259 research outputs found
Deep Random based Key Exchange protocol resisting unlimited MITM
We present a protocol enabling two legitimate partners sharing an initial
secret to mutually authenticate and to exchange an encryption session key. The
opponent is an active Man In The Middle (MITM) with unlimited computation and
storage capacities. The resistance to unlimited MITM is obtained through the
combined use of Deep Random secrecy, formerly introduced and proved as
unconditionally secure against passive opponent for key exchange, and universal
hashing techniques. We prove the resistance to MITM interception attacks, and
show that (i) upon successful completion, the protocol leaks no residual
information about the current value of the shared secret to the opponent, and
(ii) that any unsuccessful completion is detectable by the legitimate partners.
We also discuss implementation techniques.Comment: 14 pages. V2: Updated reminder in the formalism of Deep Random
assumption. arXiv admin note: text overlap with arXiv:1611.01683,
arXiv:1507.0825
Information-Theoretic Secret-Key Agreement: The Asymptotically Tight Relation Between the Secret-Key Rate and the Channel Quality Ratio
Information-theoretically secure secret-key agreement between two parties Alice and Bob is a well-studied problem that is provably impossible in a plain model with public (authenticated) communication, but is known to be possible in a model where the parties also have access to some correlated randomness. One particular type of such correlated randomness is the so-called satellite setting, where a source of uniform random bits (e.g., sent by a satellite) is received by the parties and the adversary Eve over inherently noisy channels. The antenna size determines the error probability, and the antenna is the adversary\u27s limiting resource much as computing power is the limiting resource in traditional complexity-based security. The natural assumption about the adversary is that her antenna is at most times larger than both Alice\u27s and Bob\u27s antenna, where, to be realistic, can be very large.
The goal of this paper is to characterize the secret-key rate per transmitted bit in terms of . Traditional results in this so-called satellite setting are phrased in terms of the error probabilities , , and , of the binary symmetric channels through which the parties receive the bits and, quite surprisingly, the secret-key rate has been shown to be strictly positive unless Eve\u27s channel is perfect () or either Alice\u27s or Bob\u27s channel output is independent of the transmitted bit (i.e., or ). However, the best proven lower bound, if interpreted in terms of the channel quality ratio , is only exponentially small in . The main result of this paper is that the secret-key rate decreases asymptotically only like if the per-bit signal energy, affecting the quality of all channels, is treated as a system parameter that can be optimized. Moreover, this bound is tight if Alice and Bob have the same antenna sizes.
Motivated by considering a fixed sending signal power, in which case the per-bit energy is inversely proportional to the bit-rate, we also propose a definition of the secret-key rate per second (rather than per transmitted bit) and prove that it decreases asymptotically only like
Secrecy Results for Compound Wiretap Channels
We derive a lower bound on the secrecy capacity of the compound wiretap
channel with channel state information at the transmitter which matches the
general upper bound on the secrecy capacity of general compound wiretap
channels given by Liang et al. and thus establishing a full coding theorem in
this case. We achieve this with a stronger secrecy criterion and the maximum
error probability criterion, and with a decoder that is robust against the
effect of randomisation in the encoding. This relieves us from the need of
decoding the randomisation parameter which is in general not possible within
this model. Moreover we prove a lower bound on the secrecy capacity of the
compound wiretap channel without channel state information and derive a
multi-letter expression for the capacity in this communication scenario.Comment: 25 pages, 1 figure. Accepted for publication in the journal "Problems
of Information Transmission". Some of the results were presented at the ITW
2011 Paraty [arXiv:1103.0135] and published in the conference paper available
at the IEEE Xplor
Simple Schemes in the Bounded Storage Model
The bounded storage model promises unconditional security
proofs against computationally unbounded adversaries, so long as the
adversary’s space is bounded. In this work, we develop simple new constructions
of two-party key agreement, bit commitment, and oblivious
transfer in this model. In addition to simplicity, our constructions have
several advantages over prior work, including an improved number of
rounds and enhanced correctness. Our schemes are based on Raz’s lower
bound for learning parities
Quantum key distribution using gaussian-modulated coherent states
Quantum continuous variables are being explored as an alternative means to
implement quantum key distribution, which is usually based on single photon
counting. The former approach is potentially advantageous because it should
enable higher key distribution rates. Here we propose and experimentally
demonstrate a quantum key distribution protocol based on the transmission of
gaussian-modulated coherent states (consisting of laser pulses containing a few
hundred photons) and shot-noise-limited homodyne detection; squeezed or
