46 research outputs found
Polynomial-Time, Semantically-Secure Encryption Achieving the Secrecy Capacity
In the wiretap channel setting, one aims to get information-theoretic privacy
of communicated data based only on the assumption that the channel from sender
to receiver is noisier than the one from sender to adversary. The secrecy
capacity is the optimal (highest possible) rate of a secure scheme, and the
existence of schemes achieving it has been shown. For thirty years the ultimate
and unreached goal has been to achieve this optimal rate with a scheme that is
polynomial-time. (This means both encryption and decryption are proven
polynomial time algorithms.) This paper finally delivers such a scheme. In fact
it does more. Our scheme not only meets the classical notion of security from
the wiretap literature, called MIS-R (mutual information security for random
messages) but achieves the strictly stronger notion of semantic security, thus
delivering more in terms of security without loss of rate
Coding Schemes for Achieving Strong Secrecy at Negligible Cost
We study the problem of achieving strong secrecy over wiretap channels at
negligible cost, in the sense of maintaining the overall communication rate of
the same channel without secrecy constraints. Specifically, we propose and
analyze two source-channel coding architectures, in which secrecy is achieved
by multiplexing public and confidential messages. In both cases, our main
contribution is to show that secrecy can be achieved without compromising
communication rate and by requiring only randomness of asymptotically vanishing
rate. Our first source-channel coding architecture relies on a modified wiretap
channel code, in which randomization is performed using the output of a source
code. In contrast, our second architecture relies on a standard wiretap code
combined with a modified source code termed uniform compression code, in which
a small shared secret seed is used to enhance the uniformity of the source code
output. We carry out a detailed analysis of uniform compression codes and
characterize the optimal size of the shared seed.Comment: 15 pages, two-column, 5 figures, accepted to IEEE Transactions on
Information Theor
Applications of Derandomization Theory in Coding
Randomized techniques play a fundamental role in theoretical computer science
and discrete mathematics, in particular for the design of efficient algorithms
and construction of combinatorial objects. The basic goal in derandomization
theory is to eliminate or reduce the need for randomness in such randomized
constructions. In this thesis, we explore some applications of the fundamental
notions in derandomization theory to problems outside the core of theoretical
computer science, and in particular, certain problems related to coding theory.
First, we consider the wiretap channel problem which involves a communication
system in which an intruder can eavesdrop a limited portion of the
transmissions, and construct efficient and information-theoretically optimal
communication protocols for this model. Then we consider the combinatorial
group testing problem. In this classical problem, one aims to determine a set
of defective items within a large population by asking a number of queries,
where each query reveals whether a defective item is present within a specified
group of items. We use randomness condensers to explicitly construct optimal,
or nearly optimal, group testing schemes for a setting where the query outcomes
can be highly unreliable, as well as the threshold model where a query returns
positive if the number of defectives pass a certain threshold. Finally, we
design ensembles of error-correcting codes that achieve the
information-theoretic capacity of a large class of communication channels, and
then use the obtained ensembles for construction of explicit capacity achieving
codes.
[This is a shortened version of the actual abstract in the thesis.]Comment: EPFL Phd Thesi
Adversarial Wiretap Channel with Public Discussion
Wyner's elegant model of wiretap channel exploits noise in the communication
channel to provide perfect secrecy against a computationally unlimited
eavesdropper without requiring a shared key. We consider an adversarial model
of wiretap channel proposed in [18,19] where the adversary is active: it
selects a fraction of the transmitted codeword to eavesdrop and a
fraction of the codeword to corrupt by "adding" adversarial error. It
was shown that this model also captures network adversaries in the setting of
1-round Secure Message Transmission [8]. It was proved that secure
communication (1-round) is possible if and only if .
In this paper we show that by allowing communicants to have access to a
public discussion channel (authentic communication without secrecy) secure
communication becomes possible even if . We formalize the
model of \awtppd protocol and for two efficiency measures, {\em information
rate } and {\em message round complexity} derive tight bounds. We also
construct a rate optimal protocol family with minimum number of message rounds.
We show application of these results to Secure Message Transmission with Public
Discussion (SMT-PD), and in particular show a new lower bound on transmission
rate of these protocols together with a new construction of an optimal SMT-PD
protocol
Achieving Secrecy Capacity of the Gaussian Wiretap Channel with Polar Lattices
In this work, an explicit wiretap coding scheme based on polar lattices is
proposed to achieve the secrecy capacity of the additive white Gaussian noise
(AWGN) wiretap channel. Firstly, polar lattices are used to construct
secrecy-good lattices for the mod- Gaussian wiretap channel. Then we
propose an explicit shaping scheme to remove this mod- front end and
extend polar lattices to the genuine Gaussian wiretap channel. The shaping
technique is based on the lattice Gaussian distribution, which leads to a
binary asymmetric channel at each level for the multilevel lattice codes. By
employing the asymmetric polar coding technique, we construct an AWGN-good
lattice and a secrecy-good lattice with optimal shaping simultaneously. As a
result, the encoding complexity for the sender and the decoding complexity for
the legitimate receiver are both O(N logN log(logN)). The proposed scheme is
proven to be semantically secure.Comment: Submitted to IEEE Trans. Information Theory, revised. This is the
authors' own version of the pape
Separation of Reliability and Secrecy in Rate-Limited Secret-Key Generation
For a discrete or a continuous source model, we study the problem of
secret-key generation with one round of rate-limited public communication
between two legitimate users. Although we do not provide new bounds on the
wiretap secret-key (WSK) capacity for the discrete source model, we use an
alternative achievability scheme that may be useful for practical applications.
