Secret-Key Reconciliation by Public Discussion
Assuming that Alice and Bob use a secret noisy channel (modelled by a binary symmetric channel) to send a key, reconciliation is the process of correcting errors between Alice’s and Bob’s version of the key. This is done by public discussion, which leaks some information about the secret key to an eavesdropper. We show how to construct protocols that leak a minimum amount of information. However this construction cannot be implemented efficiently. If Alice and Bob are willing to reveal an arbitrarily small amount of additional information (beyond the minimum) then they can implement polynomial-time protocols. We also present a more efficient protocol, which leaks an amount of information acceptably close to the minimum possible for sufficiently reliable secret channels (those with probability of any symbol being transmitted incorrectly as large as 15%). This work improves on earlier reconciliation approaches [R, BBR, BBBSS].
- [BBCS]C.H. Bennett, G. Brassard, C. Crépeau, M.-H. Skubiszewska, Practical Quantum Oblivious Transfer, In proceedings of Crypto’ 91, Lecture Notes in Computer Science, vol 576, Springer Verlag, Berlin, 1992, pp. 351–366.Google Scholar
- [E]P. Elias, Coding for Noisy Channels, IRE Convention Record, 1957, pp. 46–47.Google Scholar
- [M]U.M. Maurer, Perfect Cryptographic Security from Partially Independent Channels, In proceedings of 23rd Symposium on Theory of Computing, 1991, pp. 561–571.Google Scholar
- [Sa]L. Salvail, Le Problème. de Réconciliation en Cryptographie, Master thesis, Département d’informatique et de recherche opérationnelle, Université de Montreal, 1991.Google Scholar
- [R]J.-M. Robert, Detection et Correction d’Erreurs en Cryptographie, Master thesis, Département d’informatique et de recherche opérationnelle, Université de Montréal, 1985.Google Scholar
- [W]D. Welsh, Codes and Cryptography, Oxford Science Publications, 1989.Google Scholar