entangled beams are not required. Complete secret key extraction is achieved
using a reverse reconciliation technique followed by privacy amplification. The
reverse reconciliation technique is in principle secure for any value of the
line transmission, against gaussian individual attacks based on entanglement
and quantum memories. Our table-top experiment yields a net key transmission
rate of about 1.7 megabits per second for a loss-free line, and 75 kilobits per
second for a line with losses of 3.1 dB. We anticipate that the scheme should
remain effective for lines with higher losses, particularly because the present
limitations are essentially technical, so that significant margin for
improvement is available on both the hardware and software.Comment: 8 pages, 4 figure
Tight Reductions for Diffie-Hellman Variants in the Algebraic Group Model
Fuchsbauer, Kiltz, and Loss~(Crypto\u2718) gave a simple and clean definition of an ¥emph{algebraic group model~(AGM)} that lies in between the standard model and the generic group model~(GGM). Specifically, an algebraic adversary is able to exploit group-specific structures as the standard model while the AGM successfully provides meaningful hardness results as the GGM. As an application of the AGM, they show a tight computational equivalence between the computing Diffie-Hellman~(CDH) assumption and the discrete logarithm~(DL) assumption. For the purpose, they used the square Diffie-Hellman assumption as a bridge, i.e., they first proved the equivalence between the DL assumption and the square Diffie-Hellman assumption, then used the known equivalence between the square Diffie-Hellman assumption and the CDH assumption. In this paper, we provide an alternative proof that directly shows the tight equivalence between the DL assumption and the CDH assumption. The crucial benefit of the direct reduction is that we can easily extend the approach to variants of the CDH assumption, e.g., the bilinear Diffie-Hellman assumption. Indeed, we show several tight computational equivalences and discuss applicabilities of our techniques
Secret Sharing over Fast-Fading MIMO Wiretap Channels
Secret sharing over the fast-fading MIMO wiretap channel is considered. A
source and a destination try to share secret information over a fast-fading
MIMO channel in the presence of a wiretapper who also makes channel
observations that are different from but correlated to those made by the
destination. An interactive authenticated unrestricted public channel is also
available for use by the source and destination in the secret sharing process.
This falls under the "channel-type model with wiretapper" considered by
Ahlswede and Csiszar. A minor extension of their result (to continuous channel
alphabets) is employed to evaluate the key capacity of the fast-fading MIMO
wiretap channel. The effects of spatial dimensionality provided by the use of
multiple antennas at the source, destination, and wiretapper are then
investigated.Comment: Revision submitted to EURASIP Journal on Wireless Communications and
Networking, Special Issue on Wireless Physical Layer Security, Sept. 2009.
v.3: Fixes to proofs. Matthieu Bloch added as co-author for contributions to
proof
Privacy Amplification from Non-malleable Codes
Non-malleable Codes give us the following property: their codewords cannot be tampered into codewords of related messages. Privacy Amplification allows parties to convert their weak shared secret into a fully hidden, uniformly distributed secret key, while communicating on a fully tamperable public channel. In this work, we show how to construct a constant round privacy amplification protocol from any augmented split-state non-malleable code. Existentially, this gives us another primitive (in addition to optimal non-malleable extractors) whose optimal construction would solve the long-standing open problem of building constant round privacy amplification with optimal entropy loss. Instantiating our code with the current best known NMC gives us an -round privacy amplification protocol with entropy loss and min-entropy requirement , where is the security parameter and is the length of the shared weak secret. In fact, for our result, even the weaker primitive of Non-malleable Randomness Encoders suffice.
We view our result as an exciting connection between two of the most fascinating and well-studied information theoretic primitives, non-malleable codes and privacy amplification
Extended Generalized Feistel Networks using Matrix Representation
International audienceWhile Generalized Feistel Networks have been widely studied in the literature as a building block of a block cipher, we propose in this paper a unified vision to easily represent them through a matrix representation. We then propose a new class of such schemes called Extended Generalized Feistel Networks well suited for cryptographic applications. We instantiate those proposals into two particular constructions and we finally analyze their security
10-Round Feistel is Indifferentiable from an Ideal Cipher
We revisit the question of constructing an ideal cipher
from a random oracle.
Coron et al.~(Journal of Cryptology, 2014) proved that a 14-round Feistel network using random,
independent,
keyed round functions
is indifferentiable from an ideal cipher, thus demonstrating the feasibility
of such a construction.
Left unresolved is the best possible efficiency of the transformation.
We improve upon the result of Coron et al.\ and show that
10 rounds suffice
- …