7,247 research outputs found
Communication Complexity of the Secret Key Agreement in Algorithmic Information Theory
It is known that the mutual information, in the sense of Kolmogorov
complexity, of any pair of strings x and y is equal to the length of the
longest shared secret key that two parties can establish via a probabilistic
protocol with interaction on a public channel, assuming that the parties hold
as their inputs x and y respectively. We determine the worst-case communication
complexity of this problem for the setting where the parties can use private
sources of random bits. We show that for some x, y the communication complexity
of the secret key agreement does not decrease even if the parties have to agree
on a secret key whose size is much smaller than the mutual information between
x and y. On the other hand, we discuss examples of x, y such that the
communication complexity of the protocol declines gradually with the size of
the derived secret key. The proof of the main result uses spectral properties
of appropriate graphs and the expander mixing lemma, as well as information
theoretic techniques.Comment: 33 pages, 6 figures. v3: the full version of the MFCS 2020 pape
Communication Complexity of the Secret Key Agreement in Algorithmic Information Theory
It is known that the mutual information, in the sense of Kolmogorov complexity, of any pair of strings x and y is equal to the length of the longest shared secret key that two parties can establish via a probabilistic protocol with interaction on a public channel, assuming that the parties hold as their inputs x and y respectively. We determine the worst-case communication complexity of this problem for the setting where the parties can use private sources of random bits.
We show that for some x, y the communication complexity of the secret key agreement does not decrease even if the parties have to agree on a secret key the size of which is much smaller than the mutual information between x and y. On the other hand, we provide examples of x, y such that the communication complexity of the protocol declines gradually with the size of the derived secret key.
The proof of the main result uses spectral properties of appropriate graphs and the expander mixing lemma as well as various information theoretic techniques
Secret Key Agreement from Correlated Data, with No Prior Information
A fundamental question that has been studied in cryptography and in
information theory is whether two parties can communicate confidentially using
exclusively an open channel. We consider the model in which the two parties
hold inputs that are correlated in a certain sense. This model has been studied
extensively in information theory, and communication protocols have been
designed which exploit the correlation to extract from the inputs a shared
secret key. However, all the existing protocols are not universal in the sense
that they require that the two parties also know some attributes of the
correlation. In other words, they require that each party knows something about
the other party's input. We present a protocol that does not require any prior
additional information. It uses space-bounded Kolmogorov complexity to measure
correlation and it allows the two legal parties to obtain a common key that
looks random to an eavesdropper that observes the communication and is
restricted to use a bounded amount of space for the attack. Thus the protocol
achieves complexity-theoretical security, but it does not use any unproven
result from computational complexity. On the negative side, the protocol is not
efficient in the sense that the computation of the two legal parties uses more
space than the space allowed to the adversary.Comment: Several small errors have been fixed and the presentation has been
improved, following the reviewers' observation
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Tree Parity Machine Rekeying Architectures
The necessity to secure the communication between hardware components in
embedded systems becomes increasingly important with regard to the secrecy of
data and particularly its commercial use. We suggest a low-cost (i.e. small
logic-area) solution for flexible security levels and short key lifetimes. The
basis is an approach for symmetric key exchange using the synchronisation of
Tree Parity Machines. Fast successive key generation enables a key exchange
within a few milliseconds, given realistic communication channels with a
limited bandwidth. For demonstration we evaluate characteristics of a
standard-cell ASIC design realisation as IP-core in 0.18-micrometer
CMOS-technology
Computer Science and Game Theory: A Brief Survey
There has been a remarkable increase in work at the interface of computer
science and game theory in the past decade. In this article I survey some of
the main themes of work in the area, with a focus on the work in computer
science. Given the length constraints, I make no attempt at being
comprehensive, especially since other surveys are also available, and a
comprehensive survey book will appear shortly.Comment: To appear; Palgrave Dictionary of Economic
Gaming security by obscurity
Shannon sought security against the attacker with unlimited computational
powers: *if an information source conveys some information, then Shannon's
attacker will surely extract that information*. Diffie and Hellman refined
Shannon's attacker model by taking into account the fact that the real
attackers are computationally limited. This idea became one of the greatest new
paradigms in computer science, and led to modern cryptography.
Shannon also sought security against the attacker with unlimited logical and
observational powers, expressed through the maxim that "the enemy knows the
system". This view is still endorsed in cryptography. The popular formulation,
going back to Kerckhoffs, is that "there is no security by obscurity", meaning
that the algorithms cannot be kept obscured from the attacker, and that
security should only rely upon the secret keys. In fact, modern cryptography
goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there
is an algorithm that can break the system, then the attacker will surely find
that algorithm*. The attacker is not viewed as an omnipotent computer any more,
but he is still construed as an omnipotent programmer.
So the Diffie-Hellman step from unlimited to limited computational powers has
not been extended into a step from unlimited to limited logical or programming
powers. Is the assumption that all feasible algorithms will eventually be
discovered and implemented really different from the assumption that everything
that is computable will eventually be computed? The present paper explores some
ways to refine the current models of the attacker, and of the defender, by
taking into account their limited logical and programming powers. If the
adaptive attacker actively queries the system to seek out its vulnerabilities,
can the system gain some security by actively learning attacker's methods, and
adapting to them?Comment: 15 pages, 9 figures, 2 tables; final version appeared in the
Proceedings of New Security Paradigms Workshop 2011 (ACM 2011); typos
correcte
- …