684 research outputs found
Privacy Amplification with Asymptotically Optimal Entropy Loss
We study the problem of ``privacy amplification\u27\u27: key agreement
between two parties who both know a weak secret w, such as a
password. (Such a setting is ubiquitous on the internet, where
passwords are the most commonly used security device.) We assume
that the key agreement protocol is taking place in the presence of
an active computationally unbounded adversary Eve. The adversary may
have partial knowledge about w, so we assume only that w has
some entropy from Eve\u27s point of view. Thus, the goal of the
protocol is to convert this non-uniform secret w into a uniformly
distributed string that is fully secret from Eve. R may then
be used as a key for running symmetric cryptographic protocols (such
as encryption, authentication, etc.).
Because we make no computational assumptions, the entropy in R can
come only from w. Thus such a protocol must minimize the entropy
loss during its execution, so that R is as long as possible. The
best previous results have entropy loss of , where
is the security parameter, thus requiring the password to
be very long even for small values of . In this work, we
present the first protocol for information-theoretic key agreement
that has entropy loss LINEAR in the security parameter. The
result is optimal up to constant factors. We achieve our improvement
through a somewhat surprising application of error-correcting codes
for the edit distance.
The protocol can be extended to provide also ``information
reconciliation,\u27\u27 that is, to work even when the two parties have slightly different versions of w (for example, when biometrics are involved)
Non-Malleable Extractors and Non-Malleable Codes: Partially Optimal Constructions
The recent line of study on randomness extractors has been a great success, resulting in exciting new techniques, new connections, and breakthroughs to long standing open problems in several seemingly different topics. These include seeded non-malleable extractors, privacy amplification protocols with an active adversary, independent source extractors (and explicit Ramsey graphs), and non-malleable codes in the split state model. Previously, the best constructions are given in [Xin Li, 2017]: seeded non-malleable extractors with seed length and entropy requirement O(log n+log(1/epsilon)log log (1/epsilon)) for error epsilon; two-round privacy amplification protocols with optimal entropy loss for security parameter up to Omega(k/log k), where k is the entropy of the shared weak source; two-source extractors for entropy O(log n log log n); and non-malleable codes in the 2-split state model with rate Omega(1/log n). However, in all cases there is still a gap to optimum and the motivation to close this gap remains strong.
In this paper, we introduce a set of new techniques to further push the frontier in the above questions. Our techniques lead to improvements in all of the above questions, and in several cases partially optimal constructions. This is in contrast to all previous work, which only obtain close to optimal constructions. Specifically, we obtain:
1) A seeded non-malleable extractor with seed length O(log n)+log^{1+o(1)}(1/epsilon) and entropy requirement O(log log n+log(1/epsilon)), where the entropy requirement is asymptotically optimal by a recent result of Gur and Shinkar [Tom Gur and Igor Shinkar, 2018];
2) A two-round privacy amplification protocol with optimal entropy loss for security parameter up to Omega(k), which solves the privacy amplification problem completely;
3) A two-source extractor for entropy O((log n log log n)/(log log log n)), which also gives an explicit Ramsey graph on N vertices with no clique or independent set of size (log N)^{O((log log log N)/(log log log log N))}; and
4) The first explicit non-malleable code in the 2-split state model with constant rate, which has been a major goal in the study of non-malleable codes for quite some time. One small caveat is that the error of this code is only (an arbitrarily small) constant, but we can also achieve negligible error with rate Omega(log log log n/log log n), which already improves the rate in [Xin Li, 2017] exponentially.
