Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion

All information-theoretically secure key agreement protocols (e.g. based on quantum cryptography or on noisy channels) described in the literature are secure only against passive adversaries in the sense that they assume the existence of an authenticated public channel. The goal of this paper is to investigate information-theoretic security even against active adversaries with complete control over the communication channel connecting the two parties who want to agree on a secret key. Several impossibility results are proved and some scenarios are characterized in which secret-key agreement secure against active adversaries is possible. In particular, when each of the parties, including the adversary, can observe a sequence of random variables that are correlated between the parties, the rate at which key agreement against active adversaries is possible is characterized completely: it is either 0 or equal to the rate achievable against passive adversaries, and the condition for distinguishing between the two cases is given.

[1]  J. H. Lint Concrete mathematics : a foundation for computer science / R.L. Graham, D.E. Knuth, O. Patashnik , 1990 .

[2]  Moni Naor,et al.  Codes for Interactive Authentication , 1994, CRYPTO.

[3]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[4]  Richard E. Blahut,et al.  Principles and practice of information theory , 1987 .

[5]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[6]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Kwangjo Kim,et al.  Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[9]  Douglas R. Stinson,et al.  Universal hashing and authentication codes , 1991, Des. Codes Cryptogr..

[10]  U. Maurer The Strong Secret Key Rate of Discrete Random Triples , 1994 .

[11]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[12]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[13]  Ueli Maurer,et al.  Protocols for Secret Key Agreement by Public Discussion Based on Common Information , 1992, CRYPTO.

[14]  Ueli Maurer,et al.  The intrinsic conditional mutual information and perfect secrecy , 1997, Proceedings of IEEE International Symposium on Information Theory.

[15]  Gustavus J. Simmons,et al.  Authentication Theory/Coding Theory , 1985, CRYPTO.

[16]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[17]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[18]  J.L. Massey,et al.  Theory and practice of error control codes , 1986, Proceedings of the IEEE.

[19]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[20]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[21]  Ueli Maurer,et al.  Towards Characterizing When Information-Theoretic Secret Key Agreement Is Possible , 1996, ASIACRYPT.

[22]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[23]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[24]  Ueli Maurer,et al.  A Calculus for Security Bootstrapping in Distributed Systems , 1996, J. Comput. Secur..

[25]  Gilles Brassard,et al.  Experimental Quantum Cryptography , 1990, EUROCRYPT.

[26]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[27]  Charles H. BennettIBM Generalized Privacy Ampli cation , 1995 .

[28]  Ueli Maurer,et al.  Privacy Amplification Secure Against Active Adversaries , 1997, CRYPTO.