57 research outputs found
Separation of Reliability and Secrecy in Rate-Limited Secret-Key Generation
For a discrete or a continuous source model, we study the problem of
secret-key generation with one round of rate-limited public communication
between two legitimate users. Although we do not provide new bounds on the
wiretap secret-key (WSK) capacity for the discrete source model, we use an
alternative achievability scheme that may be useful for practical applications.
As a side result, we conveniently extend known bounds to the case of a
continuous source model. Specifically, we consider a sequential key-generation
strategy, that implements a rate-limited reconciliation step to handle
reliability, followed by a privacy amplification step performed with extractors
to handle secrecy. We prove that such a sequential strategy achieves the best
known bounds for the rate-limited WSK capacity (under the assumption of
degraded sources in the case of two-way communication). However, we show that,
unlike the case of rate-unlimited public communication, achieving the
reconciliation capacity in a sequential strategy does not necessarily lead to
achieving the best known bounds for the WSK capacity. Consequently, reliability
and secrecy can be treated successively but not independently, thereby
exhibiting a limitation of sequential strategies for rate-limited public
communication. Nevertheless, we provide scenarios for which reliability and
secrecy can be treated successively and independently, such as the two-way
rate-limited SK capacity, the one-way rate-limited WSK capacity for degraded
binary symmetric sources, and the one-way rate-limited WSK capacity for
Gaussian degraded sources.Comment: 18 pages, two-column, 9 figures, accepted to IEEE Transactions on
Information Theory; corrected typos; updated references; minor change in
titl
Algebraic Restriction Codes and Their Applications
Consider the following problem: You have a device that is supposed to compute a linear combination of its inputs, which are taken from some finite field. However, the device may be faulty and compute arbitrary functions of its inputs. Is it possible to encode the inputs in such a way that only linear functions can be evaluated over the encodings? I.e., learning an arbitrary function of the encodings will not reveal more information about the inputs than a linear combination.
In this work, we introduce the notion of algebraic restriction codes (AR codes), which constrain adversaries who might compute any function to computing a linear function. Our main result is an information-theoretic construction AR codes that restrict any class of function with a bounded number of output bits to linear functions. Our construction relies on a seed which is not provided to the adversary.
While interesting and natural on its own, we show an application of this notion in cryptography. In particular, we show that AR codes lead to the first construction of rate-1 oblivious transfer with statistical sender security from the Decisional Diffie-Hellman assumption, and the first-ever construction that makes black-box use of cryptography. Previously, such protocols were known only from the LWE assumption, using non-black-box cryptographic techniques. We expect our new notion of AR codes to find further applications, e.g., in the context of non-malleability, in the future
Two Source Extractors for Asymptotically Optimal Entropy, and (Many) More
A long line of work in the past two decades or so established close
connections between several different pseudorandom objects and applications.
These connections essentially show that an asymptotically optimal construction
of one central object will lead to asymptotically optimal solutions to all the
others. However, despite considerable effort, previous works can get close but
still lack one final step to achieve truly asymptotically optimal
constructions.
In this paper we provide the last missing link, thus simultaneously achieving
explicit, asymptotically optimal constructions and solutions for various well
studied extractors and applications, that have been the subjects of long lines
of research. Our results include:
Asymptotically optimal seeded non-malleable extractors, which in turn give
two source extractors for asymptotically optimal min-entropy of ,
explicit constructions of -Ramsey graphs on vertices with , and truly optimal privacy amplification protocols with an active adversary.
Two source non-malleable extractors and affine non-malleable extractors for
some linear min-entropy with exponentially small error, which in turn give the
first explicit construction of non-malleable codes against -split state
tampering and affine tampering with constant rate and \emph{exponentially}
small error.
Explicit extractors for affine sources, sumset sources, interleaved sources,
and small space sources that achieve asymptotically optimal min-entropy of
or (for space sources).
An explicit function that requires strongly linear read once branching
programs of size , which is optimal up to the constant in
. Previously, even for standard read once branching programs, the
best known size lower bound for an explicit function is .Comment: Fixed some minor error
Non-Malleable Extractors and Non-Malleable Codes: Partially Optimal Constructions
The recent line of study on randomness extractors has been a great success, resulting in exciting new techniques, new connections, and breakthroughs to long standing open problems in several seemingly different topics. These include seeded non-malleable extractors, privacy amplification protocols with an active adversary, independent source extractors (and explicit Ramsey graphs), and non-malleable codes in the split state model. Previously, the best constructions are given in [Xin Li, 2017]: seeded non-malleable extractors with seed length and entropy requirement O(log n+log(1/epsilon)log log (1/epsilon)) for error epsilon; two-round privacy amplification protocols with optimal entropy loss for security parameter up to Omega(k/log k), where k is the entropy of the shared weak source; two-source extractors for entropy O(log n log log n); and non-malleable codes in the 2-split state model with rate Omega(1/log n). However, in all cases there is still a gap to optimum and the motivation to close this gap remains strong.
In this paper, we introduce a set of new techniques to further push the frontier in the above questions. Our techniques lead to improvements in all of the above questions, and in several cases partially optimal constructions. This is in contrast to all previous work, which only obtain close to optimal constructions. Specifically, we obtain:
1) A seeded non-malleable extractor with seed length O(log n)+log^{1+o(1)}(1/epsilon) and entropy requirement O(log log n+log(1/epsilon)), where the entropy requirement is asymptotically optimal by a recent result of Gur and Shinkar [Tom Gur and Igor Shinkar, 2018];
2) A two-round privacy amplification protocol with optimal entropy loss for security parameter up to Omega(k), which solves the privacy amplification problem completely;
3) A two-source extractor for entropy O((log n log log n)/(log log log n)), which also gives an explicit Ramsey graph on N vertices with no clique or independent set of size (log N)^{O((log log log N)/(log log log log N))}; and
4) The first explicit non-malleable code in the 2-split state model with constant rate, which has been a major goal in the study of non-malleable codes for quite some time. One small caveat is that the error of this code is only (an arbitrarily small) constant, but we can also achieve negligible error with rate Omega(log log log n/log log n), which already improves the rate in [Xin Li, 2017] exponentially.
We believe our new techniques can help to eventually obtain completely optimal constructions in the above questions, and may have applications in other settings
Extractors: Low Entropy Requirements Colliding With Non-Malleability
The known constructions of negligible error (non-malleable) two-source
extractors can be broadly classified in three categories:
(1) Constructions where one source has min-entropy rate about , the
other source can have small min-entropy rate, but the extractor doesn't
guarantee non-malleability.
(2) Constructions where one source is uniform, and the other can have small
min-entropy rate, and the extractor guarantees non-malleability when the
uniform source is tampered.
(3) Constructions where both sources have entropy rate very close to and
the extractor guarantees non-malleability against the tampering of both
sources.
We introduce a new notion of collision resistant extractors and in using it
we obtain a strong two source non-malleable extractor where we require the
first source to have entropy rate and the other source can have
min-entropy polylogarithmic in the length of the source.
We show how the above extractor can be applied to obtain a non-malleable
extractor with output rate , which is optimal. We also show how, by
using our extractor and extending the known protocol, one can obtain a privacy
amplification secure against memory tampering where the size of the secret
output is almost optimal
08491 Abstracts Collection -- Theoretical Foundations of Practical Information Security
From 30.11. to 05.12.2008, the Dagstuhl Seminar 08491 ``Theoretical Foundations of Practical Information Security \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
- …