Separation of Reliability and Secrecy in Rate-Limited Secret-Key Generation

For a discrete or a continuous source model, we study the problem of secret-key generation with one round of rate-limited public communication between two legitimate users. Although we do not provide new bounds on the wiretap secret-key (WSK) capacity for the discrete source model, we use an alternative achievability scheme that may be useful for practical applications. As a side result, we conveniently extend known bounds to the case of a continuous source model. Specifically, we consider a sequential key-generation strategy, that implements a rate-limited reconciliation step to handle reliability, followed by a privacy amplification step performed with extractors to handle secrecy. We prove that such a sequential strategy achieves the best known bounds for the rate-limited WSK capacity (under the assumption of degraded sources in the case of two-way communication). However, we show that, unlike the case of rate-unlimited public communication, achieving the reconciliation capacity in a sequential strategy does not necessarily lead to achieving the best known bounds for the WSK capacity. Consequently, reliability and secrecy can be treated successively but not independently, thereby exhibiting a limitation of sequential strategies for rate-limited public communication. Nevertheless, we provide scenarios for which reliability and secrecy can be treated successively and independently, such as the two-way rate-limited SK capacity, the one-way rate-limited WSK capacity for degraded binary symmetric sources, and the one-way rate-limited WSK capacity for Gaussian degraded sources.Comment: 18 pages, two-column, 9 figures, accepted to IEEE Transactions on Information Theory; corrected typos; updated references; minor change in titl

Extracting All the Randomness from a Weakly Random Source

In this paper, we give two explicit constructions of extractors, both of which work for a source of any min-entropy on strings of length n. The first extracts any constant fraction of the min-entropy using O(log 2 n) additional random bits. The second extracts all the min-entropy using O(log 3 n) additional random bits. Both constructions use fewer truly random bits than any previous construction which works for all min-entropies and extracts a constant fraction of the min-entropy. The extractors are obtained by observing that a weaker notion of "combinatorial design" suffices for the Nisan--Wigderson pseudorandom generator [NW94], which underlies the recent extractor of Trevisan [Tre98]. We give near-optimal constructions of such "weak designs" which achieve much better parameters than possible with the notion of designs used by Nisan--Wigderson and Trevisan. 1 Introduction Roughly speaking, an extractor is a function which extracts truly random bits from a weakly random source,..

Information-theoretic security under computational, bandwidth, and randomization constraints

The objective of the proposed research is to develop and analyze coding schemes for information-theoretic security, which could bridge a gap between theory an practice. We focus on two fundamental models for information-theoretic security: secret-key generation for a source model and secure communication over the wire-tap channel. Many results for these models only provide existence of codes, and few attempts have been made to design practical schemes. The schemes we would like to propose should account for practical constraints. Specifically, we formulate the following constraints to avoid oversimplifying the problems. We should assume: (1) computationally bounded legitimate users and not solely rely on proofs showing existence of code with exponential complexity in the block-length; (2) a rate-limited public communication channel for the secret-key generation model, to account for bandwidth constraints; (3) a non-uniform and rate-limited source of randomness at the encoder for the wire-tap channel model, since a perfectly uniform and rate-unlimited source of randomness might be an expensive resource. Our work focuses on developing schemes for secret-key generation and the wire-tap channel that satisfy subsets of the aforementioned constraints.Ph.D