We believe our new techniques can help to eventually obtain completely optimal constructions in the above questions, and may have applications in other settings
Toward Photon-Efficient Key Distribution over Optical Channels
This work considers the distribution of a secret key over an optical
(bosonic) channel in the regime of high photon efficiency, i.e., when the
number of secret key bits generated per detected photon is high. While in
principle the photon efficiency is unbounded, there is an inherent tradeoff
between this efficiency and the key generation rate (with respect to the
channel bandwidth). We derive asymptotic expressions for the optimal generation
rates in the photon-efficient limit, and propose schemes that approach these
limits up to certain approximations. The schemes are practical, in the sense
that they use coherent or temporally-entangled optical states and direct
photodetection, all of which are reasonably easy to realize in practice, in
conjunction with off-the-shelf classical codes.Comment: In IEEE Transactions on Information Theory; same version except that
labels are corrected for Schemes S-1, S-2, and S-3, which appear as S-3, S-4,
and S-5 in the Transaction
Tight Finite-Key Analysis for Quantum Cryptography
Despite enormous progress both in theoretical and experimental quantum
cryptography, the security of most current implementations of quantum key
distribution is still not established rigorously. One of the main problems is
that the security of the final key is highly dependent on the number, M, of
signals exchanged between the legitimate parties. While, in any practical
implementation, M is limited by the available resources, existing security
proofs are often only valid asymptotically for unrealistically large values of
M. Here, we demonstrate that this gap between theory and practice can be
overcome using a recently developed proof technique based on the uncertainty
relation for smooth entropies. Specifically, we consider a family of
Bennett-Brassard 1984 quantum key distribution protocols and show that security
against general attacks can be guaranteed already for moderate values of M.Comment: 11 pages, 2 figure
Practical long-distance quantum key distribution system using decoy levels
Quantum key distribution (QKD) has the potential for widespread real-world
applications. To date no secure long-distance experiment has demonstrated the
truly practical operation needed to move QKD from the laboratory to the real
world due largely to limitations in synchronization and poor detector
performance. Here we report results obtained using a fully automated, robust
QKD system based on the Bennett Brassard 1984 protocol (BB84) with low-noise
superconducting nanowire single-photon detectors (SNSPDs) and decoy levels.
Secret key is produced with unconditional security over a record 144.3 km of
optical fibre, an increase of more than a factor of five compared to the
previous record for unconditionally secure key generation in a practical QKD
system.Comment: 9 page
Non-Malleable Extractors and Codes, with their Many Tampered Extensions
Randomness extractors and error correcting codes are fundamental objects in
computer science. Recently, there have been several natural generalizations of
these objects, in the context and study of tamper resilient cryptography. These
are seeded non-malleable extractors, introduced in [DW09]; seedless
non-malleable extractors, introduced in [CG14b]; and non-malleable codes,
introduced in [DPW10].
However, explicit constructions of non-malleable extractors appear to be
hard, and the known constructions are far behind their non-tampered
counterparts.
In this paper we make progress towards solving the above problems. Our
contributions are as follows.
(1) We construct an explicit seeded non-malleable extractor for min-entropy
. This dramatically improves all previous results and gives a
simpler 2-round privacy amplification protocol with optimal entropy loss,
matching the best known result in [Li15b].
(2) We construct the first explicit non-malleable two-source extractor for
min-entropy , with output size and
error .
(3) We initiate the study of two natural generalizations of seedless
non-malleable extractors and non-malleable codes, where the sources or the
codeword may be tampered many times. We construct the first explicit
non-malleable two-source extractor with tampering degree up to
, which works for min-entropy , with
output size and error . We show that we can
efficiently sample uniformly from any pre-image. By the connection in [CG14b],
we also obtain the first explicit non-malleable codes with tampering degree
up to , relative rate , and error
.Comment: 50 pages; see paper for full abstrac
Separation of Reliability and Secrecy in Rate-Limited Secret-Key Generation
For a discrete or a continuous source model, we study the problem of
secret-key generation with one round of rate-limited public communication
between two legitimate users. Although we do not provide new bounds on the
wiretap secret-key (WSK) capacity for the discrete source model, we use an
alternative achievability scheme that may be useful for practical applications.
As a side result, we conveniently extend known bounds to the case of a
continuous source model. Specifically, we consider a sequential key-generation
strategy, that implements a rate-limited reconciliation step to handle
reliability, followed by a privacy amplification step performed with extractors
to handle secrecy. We prove that such a sequential strategy achieves the best
known bounds for the rate-limited WSK capacity (under the assumption of
degraded sources in the case of two-way communication). However, we show that,
unlike the case of rate-unlimited public communication, achieving the
reconciliation capacity in a sequential strategy does not necessarily lead to
achieving the best known bounds for the WSK capacity. Consequently, reliability
and secrecy can be treated successively but not independently, thereby
exhibiting a limitation of sequential strategies for rate-limited public
communication. Nevertheless, we provide scenarios for which reliability and
secrecy can be treated successively and independently, such as the two-way
rate-limited SK capacity, the one-way rate-limited WSK capacity for degraded
binary symmetric sources, and the one-way rate-limited WSK capacity for
Gaussian degraded sources.Comment: 18 pages, two-column, 9 figures, accepted to IEEE Transactions on
Information Theory; corrected typos; updated references; minor change in
titl
- …