Results

**1 - 3**of**3**### Distributing Secret Keys with Quantum Continuous Variables: Principle, Security and Implementations

- ENTROPY
, 2015

"... ..."

### Direct Proof of Security of Wegman-Carter Authentication with Partially Known Key

"... Abstract. Information-theoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman&Carter, in the case of partially known authentication key. This scheme uses a new authentication key in ..."

Abstract
- Add to MetaCart

(Show Context)
Abstract. Information-theoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman&Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal2 hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the Universal Composability (UC) framework. We find that if the authentication procedure has a failure probability ε and the authentication key has an ε ′ trace distance to the uniform, then under ITS, the adversary’s success probability conditioned on an authentic message-tag pair is only bounded by ε + |T |ε ′ , where |T | is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to |T |ε ′ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than ε + ε ′. This proves that the scheme is (ε + ε ′)-UC-secure, without using the composability theorem.

### Design and Analysis of Information-Theoretically Secure Authentication Codes with Non-Uniformly Random Keys

"... The authentication code (A-code) is the one of the most fundamental cryptographic protocols in information-theoretic cryptography, and it provides information-theoretic integrity or authenticity, i.e., preventing information from being altered or substituted by the adversary having unbounded computa ..."

Abstract
- Add to MetaCart

(Show Context)
The authentication code (A-code) is the one of the most fundamental cryptographic protocols in information-theoretic cryptography, and it provides information-theoretic integrity or authenticity, i.e., preventing information from being altered or substituted by the adversary having unbounded computational powers. In addition, it has a wide range of applications such as multiparty compu-tations and quantum key distribution protocols. The traditional A-code theory states that a good A-code is characterized as an A-code which satises equality of a lower bound on size of secret-keys, i.e., an A-code satisfying |K | = ϵ−2, where |K | is cardinality of the set of secret-keys and ϵ is the success probability of attacks of the adversary. However, good A-codes imply that secret-keys must be uniformly distributed. Therefore, if a non-uniformly random key is given, we cannot realize a good A-code by using it as a secret-key. Then, a natural question about this is: what is a good A-code having non-uniformly random keys? And, how can we design such a good A-code having non-uniformly random keys? To answer the questions, in this paper, we perform analysis of A-codes having non-uniformly random keys, and show the principle that guides the design for such good A-codes.