#### DMCA

## Secure authentication from a weak key, without leaking information (2011)

Venue: | Advances in Cryptology — Eurocrypt 2011, volume 6632 of LNCS |

Citations: | 5 - 0 self |

### Citations

172 | Security of quantum key distribution
- Renner
- 2005
(Show Context)
Citation Context ...log Guess(X|E). x x 2 Defined by ‖A‖1 := trace( √ A † A), where A † denotes the Hermitian transpose.4 NIEK J. BOUMAN AND SERGE FEHR This definition coincides with the definition introduced by Renner =-=[Ren05]-=-, as shown by [KRS09]; in case of a classical E, it coincides with the classical definition of conditional min-entropy (see e.g. [DORS08]). Definition 5. A function Ext : {0, 1} n ×{0, 1} d → {0, 1} m... |

120 | Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes - Guruswami, Umans, et al. - 2009 |

69 | Universally composable privacy amplification against quantum adversaries
- Renner, König
- 2005
(Show Context)
Citation Context ...ation) is a twouniversal hash function h : {0, 1} n × {0, 1} d → {0, 1} q . Indeed, for any XE with classical X, and for Y an independent seed, uniformly distributed on {0, 1} d privacy amplification =-=[RK05]-=- guarantees that d(h(X, Y )|Y E) ≤ 1 2 √ 2 q−Hmin(X|Y E) = 1 2 √ 2 q Guess(X|Y E). 2.1. Security Definition. In the scope of this paper, an authentication protocol is understood as a classical protoco... |

64 | Correcting errors without leaking partial information
- Dodis, Smith
- 2005
(Show Context)
Citation Context ...owed to have quantum side information. One subtlety is that the error correcting information must not leak information about W , to preserve the privacy property. Exactly this problem is addressed in =-=[DS05]-=-, and is generalized to the quantum setting in [FS08]. Note that it is straightforward to upper bound the min-entropy loss in XW error correction: by the chain rule this is at most the bitsize of the ... |

43 | The operational meaning of min- and max-entropy
- KÖNIG, RENNER, et al.
(Show Context)
Citation Context ... Defined by ‖A‖1 := trace( √ A † A), where A † denotes the Hermitian transpose.4 NIEK J. BOUMAN AND SERGE FEHR This definition coincides with the definition introduced by Renner [Ren05], as shown by =-=[KRS09]-=-; in case of a classical E, it coincides with the classical definition of conditional min-entropy (see e.g. [DORS08]). Definition 5. A function Ext : {0, 1} n ×{0, 1} d → {0, 1} m is a (k, ε)-strong e... |

37 | Non-malleable extractors and symmetric key cryptography from weak secrets
- Dodis, Wichs
- 2009
(Show Context)
Citation Context ...ormation and W ). 12 NIEK J. BOUMAN AND SERGE FEHR 1.2. Related Work. Let n be the bitsize of the key (in our case, the session key) and k its min-entropy (in bits). It was proved by Dodis and Wichs =-=[DW09]-=- that non-interactive authentication is impossible when k ≤ n/2, even when the parties have access to local non-shared randomness, which we will assume. For a good overview of earlier work on the case... |

34 | Unconditional authenticity and privacy from an arbitrarily weak secret
- Renner, Wolf
- 2003
(Show Context)
Citation Context ... will assume. For a good overview of earlier work on the case where k > n/2, we refer to [DW09]. The first protocol for interactive authentication from arbitrarily weak keys is due to Renner and Wolf =-=[RW03]-=-. It requires Θ(ℓ) rounds of interaction to authenticate an ℓ-bit message. In [DW09], an authentication protocol from arbitrarily weak keys is described that only needs two rounds of interaction, whic... |

27 | A tight high-order entropic quantum uncertainty relation with applications - Damg̊ard, Fehr, et al. - 2007 |

26 | Leftover hashing against quantum side information,” arXiv: 1002.2436 - Tomamichel, Schaffner, et al. - 2010 |

