Key agreement from weak bit agreement

Assume that Alice and Bob, given an authentic channel, have a protocol where they end up with a bit SA and SB, respectively, such that with probability 1+ε/2 these bits are equal. Further assume that conditioned on the event SA =n SB no polynomial time bounded algorithm can predict the bit better than with probability 1-δ/2. Is it possible to obtain key agreement from such a primitive? We show that for constant δ and ε the answer is yes if and only if δ > 1-ε/1+ε, both for uniform and non-uniform adversaries.The main computational technique used in this paper is a strengthening of Impagliazzo's hard-core lemma to the uniform case and to a set size parameter which is tight (i.e., twice the original size). This may be of independent interest.

[1]  J. Neumann Zur Theorie der Gesellschaftsspiele , 1928 .

[2]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[3]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[6]  Ingo Wegener,et al.  The complexity of Boolean functions , 1987 .

[7]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[8]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[9]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[10]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[11]  Steven Rudich,et al.  The Use of Interaction in Public Cryptosystems (Extended Abstract) , 1991, CRYPTO.

[12]  Ueli Maurer,et al.  Secret key agreement by public discussion , 1993 .

[13]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[14]  Ueli Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[15]  Russell Impagliazzo,et al.  Hard-core distributions for somewhat hard problems , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[16]  Noam Nisan,et al.  On Yao's XOR-Lemma , 1995, Electron. Colloquium Comput. Complex..

[17]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[18]  Rocco A. Servedio,et al.  Boosting and hard-core sets , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[19]  Ueli Maurer,et al.  Unconditionally Secure Key Agreement and the Intrinsic Conditional Information , 1999, IEEE Trans. Inf. Theory.

[20]  Luca Trevisan,et al.  List-decoding using the XOR lemma , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[21]  Renato Renner,et al.  New Bounds in Secret-Key Agreement: The Gap between Formation and Secrecy Extraction , 2003, EUROCRYPT.

[22]  Moni Naor,et al.  Immunizing Encryption Schemes from Decryption Errors , 2004, EUROCRYPT.

[23]  R. Schapire The Strength of Weak Learnability , 1990, Machine Learning.