Advertisement

Unconditional Security in Cryptography

  • Stefan Wolf
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1561)

Abstract

The fact that most presently-used cryptosystems cannot be rigorously proven secure and hence permanently face the risk of being broken motivates the search for schemes with unconditional security. The corresponding proofs however must be based on information theory rather than complexity theory. One reason for this is the lack of known lower bounds on the running time of algorithms solving certain computational problems such as the discrete-logarithm problem or the integer-factoring problem. At the beginning of an information-theoretic analysis of cryptosystems stands Shannon’s definition of perfect secrecy, unquestionably the strongest possible security definition, and his wellknown inequality giving a lower bound on the key length of every perfectly secret cipher, thus suggesting that such a high level of confidentiality cannot be realized in any practical scheme. This pessimism has later been qualified by several authors who showed that unconditional security can be achieved in many special but realistic scenarios. Some of these approaches are described in this introductory overview article.

Keywords

Public Channel Visual Cryptography Secrecy Capacity Unconditional Security Perfect Secrecy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    R. Ahlswede and I. Csiszár, “Common randomness in information theory and cryptography-Part I: secret sharing,” IEEE Transactions on Information Theory, vol. 39, no. 4, pp. 1121–1132, 1993.zbMATHCrossRefGoogle Scholar
  2. 2.
    C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, “Experimental quantum cryptography,” Journal of Cryptology, vol. 5, no. 1, pp. 3–28, Springer-Verlag, 1992.CrossRefzbMATHGoogle Scholar
  3. 3.
    C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, “Generalized privacy amplification,” IEEE Transactions on Information Theory, vol. 41, no. 6, pp. 1915–1923, 1995.zbMATHCrossRefGoogle Scholar
  4. 4.
    C. H. Bennett, G. Brassard, and J.-M. Robert, “Privacy amplification by public discussion,” SIAM Journal on Computing, vol. 17, pp. 210–229, 1988.CrossRefMathSciNetGoogle Scholar
  5. 5.
    R. E. Blahut, Principles and practice of information theory, Addison-Wesley Publishing Company, 1988.Google Scholar
  6. 6.
    G. Brassard and L. Salvail, “Secret-key reconciliation by public discussion,” Advances in Cryptology-EUROCRYPT’ 93, Lecture Notes in Computer Science, vol. 765, pp. 410–423, Springer-Verlag, 1994.Google Scholar
  7. 7.
    W. Brunner, C. Cachin, U. M. Maurer, and C. Vonäsch, Demonstration system of secret-key agreement by public discussion, ETH Zürich, 1996. http://www.inf.ethz.ch/department/TI/um/keydemo/
  8. 8.
    C. Cachin, Entropy measures and unconditional security in cryptography, Ph. D. Thesis, ETH Zürich, Hartung-Gorre Verlag, Konstanz, 1997.Google Scholar
  9. 9.
    C. Cachin and U. M. Maurer, “Unconditional security against memory-bounded adversaries,” Advances in Cryptology-CRYPTO’ 97, Lecture Notes in Computer Science, vol. 1294, pp. 292–306, Springer-Verlag, 1997.CrossRefGoogle Scholar
  10. 10.
    T. M. Cover and J. A. Thomas, Elements of information theory, Wiley Series in Telecommunications, 1992.Google Scholar
  11. 11.
    R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,” Advances in Cryptology-CRYPTO’ 98, Lecture Notes in Computer Science, vol. 1462, pp. 13–25, Springer-Verlag, 1998.CrossRefGoogle Scholar
  12. 12.
    I. Csiszár and J. Körner, “Broadcast channels with confidential messages,” IEEE Transactions on Information Theory, vol. IT-24, pp. 339–348, 1978.CrossRefGoogle Scholar
  13. 13.
    W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    W. Feller, An introduction to probability theory and its applications, 3rd edition, vol. 1, Wiley International, 1968.Google Scholar
  15. 15.
    M. J. Fischer and R. N. Wright, “Bounds on secret key exchange using a random deal of cards,” Journal of Cryptology, vol. 9, no. 2, pp. 71–99, Springer-Verlag, 1996.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    J. L. Massey, “A simplified treatment of Wyner’s wire-tap channel,” Proceedings of the 21st Annual Allerton Conference of Communication, Control, and Computing, Monticello, IL, pp. 268–276, 1983.Google Scholar
