A Cryptographic Treatment of the Wiretap Channel

The wiretap channel is a setting where one aims to provide information-theoretic privacy of communicated data based solely on the assumption that the channel from sender to adversary is "noisier" than the channel from sender to receiver. It has been the subject of decades of work in the information and coding (I&C) community. This paper bridges the gap between this body of work and modern cryptography with contributions along two fronts, namely metrics (definitions) of security, and schemes. We explain that the metric currently in use is weak and insufficient to guarantee security of applications and propose two replacements. One, that we call mis-security, is a mutual-information based metric in the I&C style. The other, semantic security, adapts to this setting a cryptographic metric that, in the cryptography community, has been vetted by decades of evaluation and endorsed as the target for standards and implementations. We show that they are equivalent (any scheme secure under one is secure under the other), thereby connecting two fundamentally different ways of defining security and providing a strong, unified and well-founded target for designs. Moving on to schemes, results from the wiretap community are mostly non-constructive, proving the existence of schemes without necessarily yielding ones that are explicit, let alone efficient, and only meeting their weak notion of security. We apply cryptographic methods based on extractors to produce explicit, polynomial-time and even practical encryption schemes that meet our new and stronger security target.

[1]  Shlomo Shamai,et al.  Information Theoretic Security , 2009, Found. Trends Commun. Inf. Theory.

[2]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[3]  Ueli Maurer,et al.  Towards Characterizing When Information-Theoretic Secret Key Agreement Is Possible , 1996, ASIACRYPT.

[4]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[5]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[6]  Kaoru Kurosawa,et al.  Almost k -Wise Independent Sample Spaces and Their Cryptologic Applications , 2001, Journal of Cryptology.

[7]  OstrovskyRafail,et al.  Privacy amplification with asymptotically optimal entropy loss , 2014 .

[8]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[9]  Lawrence H. Ozarow,et al.  Wire-tap channel II , 1984, AT&T Bell Lab. Tech. J..

[10]  Ueli Maurer,et al.  Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion , 1997, EUROCRYPT.

[11]  Ueli Maurer,et al.  Privacy Amplification Secure Against Active Adversaries , 1997, CRYPTO.

[12]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[13]  Leonid Reyzin,et al.  Key Agreement from Close Secrets over Unsecured Channels , 2009, IACR Cryptol. ePrint Arch..

[14]  Renato Renner,et al.  New Bounds in Secret-Key Agreement: The Gap between Formation and Secrecy Extraction , 2003, EUROCRYPT.

[15]  Ueli Maurer,et al.  Perfect cryptographic security from partially independent channels , 1991, STOC '91.

[16]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[17]  Alexander Vardy,et al.  Achieving the Secrecy Capacity of Wiretap Channels Using Polar Codes , 2010, IEEE Transactions on Information Theory.

[18]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[19]  Eyal Kushilevitz,et al.  Exposure-Resilient Functions and All-or-Nothing Transforms , 2000, EUROCRYPT.

[20]  Mahdi Cheraghchi,et al.  Invertible extractors and wiretap protocols , 2009, 2009 IEEE International Symposium on Information Theory.

[21]  Mihir Bellare,et al.  Polynomial-Time, Semantically-Secure Encryption Achieving the Secrecy Capacity , 2012, IACR Cryptol. ePrint Arch..

[22]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[23]  Ueli Maurer,et al.  Linking information reconciliation and privacy amplification , 1997, Journal of Cryptology.

[24]  Rafail Ostrovsky,et al.  Privacy amplification with asymptotically optimal entropy loss , 2014, IACR Cryptol. ePrint Arch..

[25]  Amit Sahai,et al.  On Perfect and Adaptive Security in Exposure-Resilient Cryptography , 2001, EUROCRYPT.

[26]  Matthieu R. Bloch,et al.  Physical-Layer Security: From Information Theory to Security Engineering , 2011 .

[27]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[28]  Ueli Maurer,et al.  Secret key agreement by public discussion , 1993 .

[29]  U. Maurer The Strong Secret Key Rate of Discrete Random Triples , 1994 .

[30]  Reihaneh Safavi-Naini,et al.  Secret Keys from Channel Noise , 2011, IACR Cryptol. ePrint Arch..

[31]  I. G. Núñez,et al.  Generalized Hamming Weights for Linear Codes , 2001 .

[32]  Thomas Holenstein,et al.  One-Way Secret-Key Agreement and Applications to Circuit Polarization and Immunization of Public-Key Encryption , 2005, CRYPTO.

[33]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[34]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[35]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[36]  Amiel Feinstein,et al.  Information and information stability of random variables and processes , 1964 .

[37]  Ueli Maurer,et al.  Information-Theoretic Key Agreement: From Weak to Strong Secrecy for Free , 2000, EUROCRYPT.

[38]  J. N. Laneman,et al.  On the secrecy capacity of arbitrary wiretap channels , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[39]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[40]  David Zuckerman,et al.  DETERMINISTIC EXTRACTORS FOR BIT-FIXING SOURCES AND EXPOSURE-RESILIENT CRYPTOGRAPHY , 2003 .