24 | Key agreement from close secrets over unsecured channels
- Kanukurthi, Reyzin
- 2009
(Show Context)
Citation Context ...near in the security parameter). The case where Alice and Bob share highly-correlated, but possibly unequal keys – the “fuzzy” case – is addressed in [RW04] and improved upon by Kanukurthi and Reyzin =-=[KR09]-=-, but also covered by [DW09] and [CKOR10]. We stress that none of these works address the case where the weak key is obtained from a long-term key and where security of the long-term key needs to be g... |

20 | Privacy amplification with asymptotically optimal entropy loss
- Chandran, Kanukurthi, et al.
- 2010
(Show Context)
Citation Context ... message. In [DW09], an authentication protocol from arbitrarily weak keys is described that only needs two rounds of interaction, which is optimal (in terms of the number of rounds). Chandran et al. =-=[CKOR10]-=- focus on minimizing entropy loss and describe a privacy amplification protocol that is optimal with respect to entropy loss (up to constant factors). Their construction needs a linear number of round... |

18 | Trevisan’s extractor in the presence of quantum side information
- De, Portmann, et al.
(Show Context)
Citation Context ...lar techniques as [DW09], except that we replace the strong extractors that are part of the look-ahead extractor construction by extractors that are proven secure against quantum side information (by =-=[DPVR09]-=-). Depending on the parameters of an instantiation of AUTH and on the bitsize of µA, it might be beneficial, or could even be necessary, to authenticate a hash of the tuple (µA, R, S), instead of auth... |

16 | Composing quantum protocols in a classical environment - Fehr, Schaffner - 2009 |

14 | Secure identification and QKD in the bounded-quantum-storage model
- Damg̊ard, Fehr, et al.
- 2010
(Show Context)
Citation Context ...odel (more details on this application are given below). 1.4. Application. Our main application is to password-based identification in the bounded-quantumstorage model, as proposed by Damg˚ard et al. =-=[DFSS07]-=-. Two identification schemes were proposed in [DFSS07], Q-ID, which is only secure against dishonest Alice or Bob, and Q-ID +, which is also secure against against a man-in-the-middle (MITM) attack. H... |

12 | The exact price for unconditionally secure asymmetric cryptography
- Renner, Wolf
- 2004
(Show Context)
Citation Context ...r construction needs a linear number of rounds (linear in the security parameter). The case where Alice and Bob share highly-correlated, but possibly unequal keys – the “fuzzy” case – is addressed in =-=[RW04]-=- and improved upon by Kanukurthi and Reyzin [KR09], but also covered by [DW09] and [CKOR10]. We stress that none of these works address the case where the weak key is obtained from a long-term key and... |

11 |
Randomness Extraction via Delta-Biased Masking in the Presence of a Quantum Attacker,” Theory of Cryptography
- Fehr, Schaffner
- 2008
(Show Context)
Citation Context ...s that the error correcting information must not leak information about W , to preserve the privacy property. Exactly this problem is addressed in [DS05], and is generalized to the quantum setting in =-=[FS08]-=-. Note that it is straightforward to upper bound the min-entropy loss in XW error correction: by the chain rule this is at most the bitsize of the error-correction information. (and X ′ W □ ) due to 7... |

10 | Towards a Formal Definition of Security for Quantum Protocols
- Graaf
- 1997
(Show Context)
Citation Context ...’s choice of C for which Eve can guess QB reasonably well. We point out that the above intuitive reasoning involves rewinding; this is fine in the classical but fails in the quantum setting (see e.g. =-=[VDG98]-=-). Thus, in our formal security proof where we allow Eve to maintain a quantum state, we have to reason in a different way. As a consequence, in the actual protocol, Q is computed in a slightly differ... |

4 | C.: Improving the security of quantum protocols via commit-and-open - Damg̊ard, Fehr, et al. - 2009 |

1 | Fuzzy extractors: How to generate strong keys - Dodis, Ostrovsky, et al. |

1 | Privacy amplification with asymptotically optimal entropy loss - Carter, Wegman - 2010 |

1 | arXiv:0902.3918. [DFR+ 07 - Damg˚ard, Fehr, et al. - 2009 |

1 | ePrint:2003/235. [DP07] Stefan Dziembowski and Krzysztof Pietrzak. Intrusion-resilient secret sharing - Comput - 2008 |