  17. 17.
    U. M. Maurer, “Information-theoretically secure secret-key agreement by NOT authenticated public discussion,” Advances in Cryptology-EUROCRYPT’ 97, Lecture Notes in Computer Science, vol. 1233, pp. 209–225, Springer-Verlag, 1997.Google Scholar
  18. 18.
    U. M. Maurer, “The role of information theory in cryptography,” Codes and Ciphers: 4th IMA Conference on Cryptography and Coding, Cirencester, UK, Dec. 1993, pp. 49–71, Southend-on-Sea, 1995. The Institute of Mathematics and its Applications.Google Scholar
  19. 19.
    U. M. Maurer, “The strong secret key rate of discrete random triples,” Communication and Cryptography-Two Sides of One Tapestry, Kluwer Academic Publishers, pp. 271–285, 1994.Google Scholar
  20. 20.
    U. M. Maurer, “Protocols for secret key agreement based on common information,” Advances in Cryptology-CRYPTO’ 92, Lecture Notes in Computer Science, vol. 740, pp. 461–470, Springer-Verlag, 1993.Google Scholar
  21. 21.
    U. M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Transactions on Information Theory, vol. 39, no. 3, pp. 733–742, 1993.zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    U. M. Maurer, “Conditionally-perfect secrecy and a provably-secure randomized cipher,” Journal of Cryptology, vol. 5, pp. 53–66, Springer-Verlag, 1992.zbMATHMathSciNetGoogle Scholar
  23. 23.
    U. M. Maurer and S. Wolf, “Privacy amplification secure against active adversaries,” Advances in Cryptology-CRYPTO’ 97, Lecture Notes in Computer Science, vol. 1294, pp. 307–321, Springer-Verlag, 1997.CrossRefGoogle Scholar
  24. 24.
    U. M. Maurer and S. Wolf, “The intrinsic conditional mutual information and perfect secrecy,” Proc. of the 1997 IEEE Symp. on Information Theory, Ulm, Germany, 1997 (abstract). To appear in IEEE Transactions on Information Theory. Google Scholar
  25. 25.
    U. M. Maurer and S. Wolf, “Towards characterizing when information-theoretic secret key agreement is possible,” Advances in Cryptology-ASIACRYPT’ 96, Lecture Notes in Computer Science, vol. 1163, pp. 196–209, Springer-Verlag, 1996.CrossRefGoogle Scholar
  26. 26.
    M. Naor and A. Shamir, “Visual cryptography,” Advances in Cryptology-CRYPTO’ 94, Lecture Notes in Computer Science, vol. 950, pp. 1–12, Springer-Verlag, 1995.Google Scholar
  27. 27.
    A. Rényi, A diary on information theory, Akadémiai Kiadó, Budapest, 1978.Google Scholar
  28. 28.
    R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    C. E. Shannon, “Communication theory of secrecy systems,” Bell System Technical Journal, vol. 28, pp. 656–715, 1949.MathSciNetGoogle Scholar
  30. 30.
    C. E. Shannon, “A mathematical theory of communication,” Bell System Technical Journal, vol. 27, pp. 379–423, 623–656, 1948.MathSciNetGoogle Scholar
  31. 31.
    P. W. Shor, “Algorithms for quantum computation: discrete log and factoring,” Proceedings of the 35th IEEE Symposium on the Foundations of Computer Science (FOCS’ 94), pp. 124–134, 1994.Google Scholar
  32. 32.
    V. Shoup, “Lower bounds for discrete logarithms and related problems,” Advances in Cryptology-EUROCRYPT’ 97, Lecture Notes in Computer Science, vol. 1233, pp. 256–266, Springer-Verlag, 1997.Google Scholar
  33. 33.
    D. R. Stinson, “Universal hashing and authentication codes,” Advances in Cryptology-CRYPTO’ 91, Lecture Notes in Computer Science, vol. 576, pp. 74–85, Springer-Verlag, 1992.CrossRefGoogle Scholar
  34. 34.
    G. S. Vernam, “Cipher printing telegraph systems for secret wire and radio telegraphic communications,” Journal of the American Institute for Electrical Engineers, vol. 55, pp. 109–115, 1926.Google Scholar
  35. 35.
    S. Wolf, “Strong security against active attacks in information-theoretic secret-key agreement,” to appear in Advances in Cryptology-ASIACRYPT’ 98, Lecture Notes in Computer Science, Springer-Verlag, 1998.Google Scholar
  36. 36.
    A. D. Wyner, “The wire-tap channel,” Bell System Technical Journal, vol. 54, no. 8, pp. 1355–1387, 1975.MathSciNetGoogle Scholar
  37. 37.
    R. W. Yeung, “A new outlook on Shannon’s information measures,” IEEE Transactions on Information Theory, vol. 37, no. 3, pp. 466–474, 1991.CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Stefan Wolf
    • 1
  1. 1.Computer Science DepartmentSwiss Federal Institute of Technology (ETH Zürich)ZürichSwitzerland

Personalised recommendations