Spectral approach to the communication complexity of multi-party key agreement

In multi-party key agreement protocols it is assumed that the parties are given correlated input data and should agree on a common secret key so that the eavesdropper cannot obtain any information on this key by listening to the communications between the parties. We consider the one-shot setting, when there is no ergodicity assumption on the input data. It is known that the optimal size of the secret key can be characterized in terms of the mutual information between different combinations of the input data sets, and the optimal key can be produced with the help of the omniscience protocol. However, the optimal communication complexity of this problem remains unknown. We show that the communication complexity of the omniscience protocol is optimal, at least for some complexity profiles of the input data, in the setting with restricted interaction between parties (the simultaneous messages model). We also provide some upper and lower bounds for communication complexity for other communication problems. Our proof technique combines information-theoretic inequalities and the spectral method.Comment: 18 pages, 5 figure

Breaking the quadratic barrier: Quantum cryptanalysis of Milenage, telecommunications’ cryptographic backbone

The potential advent of large-scale quantum computers in the near future poses a threat to contemporary cryptography. One ubiquitous usage of cryptography is currently present in the vibrant field of cellular networks. The cryptography of cellular networks is centered around seven secret-key algorithms $f_1, \ldots, f_5, f_1^{*}, f_5^{*}$, aggregated into an authentication and key agreement algorithm set. Still, to the best of our knowledge, these secret key algorithms have not yet been subject to quantum cryptanalysis. Instead, many quantum security considerations for telecommunication networks argue that the threat posed by quantum computers is restricted to public-key cryptography. However, various recent works have presented quantum attacks on secret key cryptography that exploit quantum period finding to achieve more than a quadratic speedup compared to the best known classical attacks. Motivated by this quantum threat to symmetric cryptography, this paper presents a quantum cryptanalysis for the Milenage algorithm set, the prevalent instantiation of the seven secret-key $f_1, \ldots, f_5, f_1^{*}, f_5^{*}$ algorithms that underpin cellular security. Building upon recent quantum cryptanalytic results, we show attacks that go beyond a quadratic speedup. Concretely, we provide quantum attack scenarios for all Milenage algorithms, including exponential speedups when the attacker is allowed to issue superposition queries. Our results do not constitute a quantum break of the Milenage algorithms, but they do show that Milenage suffers from structural weaknesses making it susceptible to quantum attacks

Attacks to a proxy-mediated key agreement protocol based on symmetric encryption

In this paper, we describe several attacks to the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term weak secrets as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the corresponding secret keys. In our work, we show how access to weak secrets can break forward security and lead to key compromise impersonation attacks. Moreover, we demonstrate that this problem cannot be solved even if the affected user revokes his previous secret key and updates it to a new one. In addition, we explain how the choice of a keyed hash as part of the protocol makes it potentially vulnerable to length-extension attacks, depending on the choice of hash function. We illustrate this latter problem experimentally. Finally, we show how a combination of these exploits can be used to set up elaborate attack scenarios

Fundamental limits on key rates in device-independent quantum key distribution

In this paper, we introduce intrinsic non-locality as a quantifier for Bell non-locality, and we prove that it satisfies certain desirable properties such as faithfulness, convexity, and monotonicity under local operations and shared randomness. We then prove that intrinsic non-locality is an upper bound on the secret-key-agreement capacity of any device-independent protocol conducted using a device characterized by a correlation $p$. We also prove that intrinsic steerability is an upper bound on the secret-key-agreement capacity of any semi-device-independent protocol conducted using a device characterized by an assemblage $\hat{\rho}$. We also establish the faithfulness of intrinsic steerability and intrinsic non-locality. Finally, we prove that intrinsic non-locality is bounded from above by intrinsic steerability.Comment: 44 pages, 4 figures, final version accepted for publication in New Journal of Physic

Semi-quantum communication: Protocols for key agreement, controlled secure direct communication and dialogue

Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Further, it addresses a fundamental question in context of a large number problems- how much quantumness is (how many quantum parties are) required to perform a specific secure communication task? Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate-coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.Comment: 19 pages 1 figur

Cryptanalysis of three matrix-based key establishment protocols

We cryptanalyse a matrix-based key transport protocol due to Baumslag, Camps, Fine, Rosenberger and Xu from 2006. We also cryptanalyse two recently proposed matrix-based key agreement protocols, due to Habeeb, Kahrobaei and Shpilrain, and due to Romanczuk and Ustimenko.Comment: 9 page

Key Distillation and the Secret-Bit Fraction

We consider distillation of secret bits from partially secret noisy correlations P_ABE, shared between two honest parties and an eavesdropper. The most studied distillation scenario consists of joint operations on a large number of copies of the distribution (P_ABE)^N, assisted with public communication. Here we consider distillation with only one copy of the distribution, and instead of rates, the 'quality' of the distilled secret bits is optimized, where the 'quality' is quantified by the secret-bit fraction of the result. The secret-bit fraction of a binary distribution is the proportion which constitutes a secret bit between Alice and Bob. With local operations and public communication the maximal extractable secret-bit fraction from a distribution P_ABE is found, and is denoted by Lambda[P_ABE]. This quantity is shown to be nonincreasing under local operations and public communication, and nondecreasing under eavesdropper's local operations: it is a secrecy monotone. It is shown that if Lambda[P_ABE]>1/2 then P_ABE is distillable, thus providing a sufficient condition for distillability. A simple expression for Lambda[P_ABE] is found when the eavesdropper is decoupled, and when the honest parties' information is binary and the local operations are reversible. Intriguingly, for general distributions the (optimal) operation requires local degradation of the data.Comment: 12 page

Secret Key Agreement from Correlated Data, with No Prior Information

A fundamental question that has been studied in cryptography and in information theory is whether two parties can communicate confidentially using exclusively an open channel. We consider the model in which the two parties hold inputs that are correlated in a certain sense. This model has been studied extensively in information theory, and communication protocols have been designed which exploit the correlation to extract from the inputs a shared secret key. However, all the existing protocols are not universal in the sense that they require that the two parties also know some attributes of the correlation. In other words, they require that each party knows something about the other party's input. We present a protocol that does not require any prior additional information. It uses space-bounded Kolmogorov complexity to measure correlation and it allows the two legal parties to obtain a common key that looks random to an eavesdropper that observes the communication and is restricted to use a bounded amount of space for the attack. Thus the protocol achieves complexity-theoretical security, but it does not use any unproven result from computational complexity. On the negative side, the protocol is not efficient in the sense that the computation of the two legal parties uses more space than the space allowed to the adversary.Comment: Several small errors have been fixed and the presentation has been improved, following the reviewers' observation