U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 209--225, Springer-Verlag, 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....is successful. Note that we cannot demand that both Alice and Bob accept in the latter case, but that they both compute the correct and secure key nonetheless. According to this, the secret key rate S (X; Y jjZ) against active adversaries (robust secret key rate for short) was de ned in [3], 11] 10] in the same way as S(X;Y jjZ) but where this time the public discussion channel is not even authentic (i.e. possibly under total control of the adversary) In addition to the conditions in the de nition of S(X;Y jjZ) it is required that 3 accept, S A accept, S B Alice Bob X Y ....

....can only be possible if Alice and Bob have some advantage over Eve in terms of the distribution PXY Z . More precisely, it was shown that this advantage must be such that Eve cannot generate from Z a random variable X which Bob, knowing Y , is unable to distinguish from X (and vice versa) In [3], the following property of a distribution PXY Z was de ned. De nition 1 [3] Let X, Y , and Z be random variables. Then X is simulatable by Z with respect to Y , denoted by sim Y (Z X) if there exists a conditional distribution P XjZ such that P XY = PXY . Another way of stating that sim Y ....

[Article contains additional citation context not shown here]

U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EU17 ROCRYPT '97, Lecture Notes in Computer Science, vol. 1233, pp. 209 225, Springer-Verlag, 1997.

....agreement scenario is where X , Y , and Z consist of many independent realizations of the same random experiment [5] 1. 2 Strong Security Against Active Opponents Secret key agreement has also been studied when dropping the condition that the channel connecting Alice and Bob is authentic [4], 6] However, it is clear that such key agreement can only be possible if Alice and Bob already have some kind of advantage over Eve initially, and if this advantage implies that Eve cannot successfully impersonate Bob towards Alice, or vice versa. The conditions on a protocol for such key ....

....string, but maintaining security even against adversaries having partial knowledge about the key. The scenario where the parties (and the adversary s) information consists of repeated realizations of the same random experiment is treated in Section 4. It is shown that the criteria given in [4] for the existence (in this scenario) or inexistence (in the general scenario) of protocols secure against active opponents are not correct for the protocol definition of [4] but that these (or closely related) criteria characterize the existence of strong protocols in this scenario. Correcting ....

[Article contains additional citation context not shown here]

U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 209-225, Springer-Verlag, 1997.

No context found.

U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 209--225, Springer-Verlag, 1997.

No context found.

U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 209--225, Springer-Verlag, 1997.

No context found.

U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 209--225, Springer-Verlag, 1997.

....In this case, we assume that Alice and Bob initially share a short secret key K 0 to be used for authentication. A public key agreement protocol is then a method for expanding K 0 to a key K of arbitrary length. Key agreement without authentic channels has been investigated by Maurer [Mau97] and is not pursued further here. A key agreement protocol generally consists of three phases. Some phases may be missing for certain scenarios, as explained later. Advantage Distillation [Mau93] The purpose of the first phase is to create a random variable T about which both Alice and Bob ....

Ueli Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology --- EUROCRYPT '97 (Walter Fumy, ed.), Lecture Notes in Computer Science, Springer-Verlag, 1997.

....the condition that the channel connecting the two parties Alice and Bob be authentic, i.e. privacy amplification secure even against active adversaries who are able to insert or modify messages. Privacy amplification is often used as the final phase of unconditional secretkey agreement. In [6], it was investigated under what conditions secret key agreement by not authenticated public discussion is possible when the parties Alice, Bob, and Eve have access to random variables X , Y , and Z, respectively (the initialization phase ) Several impossibility results were shown, whereas a ....

.... what conditions secret key agreement by not authenticated public discussion is possible when the parties Alice, Bob, and Eve have access to random variables X , Y , and Z, respectively (the initialization phase ) Several impossibility results were shown, whereas a positive result was derived in [6] only for the special case where the information that the parties obtain consists of many independent repetitions of a random experiment. Privacy amplification, which was not treated in [6] corresponds to the situation where X = Y , and where the random experiment is not repeated. We make precise ....

[Article contains additional citation context not shown here]

U. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 209-225, Springer-Verlag, 1997.

No context found.

U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, LNCS, Vol. 1233, pp. 209--225, Springer-Verlag, 1997.

No context found.

U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology - EUROCRYPT '97, LNCS, Vol. 1233, pp. 209-225, Springer-Verlag, 1997.

No context found.

U. Maurer. Information-theoretically secure secret-key agreement by NOT authenticated public discussion, volume 1233 of Lecture Notes in Computer Science, pages 209--225. 1997.

No context found.

U. Maurer. Information-Theoretically Secure SecretKey Agreement by not Authenticated Public Discussion. In Advances in Cryptology - Eurocrypt '97, Lecture Notes in Computer Science 1233, pp. 209-225.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC