secret key agreement , 2010, 2010 44th Annual Conference on Information Sciences and Systems (CISS).

[60]  S. Verdú,et al.  Arimoto channel coding converse and Rényi divergence , 2010, 2010 48th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[61]  V. Anantharam,et al.  A new dual to the Gács-Körner common information defined via the Gray-Wyner system , 2010, 2010 48th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[62]  Vinod M. Prabhakaran,et al.  Assisted Common Information with Applications to Secure Two-Party Computation , 2010, ArXiv.

[63]  S. Wehner,et al.  Implementation of two-party protocols in the noisy-storage model , 2009, 0911.2302.

[64]  Imre Csiszár,et al.  Information Theory - Coding Theorems for Discrete Memoryless Systems, Second Edition , 2011 .

[65]  Information Theory: Name index , 2011 .

[66]  Imre Csiszár,et al.  Information Theory: Basic notation and conventions , 2011 .

[67]  Himanshu Tyagi,et al.  When Is a Function Securely Computable? , 2010, IEEE Transactions on Information Theory.

[68]  Severin Winkler,et al.  On the Efficiency of Bit Commitment Reductions , 2011, ASIACRYPT.

[69]  Evgueni A. Haroutunian,et al.  Information Theory and Statistics , 2011, International Encyclopedia of Statistical Science.

[70]  R. Renner,et al.  One-shot classical-quantum capacity and hypothesis testing. , 2010, Physical review letters.

[71]  Jürg Wullschleger,et al.  Unconditional Security From Noisy Quantum Storage , 2009, IEEE Transactions on Information Theory.

[72]  M. Tomamichel A framework for non-asymptotic quantum information theory , 2012, 1203.2142.

[73]  Himanshu Tyagi,et al.  Common Information and Secret Key Capacity , 2013, IEEE Transactions on Information Theory.

[74]  Christian Deppe,et al.  Information Theory, Combinatorics, and Search Theory , 2013, Lecture Notes in Computer Science.

[75]  Himanshu Tyagi,et al.  How many queries will resolve common randomness? , 2013, 2013 IEEE International Symposium on Information Theory.

[76]  Masahito Hayashi,et al.  Non-asymptotic analysis of privacy amplification via Rényi entropy and inf-spectral entropy , 2012, 2013 IEEE International Symposium on Information Theory.

[77]  Vincent Yan Fu Tan,et al.  A Tight Upper Bound for the Third-Order Asymptotics for Most Discrete Memoryless Channels , 2012, IEEE Transactions on Information Theory.

[78]  Himanshu Tyagi,et al.  Secret key capacity for multipleaccess channel with public feedback , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[79]  Junji Shikata,et al.  Information Theoretic Security for Encryption Based on Conditional Rényi Entropies , 2013, ICITS.

[80]  Masahito Hayashi,et al.  Finite-length Analysis on Tail probability for Markov Chain and Application to Simple Hypothesis Testing , 2014, 1401.3801.

[81]  Vinod M. Prabhakaran,et al.  A new upperbound for the oblivious transfer capacity of discrete memoryless channels , 2014, 2014 IEEE Information Theory Workshop (ITW 2014).

[82]  Yuval Ishai,et al.  On the Cryptographic Complexity of the Worst Functions , 2014, TCC.

[83]  Himanshu Tyagi,et al.  A Bound For Multiparty Secret Key Agreement And Implications For A Problem Of Secure Computing , 2014, IACR Cryptol. ePrint Arch..

[84]  Himanshu Tyagi,et al.  Strong converse for a degraded wiretap channel via active hypothesis testing , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[85]  Masahito Hayashi,et al.  Finite-length analysis on tail probability and simple hypothesis testing for Markov chain , 2014, 2014 International Symposium on Information Theory and its Applications.

[86]  Severin Winkler,et al.  On the Efficiency of Classical and Quantum Secure Function Evaluation , 2012, IEEE Transactions on Information Theory.

[87]  Vinod M. Prabhakaran,et al.  Assisted Common Information With an Application to Secure Two-Party Sampling , 2014, IEEE Transactions on Information Theory.

[88]  G. Crooks On Measures of Entropy and Information , 2015 .

[89]  Himanshu Tyagi,et al.  Common randomness for secure computing , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[90]  Himanshu Tyagi,et al.  Secret Key Agreement: General Capacity and Second-Order Asymptotics , 2014, IEEE Transactions on Information Theory.

[91]  Himanshu Tyagi,et al.  Information Complexity Density and Simulation of Protocols , 2015, IEEE Transactions on Information Theory.