Results 1  10
of
49
Secret Key Agreement by Public Discussion From Common Information
 IEEE Transactions on Information Theory
, 1993
"... . The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y , respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution PX ..."
Abstract

Cited by 253 (18 self)
 Add to MetaCart
. The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y , respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution PXY Z , can also receive all messages exchanged by the two parties over a public channel. The goal of a protocol is that the enemy obtains at most a negligible amount of information about S. Upper bounds on H(S) as a function of PXY Z are presented. Lower bounds on the rate H(S)=N (as N !1) are derived for the case where X = [X 1 ; : : : ; XN ], Y = [Y 1 ; : : : ; YN ] and Z = [Z 1 ; : : : ; ZN ] result from N independent executions of a random experiment generating X i ; Y i and Z i , for i = 1; : : : ; N . In particular it is shown that such secret key agreement is possible for a scenario where all three parties receive the output of a binary symmetric source over independent binary symmetr...
Generalized Privacy Amplification
 IEEE Transactions on Information Theory
, 1995
"... This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard and Robert [1] for a special scenario. The results have applications to unconditionallysecure secretkey agreement protocols, quantum cryptography and to a nonasymptotic ..."
Abstract

Cited by 212 (18 self)
 Add to MetaCart
This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard and Robert [1] for a special scenario. The results have applications to unconditionallysecure secretkey agreement protocols, quantum cryptography and to a nonasymptotic and constructive treatment of the secrecy capacity of wiretap and broadcast channels, even for a considerably strengthened definition of secrecy capacity. I. Introduction This paper is concerned with unconditionallysecure secretkey agreement by two communicating parties Alice and Bob who both know a random variable W, for instance a random nbit string, about which an eavesdropper Eve has incomplete information characterized by the random variable V jointly distributed with W according to PV W . This distribution may partially be under Eve's control. Alice and Bob know nothing about PV W , except that it satisfies a certain constraint. We present protocols by which Alice and Bob can us...
Secure Hybrid Encryption from Weakened Key Encapsulation
 Advances in Cryptology – CRYPTO 2007
, 2007
"... Abstract We put forward a new paradigm for building hybrid encryption schemes from constrainedchosenciphertext secure (CCCA) keyencapsulation mechanisms (KEMs) plus authenticated ..."
Abstract

Cited by 35 (8 self)
 Add to MetaCart
Abstract We put forward a new paradigm for building hybrid encryption schemes from constrainedchosenciphertext secure (CCCA) keyencapsulation mechanisms (KEMs) plus authenticated
Direct chosenciphertext secure identitybased key encapsulation without random oracles
 In ACISP 2006
, 2006
"... We describe a practical identitybased encryption scheme that is secure in the standard model against chosenciphertext attacks. Our construction applies “direct chosenciphertext techniques ” to Waters ’ chosenplaintext secure scheme and is not based on hierarchical identitybased encryption. Furt ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
We describe a practical identitybased encryption scheme that is secure in the standard model against chosenciphertext attacks. Our construction applies “direct chosenciphertext techniques ” to Waters ’ chosenplaintext secure scheme and is not based on hierarchical identitybased encryption. Furthermore, we give an improved concrete security analysis for Waters ’ scheme. As a result, one can instantiate the scheme in smaller groups, resulting in efficiency improvements. 1
The Strong Secret Key Rate of Discrete Random Triples
 COMMUNICATION AND CRYPTOGRAPHY
, 1994
"... Three parties, Alice, Bob and Eve, know the sequences of random variables X N = [X 1 ; X 2 ; : : : XN ], Y N = [Y 1 ; Y 2 ; : : : Y N ] and Z N = [Z 1 ; Z 2 ; : : : ZN ], respectively, where the triples (X i Y i Z i ), for 1 i N , are generated by a discrete memoryless source according ..."
Abstract

