. The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y , respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution PXY Z , can also receive all messages exchanged by the two parties over a public channel. The goal of a protocol is that the enemy obtains at most a negligible amount of information about S. Upper bounds on H(S) as a function of PXY Z are presented. Lower bounds on the rate H(S)=N (as N !1) are derived for the case where X = [X 1 ; : : : ; XN ], Y = [Y 1 ; : : : ; YN ] and Z = [Z 1 ; : : : ; ZN ] result from N independent executions of a random experiment generating X i ; Y i and Z i , for i = 1; : : : ; N . In particular it is shown that such secret key agreement is possible for a scenario where all three parties receive the output of a binary symmetric source over independent binary symmetr...

Several protocols are presented that allow two parties Alice and Bob not sharing any secret information initially (except possibly a short key to be used for authentication) to generate a long shared secret key such that even an enemy Eve with unlimited computing power is unable to obtain a non-negligible amount of information (in Shannon's sense) about this key. Two different models are considered. In a first model we assume that Alice can send information to Bob over a noisy main channel but that Eve is able to receive the same information over a parallel independent noisy channel from Alice to Eve. In a second, more general model we assume that Alice, Bob and Eve receive the output of a random source (e.g., a satellite broadcasting random bits) over three independent individual channels. The condition that the channels be independent can be replaced by the condition that they be independent only to a known, arbitrarily small degree. We demonstrate that even when Eve's channel is sup...

This paper examines the problem in which several nodes sharing highly correlated data, such as visual data, wish to compress and encrypt their data to provide confidentiality. The nodes however perform these tasks separately, without communicating with one another and without the use of cryptographic keys. The base station (BS) receiving all such encrypted data, can reconstruct each of the nodes ’ data, whereas a passive eavesdropper who is only allowed a subset of the encrypted data gleans as little information as possible about the nodes ’ data. We build on previous results with the goal of increasing secrecy (measured by Shannon equivocation) by: (1) relaxing the BS’s perfect reconstruction criterion thus permitting non-zero distortion reconstruction; (2) permitting communication (feedback) from the BS to the nodes. We show that permitting non-zero distortion reconstruction does increase secrecy, however unconditional secrecy is still not achievable unless the distortion is maximal. We also prove that feedback from the BS usually (under most practical scenarios) does not improve secrecy, unless the BS has certain knowledge concerning the eavesdropper. Finally this paper proposes ideas for applying the results to images by analyzing the ideal image model to demonstrate the practical difficulties in achieving provable security for images.

Let X, Y, and K be the stochastic variables associated with x, Thus we want to minimize P under the condition (6), which can y, and k. Let H(y) be the entropy of Y when nothing is known be rewritten as about k. Let H:)(y) be the conditional entropy of Y for a given x, after i pairs (3,~~) have been intercepted. Let H(k) be the entropy of K. Smce f(x, k) is an unknown function if k is unknown, this equation from [2] is valid:

Secure communication with feedback is studied. An achievability scheme in which the backward channel is used to generate a shared secret key is proposed. The scenario of binary symmetric forward and backward channels is considered, and a combination of the proposed scheme and Maurer’s coding scheme is shown to achieve improved secrecy rates. The scenario of a Gaussian channel with perfect output feedback is also analyzed and the Schalkwijk-Kailath coding scheme is shown to achieve the secrecy capacity for this channel. 1.