Results 1  10
of
114
Secret Key Agreement by Public Discussion From Common Information
 IEEE Transactions on Information Theory
, 1993
"... . The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y , respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution PX ..."
Abstract

Cited by 434 (18 self)
 Add to MetaCart
(Show Context)
. The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y , respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution PXY Z , can also receive all messages exchanged by the two parties over a public channel. The goal of a protocol is that the enemy obtains at most a negligible amount of information about S. Upper bounds on H(S) as a function of PXY Z are presented. Lower bounds on the rate H(S)=N (as N !1) are derived for the case where X = [X 1 ; : : : ; XN ], Y = [Y 1 ; : : : ; YN ] and Z = [Z 1 ; : : : ; ZN ] result from N independent executions of a random experiment generating X i ; Y i and Z i , for i = 1; : : : ; N . In particular it is shown that such secret key agreement is possible for a scenario where all three parties receive the output of a binary symmetric source over independent binary symmetr...
Generalized privacy amplification
 IEEE Transactions on Information Theory
, 1995
"... Abstract This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard, and Robert for a special scenario. Privacy amplification is a process that allows two parties to distill a secret key from a common random variable about which ..."
Abstract

Cited by 325 (19 self)
 Add to MetaCart
(Show Context)
Abstract This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard, and Robert for a special scenario. Privacy amplification is a process that allows two parties to distill a secret key from a common random variable about which an eavesdropper has partial information. The two parties generally know nothing about the eavesdropper’s information except that it satisfies a certain constraint. The results have applications to unconditionally secure secretkey agreement protocols and quantum cryptography, and they yield results on wiretap and broadcast channels for a considerably strengthened definition of secrecy capacity. Index Terms Cryptography, secretkey agreement, unconditional security, privacy amplification, wiretap channel, secrecy capacity, RCnyi entropy, universal hashing, quantum cryptography. I.
Secure Hybrid Encryption from Weakened Key Encapsulation
, 2007
"... We put forward a new paradigm for building hybrid encryption schemes from constrained chosenciphertext secure (CCCA) keyencapsulation mechanisms (KEMs) plus authenticated symmetric encryption. Constrained chosenciphertext security is a new security notion for KEMs that we propose. CCCA has less d ..."
Abstract

Cited by 57 (9 self)
 Add to MetaCart
We put forward a new paradigm for building hybrid encryption schemes from constrained chosenciphertext secure (CCCA) keyencapsulation mechanisms (KEMs) plus authenticated symmetric encryption. Constrained chosenciphertext security is a new security notion for KEMs that we propose. CCCA has less demanding security requirements than standard chosenciphertext (CCA) security (since it requires the adversary to have a certain plaintextknowledge when making a decapsulation query) yet we can prove that CCCA is sufficient for secure hybrid encryption. Our notion is not only useful to express the KurosawaDesmedt publickey encryption scheme and its generalizations to hashproof systems in an abstract KEM/DEM security framework. It also has a very constructive appeal, which we demonstrate with a new encryption scheme whose security relies on a class of intractability assumptions that we show (in the generic group model) strictly weaker than the Decision DiffieHellman (DDH) assumption. This appears to be the first practical publickey encryption scheme in the literature from an algebraic assumption strictly weaker than DDH.
On secrecy capacity scaling in wireless networks
"... We study a random extended network, where the legitimate and eavesdropper nodes are assumed to be placed according to Poisson point processes in a square region of area n. It is shown that, when the legitimate nodes have unit intensity, λ = 1, and the eavesdroppers have an intensity of λe = O ( (lo ..."
Abstract

Cited by 45 (3 self)
 Add to MetaCart
We study a random extended network, where the legitimate and eavesdropper nodes are assumed to be placed according to Poisson point processes in a square region of area n. It is shown that, when the legitimate nodes have unit intensity, λ = 1, and the eavesdroppers have an intensity of λe = O ( (log n) −2) , almost all of the nodes achieve a perfectly
The Strong Secret Key Rate of Discrete Random Triples
 COMMUNICATION AND CRYPTOGRAPHY
, 1994
"... Three parties, Alice, Bob and Eve, know the sequences of random variables X N = [X 1 ; X 2 ; : : : XN ], Y N = [Y 1 ; Y 2 ; : : : Y N ] and Z N = [Z 1 ; Z 2 ; : : : ZN ], respectively, where the triples (X i Y i Z i ), for 1 i N , are generated by a discrete memoryless source according ..."
Abstract

