Information-Theoretic Key Agreement: From Weak to Strong Secrecy for Free

  • Ueli Maurer
  • Stefan Wolf
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1807)


One of the basic problems in cryptography is the generation of a common secret key between two parties, for instance in order to communicate privately. In this paper we consider information-theoretically secure key agreement. Wyner and subsequently Csiszár and Körner described and analyzed settings for secret-key agreement based on noisy communication channels. Maurer as well as Ahlswede and Csiszár generalized these models to a scenario based on correlated randomness and public discussion. In all these settings, the secrecy capacity and the secret-key rate, respectively, have been defined as the maximal achievable rates at which a highly-secret key can be generated by the legitimate partners. However, the privacy requirements were too weak in all these definitions, requiring only the ratio between the adversary’s information and the length of the key to be negligible, but hence tolerating her to obtain a possibly substantial amount of information about the resulting key in an absolute sense. We give natural stronger definitions of secrecy capacity and secret-key rate, requiring that the adversary obtains virtually no information about the entire key. We show that not only secret-key agreement satisfying the strong secrecy condition is possible, but even that the achievable key-generation rates are equal to the previous weak notions of secrecy capacity and secret-key rate. Hence the unsatisfactory old definitions can be completely replaced by the new ones. We prove these results by a generic reduction of strong to weak key agreement. The reduction makes use of extractors, which allow to keep the required amount of communication negligible as compared to the length of the resulting key.


Broadcast Channel Secrecy Capacity Strong Secrecy Information Reconciliation Original Random Variable 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. Ahlswede and I. Csiszár, Common randomness in information theory and cryptography — Part I: secret sharing, IEEE Transactions on Information Theory, Vol. 39, No. 4, pp. 1121–1132, 1993.zbMATHCrossRefGoogle Scholar
  2. 2.
    C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, Generalized privacy amplification, IEEE Transactions on Information Theory, Vol. 41, No. 6, pp. 1915–1923, 1995.zbMATHCrossRefGoogle Scholar
  3. 3.
    C. H. Bennett, G. Brassard, and J.-M. Robert, Privacy amplification by public discussion, SIAM Journal on Computing, Vol. 17, pp. 210–229, 1988.CrossRefMathSciNetGoogle Scholar
  4. 4.
    G. Brassard and L. Salvail, Secret-key reconciliation by public discussion, Advances in Cryptology-EUROCRYPT’ 93, Lecture Notes in Computer Science, Vol. 765, pp. 410–423, Springer-Verlag, 1994.Google Scholar
  5. 5.
    C. Cachin, Entropy measures and unconditional security in cryptography, Ph. D. Thesis, ETH Zurich, Hartung-Gorre Verlag, Konstanz, 1997.Google Scholar
  6. 6.
    C. Cachin and U. M. Maurer, Linking information reconciliation and privacy amplification, Journal of Cryptology, Vol. 10, No. 2, pp. 97–110, 1997.zbMATHCrossRefGoogle Scholar
  7. 7.
    J. L. Carter and M. N. Wegman, Universal classes of hash functions, Journal of Computer and System Sciences, Vol. 18, pp. 143–154, 1979.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    T. M. Cover and J. A. Thomas, Elements of information theory, Wiley Series in Telecommunications, 1992.Google Scholar
  9. 9.
    I. Csiszár, Almost independence and secrecy capacity (in Russian), in Problems of Information Transmission (PPI), Vol. 32, No. 1, pp. 48–57, 1996.Google Scholar
  10. 10.
    I. Csiszár and J. Körner, Broadcast channels with confidential messages, IEEE Transactions on Information Theory, Vol. 24, No. 3, pp. 339–348, 1978.zbMATHCrossRefGoogle Scholar
  11. 11.
    N. Gisin and S. Wolf, Linking classical and quantum key agreement: is there “bound information”?, manuscript, 2000.Google Scholar
  12. 12.
    J. Håstad, R. Impagliazzo, L. Levin, and M. Luby, Construction of a pseudo-random generator from any one-way function, ICSI Tech. Rep. 91-068, 1991.Google Scholar
  13. 13.
    U. M. Maurer, Secret key agreement by public discussion from common information, IEEE Transactions on Information Theory, Vol. 39, No. 3, pp. 733–742, 1993.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    U. M. Maurer, The strong secret key rate of discrete random triples, in Communication and Cryptography — Two Sides of One Tapestry, Kluwer Academic Publishers, pp. 271–285, 1994.Google Scholar
  15. 15.
    U. M. Maurer and S. Wolf, Unconditionally secure key agreement and the intrinsic conditional information, IEEE Transactions on Information Theory, Vol. 45, No. 2, pp. 499–514, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    L. Trevisan, Construction of Extractors Using Pseudorandom Generators, Proc. of the 31st Symposium on Theory of Computing (STOC), ACM, pp. 141–148, 1999.Google Scholar
  17. 17.
    S. P. Vadhan, Extracting all the randomness from a weakly random source, Electronic Colloquium on Computational Complexity, Tech. Rep. TR98-047, 1998.Google Scholar
  18. 18.
    A. D. Wyner, The wire-tap channel, Bell System Technical Journal, Vol. 54, No. 8, pp. 1355–1387, 1975.MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Ueli Maurer
    • 1
  • Stefan Wolf
    • 1
  1. 1.Computer Science DepartmentSwiss Federal Institute of Technology (ETH Zürich)ZürichSwitzerland

Personalised recommendations