Security of almost ALL discrete log bits

Let G be a finite cyclic group with generator \alpha and with an encoding so that multiplication is computable in polynomial time. We study the security of bits of the discrete log x when given \exp_{\alpha}(x), assuming that the exponentiation function \exp_{\alpha}(x) = \alpha^x is one-way. We reduce he general problem to the case that G has odd order q. If G has odd order q the security of the least-significant bits of x and of the most significant bits of the rational number \frac{x}{q} \in [0,1) follows from the work of Peralta [P85] and Long and Wigderson [LW88]. We generalize these bits and study the security of consecutive shift bits lsb(2^{-i}x mod q) for i=k+1,...,k+j. When we restrict \exp_{\alpha} to arguments x such that some sequence of j consecutive shift bits of x is constant (i.e., not depending on x) we call it a 2^{-j}-fraction of \exp_{\alpha}. For groups of odd group order q we show that every two 2^{-j}-fractions of \exp_{\alpha} are equally one-way by a polynomial time transformation: Either they are all one-way or none of them. Our key theorem shows that arbitrary j consecutive shift bits of x are simultaneously secure when given \exp_{\alpha}(x) iff the 2^{-j}-fractions of \exp_{\alpha} are one-way. In particular this applies to the j least-significant bits of x and to the j most-significant bits of \frac{x}{q} \in [0,1). For one-way \exp_{\alpha} the individual bits of x are secure when given \exp_{\alpha}(x) by the method of Hastad, N\"aslund [HN98]. For groups of even order 2^{s}q we show that the j least-significant bits of \lfloor x/2^s\rfloor, as well as the j most-significant bits of \frac{x}{q} \in [0,1), are simultaneously secure iff the 2^{-j}-fractions of \exp_{\alpha'} are one-way for \alpha' := \alpha^{2^s}. We use and extend the models of generic algorithms of Nechaev (1994) and Shoup (1997). We determine the generic complexity of inverting fractions of \exp_{\alpha} for the case that \alpha has prime order q. As a consequence, arbitrary segments of (1-\varepsilon)\lg q consecutive shift bits of random x are for constant \varepsilon >0 simultaneously secure against generic attacks. Every generic algorithm using $t$ generic steps (group operations) for distinguishing bit strings of j consecutive shift bits of x from random bit strings has at most advantage O((\lg q) j\sqrt{t} (2^j/q)^{\frac14})

Achieving Secrecy Capacity of the Gaussian Wiretap Channel with Polar Lattices

In this work, an explicit wiretap coding scheme based on polar lattices is proposed to achieve the secrecy capacity of the additive white Gaussian noise (AWGN) wiretap channel. Firstly, polar lattices are used to construct secrecy-good lattices for the mod-$\Lambda_s$ Gaussian wiretap channel. Then we propose an explicit shaping scheme to remove this mod-$\Lambda_s$ front end and extend polar lattices to the genuine Gaussian wiretap channel. The shaping technique is based on the lattice Gaussian distribution, which leads to a binary asymmetric channel at each level for the multilevel lattice codes. By employing the asymmetric polar coding technique, we construct an AWGN-good lattice and a secrecy-good lattice with optimal shaping simultaneously. As a result, the encoding complexity for the sender and the decoding complexity for the legitimate receiver are both O(N logN log(logN)). The proposed scheme is proven to be semantically secure.Comment: Submitted to IEEE Trans. Information Theory, revised. This is the authors' own version of the pape

Implementation of Quantum Key Distribution with Composable Security Against Coherent Attacks using Einstein-Podolsky-Rosen Entanglement

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution (QKD) this is achieved without relying on the hardness of mathematical problems which might be compromised by improved algorithms or by future quantum computers. State-of-the-art QKD requires composable security against coherent attacks for a finite number of samples. Here, we present the first implementation of QKD satisfying this requirement and additionally achieving security which is independent of any possible flaws in the implementation of the receiver. By distributing strongly Einstein-Podolsky-Rosen entangled continuous variable (CV) light in a table-top arrangement, we generated secret keys using a highly efficient error reconciliation algorithm. Since CV encoding is compatible with conventional optical communication technology, we consider our work to be a major promotion for commercialized QKD providing composable security against the most general channel attacks.Comment: 7 pages, 3 figure

Covert Bits Through Queues

We consider covert communication using a queuing timing channel in the presence of a warden. The covert message is encoded using the inter-arrival times of the packets, and the legitimate receiver and the warden observe the inter-departure times of the packets from their respective queues. The transmitter and the legitimate receiver also share a secret key to facilitate covert communication. We propose achievable schemes that obtain non-zero covert rate for both exponential and general queues when a sufficiently high rate secret key is available. This is in contrast to other channel models such as the Gaussian channel or the discrete memoryless channel where only $\mathcal{O}(\sqrt{n})$ covert bits can be sent over $n$ channel uses, yielding a zero covert rate.Comment: To appear at IEEE CNS, October 201

Secrecy in the 2-User Symmetric Deterministic Interference Channel with Transmitter Cooperation

This work presents novel achievable schemes for the 2-user symmetric linear deterministic interference channel with limited-rate transmitter cooperation and perfect secrecy constraints at the receivers. The proposed achievable scheme consists of a combination of interference cancelation, relaying of the other user's data bits, time sharing, and transmission of random bits, depending on the rate of the cooperative link and the relative strengths of the signal and the interference. The results show, for example, that the proposed scheme achieves the same rate as the capacity without the secrecy constraints, in the initial part of the weak interference regime. Also, sharing random bits through the cooperative link can achieve a higher secrecy rate compared to sharing data bits, in the very high interference regime. The results highlight the importance of limited transmitter cooperation in facilitating secure communications over 2-user interference channels.Comment: 5 pages, submitted to SPAWC 201

Hiding Symbols and Functions: New Metrics and Constructions for Information-Theoretic Security

We present information-theoretic definitions and results for analyzing symmetric-key encryption schemes beyond the perfect secrecy regime, i.e. when perfect secrecy is not attained. We adopt two lines of analysis, one based on lossless source coding, and another akin to rate-distortion theory. We start by presenting a new information-theoretic metric for security, called symbol secrecy, and derive associated fundamental bounds. We then introduce list-source codes (LSCs), which are a general framework for mapping a key length (entropy) to a list size that an eavesdropper has to resolve in order to recover a secret message. We provide explicit constructions of LSCs, and demonstrate that, when the source is uniformly distributed, the highest level of symbol secrecy for a fixed key length can be achieved through a construction based on minimum-distance separable (MDS) codes. Using an analysis related to rate-distortion theory, we then show how symbol secrecy can be used to determine the probability that an eavesdropper correctly reconstructs functions of the original plaintext. We illustrate how these bounds can be applied to characterize security properties of symmetric-key encryption schemes, and, in particular, extend security claims based on symbol secrecy to a functional setting.Comment: Submitted to IEEE Transactions on Information Theor