Cited by 43 (6 self)
 Add to MetaCart
Three parties, Alice, Bob and Eve, know the sequences of random variables X N = [X 1 ; X 2 ; : : : XN ], Y N = [Y 1 ; Y 2 ; : : : Y N ] and Z N = [Z 1 ; Z 2 ; : : : ZN ], respectively, where the triples (X i Y i Z i ), for 1 i N , are generated by a discrete memoryless source according to some probability distribution PXY Z . Motivated by Wyner's and Csisz'ar and Korner's pioneering definition of, and work on, the secrecy capacity of a broadcast channel, the secret key rate of PXY Z was defined by Maurer as the maximal rate M=N at which Alice and Bob can generate secret shared random key bits S 1 ; : : : ; SM by exchanging messages over an insecure public channel accessible to Eve, such that the rate at which Eve obtains information about the key is arbitrarily small, i.e., such that lim N!1 I(S 1 ; : : : ; SM ; Z N ; C t )=N = 0, where C t is the collection of messages exchanged between Alice and Bob over the public channel. However, this definition is n...
Information and Computation: Classical and Quantum Aspects
 REVIEWS OF MODERN PHYSICS
, 2001
"... Quantum theory has found a new field of applications in the realm of information and computation during the recent years. This paper reviews how quantum physics allows information coding in classically unexpected and subtle nonlocal ways, as well as information processing with an efficiency largely ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
Quantum theory has found a new field of applications in the realm of information and computation during the recent years. This paper reviews how quantum physics allows information coding in classically unexpected and subtle nonlocal ways, as well as information processing with an efficiency largely surpassing that of the present and foreseeable classical computers. Some outstanding aspects of classical and quantum information theory will be addressed here. Quantum teleportation, dense coding, and quantum cryptography are discussed as a few samples of the impact of quanta in the transmission of information. Quantum logic gates and quantum algorithms are also discussed as instances of the improvement in information processing by a quantum computer. We provide finally some examples of current experimental
Optimal encryption of quantum bits
, 2000
"... We characterize the complete set of protocols that may be used to securely encrypt n quantum bits using secret and random classical bits. In addition to the application of such quantum encryption protocols to quantum data security, our framework allows for generalizations of many classical cryptogra ..."
Abstract

Cited by 32 (2 self)
 Add to MetaCart
(Show Context)
We characterize the complete set of protocols that may be used to securely encrypt n quantum bits using secret and random classical bits. In addition to the application of such quantum encryption protocols to quantum data security, our framework allows for generalizations of many classical cryptographic protocols to quantum data. We show that the encrypted state gives no information without the secret classical data, and that 2n random classical bits are the minimum necessary for informationally secure quantum encryption. Moreover, the quantum operations are shown to have a surprising structure in a canonical inner product space. This quantum encryption protocol is a generalization of the classical one time pad concept. A connection is made between quantum encryption and quantum teleportation[1], and this allows for a new proof of optimality of teleportation. 1
Direct chosenciphertext secure identitybased key encapsulation without random oracles
 In ACISP 2006
, 2006
"... We describe a practical identitybased encryption scheme that is secure in the standard model against chosenciphertext attacks. Our construction applies “direct chosenciphertext techniques ” to Waters ’ chosenplaintext secure scheme and is not based on hierarchical identitybased encryption. Furt ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
(Show Context)
We describe a practical identitybased encryption scheme that is secure in the standard model against chosenciphertext attacks. Our construction applies “direct chosenciphertext techniques ” to Waters ’ chosenplaintext secure scheme and is not based on hierarchical identitybased encryption. Furthermore, we give an improved concrete security analysis for Waters ’ scheme. As a result, one can instantiate the scheme in smaller groups, resulting in efficiency improvements. 1
Optimal Locally Repairable and Secure Codes for Distributed Storage Systems
, 2013
"... This paper aims to go beyond resilience into the study of security and localrepairability for distributed storage systems (DSS). Security and localrepairability are both important as features of an efficient storage system, and this paper aims to understand the tradeoffs between resilience, sec ..."
Abstract

Cited by 31 (7 self)
 Add to MetaCart
This paper aims to go beyond resilience into the study of security and localrepairability for distributed storage systems (DSS). Security and localrepairability are both important as features of an efficient storage system, and this paper aims to understand the tradeoffs between resilience, security, and localrepairability in these systems. In particular, this paper first investigates security in the presence of colluding eavesdroppers, where eavesdroppers are assumed to work together in decoding stored information. Second, the paper focuses on coding schemes that enable optimal local repairs. It further brings these two concepts together, to develop locally repairable coding schemes for DSS that are secure against eavesdroppers. The main results of this paper include: a. An improved bound on the secrecy capacity for minimum storage regenerating codes, b. secure coding schemes that achieve the bound for some special cases, c. a new bound on minimum distance for locally repairable codes, d. code construction for locally repairable codes that attain the minimum distance bound, and e. repairbandwidthefficient locally repairable codes with and without security constraints.
New bounds in secretkey agreement: The gap between formation and secrecy extraction
 in Proc. EUROCRYPT 2003 (Lecture notes in Computer Science
, 2003
"... Abstract. Perfectly secret message transmission can be realized with only partially secret and weakly correlated information shared by the parties as soon as this information allows for the extraction of informationtheoretically secret bits. The best known upper bound on the rate S at which such key ..."
Abstract

Cited by 26 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Perfectly secret message transmission can be realized with only partially secret and weakly correlated information shared by the parties as soon as this information allows for the extraction of informationtheoretically secret bits. The best known upper bound on the rate S at which such key bits can be generated has been the intrinsic information of the distribution modeling the parties’, including the adversary’s, knowledge. Based on a new property of the secretkey rate S, we introduce a conditional mutual information measure which is a stronger upper bound on S. Having thus seen that the intrinsic information of a distribution P is not always suitable for determining the number of secret bits extractable from P, we prove a different significance of it in the same context: It is a lower bound on the number of key bits required to generate P by public communication. Taken together, these two results imply that sometimes, (a possibly arbitrarily large fraction of) the correlation contained in distributed information cannot be extracted in the form of secret keys by any protocol. Keywords. Informationtheoretic security, secretkey agreement, reductions among primitives, information measures, quantum entanglement purification.