New Bounds in Secret-Key Agreement: The Gap between Formation and Secrecy Extraction
Perfectly secret message transmission can be realized with only partially secret and weakly correlated information shared by the parties as soon as this information allows for the extraction of information-theoretically secret bits. The best known upper bound on the rate S at which such key bits can be generated has been the intrinsic information of the distribution modeling the parties’, including the adversary’s, knowledge. Based on a new property of the secret-key rate S, we introduce a conditional mutual information measure which is a stronger upper bound on S. Having thus seen that the intrinsic information of a distribution P is not always suitable for determining the number of secret bits extractable from P, we prove a different significance of it in the same context: It is a lower bound on the number of key bits required to generate P by public communication. Taken together, these two results imply that sometimes, (a possibly arbitrarily large fraction of) the correlation contained in distributed information cannot be extracted in the form of secret keys by any protocol.
KeywordsInformation-theoretic security secret-key agreement reductions among primitives information measures quantum entanglement purification
- 3.N. Gisin and S. Wolf, Linking classical and quantum key agreement: is there “bound information”?, Proceedings of CRYPTO 2000, Lecture Notes in Computer Science, Vol. 1880, pp. 482–500, Springer-Verlag, 2000.Google Scholar
- 9.U. Maurer and S. Wolf, Towards characterizing when information-theoretic secret key agreement is possible, Proceedings of ASIACRYPT’ 96, Lecture Notes in Computer Science, Vol. 1163, pp. 196–209, Springer-Verlag, 1996.Google Scholar
- 10.S. Popescu and D. Rohrlich, Thermodynamics and the measure of entanglement, quant-ph/9610044, 1996.Google Scholar
- 12.F. Spedalieri, personal communication, 2003.Google Scholar
- 13.G. S. Vernam, Cipher printing telegraph systems for secret wire and radio telegraphic communications, Journal of the American Institute for Electrical Engineers, Vol. 55, pp. 109–115, 1926.Google Scholar