As a side result, we conveniently extend known bounds to the case of a
continuous source model. Specifically, we consider a sequential key-generation
strategy, that implements a rate-limited reconciliation step to handle
reliability, followed by a privacy amplification step performed with extractors
to handle secrecy. We prove that such a sequential strategy achieves the best
known bounds for the rate-limited WSK capacity (under the assumption of
degraded sources in the case of two-way communication). However, we show that,
unlike the case of rate-unlimited public communication, achieving the
reconciliation capacity in a sequential strategy does not necessarily lead to
achieving the best known bounds for the WSK capacity. Consequently, reliability
and secrecy can be treated successively but not independently, thereby
exhibiting a limitation of sequential strategies for rate-limited public
communication. Nevertheless, we provide scenarios for which reliability and
secrecy can be treated successively and independently, such as the two-way
rate-limited SK capacity, the one-way rate-limited WSK capacity for degraded
binary symmetric sources, and the one-way rate-limited WSK capacity for
Gaussian degraded sources.Comment: 18 pages, two-column, 9 figures, accepted to IEEE Transactions on
Information Theory; corrected typos; updated references; minor change in
titl
Achievable secrecy enchancement through joint encryption and privacy amplification
In this dissertation we try to achieve secrecy enhancement in communications by resorting to both cryptographic and information theoretic secrecy tools and metrics. Our objective is to unify tools and measures from cryptography community with techniques and metrics from information theory community that are utilized to provide privacy and confidentiality in communication systems. For this purpose we adopt encryption techniques accompanied with privacy amplification tools in order to achieve secrecy goals that are determined based on information theoretic and cryptographic metrics. Every secrecy scheme relies on a certain advantage for legitimate users over adversaries viewed as an asymmetry in the system to deliver the required security for data transmission. In all of the proposed schemes in this dissertation, we resort to either inherently existing asymmetry in the system or proactively created advantage for legitimate users over a passive eavesdropper to further enhance secrecy of the communications. This advantage is manipulated by means of privacy amplification and encryption tools to achieve secrecy goals for the system evaluated based on information theoretic and cryptographic metrics. In our first work discussed in Chapter 2 and the third work explained in Chapter 4, we rely on a proactively established advantage for legitimate users based on eavesdropperâs lack of knowledge about a shared source of data. Unlike these works that assume an errorfree physical channel, in the second work discussed in Chapter 3 correlated erasure wiretap channel model is considered. This work relies on a passive and internally existing advantage for legitimate users that is built upon statistical and partial independence of eavesdropperâs channel errors from the errors in the main channel. We arrive at this secrecy advantage for legitimate users by exploitation of an authenticated but insecure feedback channel. From the perspective of the utilized tools, the first work discussed in Chapter 2 considers a specific scenario where secrecy enhancement of a particular block cipher called Data Encryption standard (DES) operating in cipher feedback mode (CFB) is studied. This secrecy enhancement is achieved by means of deliberate noise injection and wiretap channel encoding as a technique for privacy amplification against a resource constrained eavesdropper. Compared to the first work, the third work considers a more general framework in terms of both metrics and secrecy tools. This work studies secrecy enhancement of a general cipher based on universal hashing as a privacy amplification technique against an unbounded adversary. In this work, we have achieved the goal of exponential secrecy where information leakage to adversary, that is assessed in terms of mutual information as an information theoretic measure and Eveâs distinguishability as a cryptographic metric, decays at an exponential rate. In the second work generally encrypted data frames are transmitted through Automatic Repeat reQuest (ARQ) protocol to generate a common random source between legitimate users that later on is transformed into information theoretically secure keys for encryption by means of privacy amplification based on universal hashing. Towards the end, future works as an extension of the accomplished research in this dissertation are outlined. Proofs of major theorems and lemmas are presented in the Appendix
Polar Coding for Achieving the Capacity of Marginal Channels in Nonbinary-Input Setting
Achieving information-theoretic security using explicit coding scheme in
which unlimited computational power for eavesdropper is assumed, is one of the
main topics is security consideration. It is shown that polar codes are
capacity achieving codes and have a low complexity in encoding and decoding. It
has been proven that polar codes reach to secrecy capacity in the binary-input
wiretap channels in symmetric settings for which the wiretapper's channel is
degraded with respect to the main channel. The first task of this paper is to
propose a coding scheme to achieve secrecy capacity in asymmetric
nonbinary-input channels while keeping reliability and security conditions
satisfied. Our assumption is that the wiretap channel is stochastically
degraded with respect to the main channel and message distribution is
unspecified. The main idea is to send information set over good channels for
Bob and bad channels for Eve and send random symbols for channels that are good
for both. In this scheme the frozen vector is defined over all possible choices
using polar codes ensemble concept. We proved that there exists a frozen vector
for which the coding scheme satisfies reliability and security conditions. It
is further shown that uniform distribution of the message is the necessary
condition for achieving secrecy capacity.Comment: Accepted to be published in "51th Conference on Information Sciences
and Systems", Baltimore, Marylan