Cited by 25 (6 self)
 Add to MetaCart
Three parties, Alice, Bob and Eve, know the sequences of random variables X N = [X 1 ; X 2 ; : : : XN ], Y N = [Y 1 ; Y 2 ; : : : Y N ] and Z N = [Z 1 ; Z 2 ; : : : ZN ], respectively, where the triples (X i Y i Z i ), for 1 i N , are generated by a discrete memoryless source according to some probability distribution PXY Z . Motivated by Wyner's and Csisz'ar and Korner's pioneering definition of, and work on, the secrecy capacity of a broadcast channel, the secret key rate of PXY Z was defined by Maurer as the maximal rate M=N at which Alice and Bob can generate secret shared random key bits S 1 ; : : : ; SM by exchanging messages over an insecure public channel accessible to Eve, such that the rate at which Eve obtains information about the key is arbitrarily small, i.e., such that lim N!1 I(S 1 ; : : : ; SM ; Z N ; C t )=N = 0, where C t is the collection of messages exchanged between Alice and Bob over the public channel. However, this definition is n...
Information and Computation: Classical and Quantum Aspects
 REVIEWS OF MODERN PHYSICS
, 2001
"... Quantum theory has found a new field of applications in the realm of information and computation during the recent years. This paper reviews how quantum physics allows information coding in classically unexpected and subtle nonlocal ways, as well as information processing with an efficiency largely ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
Quantum theory has found a new field of applications in the realm of information and computation during the recent years. This paper reviews how quantum physics allows information coding in classically unexpected and subtle nonlocal ways, as well as information processing with an efficiency largely surpassing that of the present and foreseeable classical computers. Some outstanding aspects of classical and quantum information theory will be addressed here. Quantum teleportation, dense coding, and quantum cryptography are discussed as a few samples of the impact of quanta in the transmission of information. Quantum logic gates and quantum algorithms are also discussed as instances of the improvement in information processing by a quantum computer. We provide finally some examples of current experimental
Optimal encryption of quantum bits
, 2000
"... We characterize the complete set of protocols that may be used to securely encrypt n quantum bits using secret and random classical bits. In addition to the application of such quantum encryption protocols to quantum data security, our framework allows for generalizations of many classical cryptogra ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
We characterize the complete set of protocols that may be used to securely encrypt n quantum bits using secret and random classical bits. In addition to the application of such quantum encryption protocols to quantum data security, our framework allows for generalizations of many classical cryptographic protocols to quantum data. We show that the encrypted state gives no information without the secret classical data, and that 2n random classical bits are the minimum necessary for informationally secure quantum encryption. Moreover, the quantum operations are shown to have a surprising structure in a canonical inner product space. This quantum encryption protocol is a generalization of the classical one time pad concept. A connection is made between quantum encryption and quantum teleportation[1], and this allows for a new proof of optimality of teleportation. 1
Perfect Cryptographic Security from Partially Independent Channels
 Proc. 23rd ACM Symposium on Theory of Computing
, 1991
"... Several protocols are presented that allow two parties Alice and Bob not sharing any secret information initially (except possibly a short key to be used for authentication) to generate a long shared secret key such that even an enemy Eve with unlimited computing power is unable to obtain a nonnegl ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
Several protocols are presented that allow two parties Alice and Bob not sharing any secret information initially (except possibly a short key to be used for authentication) to generate a long shared secret key such that even an enemy Eve with unlimited computing power is unable to obtain a nonnegligible amount of information (in Shannon's sense) about this key. Two different models are considered. In a first model we assume that Alice can send information to Bob over a noisy main channel but that Eve is able to receive the same information over a parallel independent noisy channel from Alice to Eve. In a second, more general model we assume that Alice, Bob and Eve receive the output of a random source (e.g., a satellite broadcasting random bits) over three independent individual channels. The condition that the channels be independent can be replaced by the condition that they be independent only to a known, arbitrarily small degree. We demonstrate that even when Eve's channel is sup...
New bounds in secretkey agreement: The gap between formation and secrecy extraction
 in Proc. EUROCRYPT 2003 (Lecture notes in Computer Science
, 2003
"... Abstract. Perfectly secret message transmission can be realized with only partially secret and weakly correlated information shared by the parties as soon as this information allows for the extraction of informationtheoretically secret bits. The best known upper bound on the rate S at which such key ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
Abstract. Perfectly secret message transmission can be realized with only partially secret and weakly correlated information shared by the parties as soon as this information allows for the extraction of informationtheoretically secret bits. The best known upper bound on the rate S at which such key bits can be generated has been the intrinsic information of the distribution modeling the parties’, including the adversary’s, knowledge. Based on a new property of the secretkey rate S, we introduce a conditional mutual information measure which is a stronger upper bound on S. Having thus seen that the intrinsic information of a distribution P is not always suitable for determining the number of secret bits extractable from P, we prove a different significance of it in the same context: It is a lower bound on the number of key bits required to generate P by public communication. Taken together, these two results imply that sometimes, (a possibly arbitrarily large fraction of) the correlation contained in distributed information cannot be extracted in the form of secret keys by any protocol. Keywords. Informationtheoretic security, secretkey agreement, reductions among primitives, information measures, quantum entanglement purification.
Linking classical and quantum key agreement: is there \bound information
 Algorithmica
, 2000
"... Abstract. After carrying out a protocol for quantum key agreement over a noisy quantum channel, the parties Alice and Bob must process the raw key in order to end up with identical keys about which the adversary has virtually no information. In principle, both classical and quantum protocols can be ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
Abstract. After carrying out a protocol for quantum key agreement over a noisy quantum channel, the parties Alice and Bob must process the raw key in order to end up with identical keys about which the adversary has virtually no information. In principle, both classical and quantum protocols can be used for this processing. It is a natural question which type of protocols is more powerful. We show that the limits of tolerable noise are identical for classical and quantum protocols in many cases. More specifically, we prove that a quantum state between two parties is entangled if and only if the classical random variables resulting from optimal measurements provide some mutual classical information between the parties. In addition, we present evidence which strongly suggests that the potentials of classical and of quantum protocols are equal in every situation. An important consequence, in the purely classical regime, of such a correspondence would be the existence of a classical counterpart of socalled bound entanglement, namely “bound information” that cannot be used for generating a secret key by any protocol. This stands in sharp contrast to what was previously believed. Keywords. Secretkey agreement, intrinsic information, secretkey rate, quantum privacy amplification, purification, entanglement. 1