Strong Security Against Active Attacks in Information-Theoretic Secret-Key Agreement

  • Stefan Wolf
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1514)


The problem of unconditionally secure key agreement, in particular privacy amplification, by communication over an insecure and not even authentic channel, is investigated. The previous definitions of such protocols were weak in the sense that it was only required that after the communication not both parties falsely believe that the key agreement was successful. In such a protocol however it is possible that Eve deceives one of the legitimate partners, i.e., makes him accept the outcome of the protocol although no secret key has been generated. In this paper we introduce the notion of strong protocols which protect each of the parties simultaneously and, in contrast to previous pessimism, it is shown that such protocols exist. For the important special case of privacy amplification, a strong protocol is presented that is based on a new, interactive way of message authentication with an only partially secret key. The use of feedback in such authentication allows to reduce the size of the authenticator, hence of the additional information about the key leaked to the adversary, without increasing the success probability ofan active attack. Finally, it is shown that in the scenario where the parties and the adversary have access to repeated realizations of a random experiment, previously derived criteria for the possibility of secret-key agreement against active opponents hold for the new, strong definition of robustness against active attacks rather than for the earlier definition.


Secret-key agreement privacy amplification authentication unconditional secrecy information theory 


  1. 1.
    C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, Generalized privacy amplification, IEEE Transactions on Information Theory, Vol. 41, Nr. 6, 1995.Google Scholar
  2. 2.
    C. H. Bennett, G. Brassard, and J.-M. Robert, Privacy amplification by public discussion, SIAM Journal on Computing, Vol. 17, pp. 210–229, 1988.CrossRefMathSciNetGoogle Scholar
  3. 3.
    C. Cachin, Entropy measures and unconditional security in cryptography, Ph. D. Thesis, ETH Zürich, Hartung-Gorre Verlag, Zürich, 1997.Google Scholar
  4. 4.
    U. M. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology-EUROCRYPT’97, Lecture Notes in Computer Science, Vol. 1233, pp. 209–225, Springer-Verlag, 1997.Google Scholar
  5. 5.
    U. M. Maurer, Secret key agreement by public discussion from common information, IEEE Transactions on Information Theory, Vol. 39, No. 3, pp. 733–742, 1993.zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    U. M. Maurer and S. Wolf, Privacy amplification secure against active adversaries, Advances in Cryptology-CRYPTO’ 97, Lecture Notes in Computer Science, Vol. 1294, pp. 307–321, Springer-Verlag, 1996.CrossRefGoogle Scholar
  7. 7.
    N. Nisan and D. Zuckerman, Randomness is linear in space, Journal of Computer and System Sciences, Vol. 52, No. 1, pp. 43–52, 1996.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    D. R. Stinson, Universal hashing and authentication codes, Advances in Cryptology-CRYPTO’91, Lecture Notes in Computer Science, Vol. 576, pp. 74–85, Springer-Verlag, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Stefan Wolf
    • 1
  1. 1.Department of Computer ScienceSwiss Federal Institute of Technology (ETH Zürich)ZürichSwitzerland

Personalised recommendations