Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion

  • Ueli Maurer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1233)


All information-theoretically secure key agreement protocols (e.g. based on quantum cryptography or on noisy channels) described in the literature are secure only against passive adversaries in the sense that they assume the existence of an authenticated public channel. The goal of this paper is to investigate information-theoretic security even against active adversaries with complete control over the communication channel connecting the two parties who want to agree on a secret key. Several impossibility results are proved and some scenarios are characterized in which secret-key agreement secure against active adversaries is possible. In particular, when each of the parties, including the adversary, can observe a sequence of random variables that are correlated between the parties, the rate at which key agreement against active adversaries is possible is characterized completely: it is either 0 or equal to the rate achievable against passive adversaries, and the condition for distinguishing between the two cases is given.


Active Adversary Quantum Cryptography Random String Binary Symmetric Channel Privacy Amplification 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. Ahlswede and I. Csiszár, Common Randomness in information theory and cryptography — part I: secret sharing, IEEE Transactions on Information Theory, Vol. IT-39, 1993, pp. 1121–1132.CrossRefGoogle Scholar
  2. 2.
    C. H. Bennett, F. Bessette, G. Brassard, L. Salvail and J. Smolin, “Experimental quantum cryptography”, Journal of Cryptology, Vol. 5, no. 1, 1992, pp. 3–28.CrossRefzbMATHGoogle Scholar
  3. 3.
    C.H. Bennett, G. Brassard, C. Crépeau, and U.M. Maurer, “Generalized privacy amplification”, to appear in IEEE Transactions on Information Theory, Nov. 1995.Google Scholar
  4. 4.
    C. H. Bennett, G. Brassard and J.-M. Robert, “Privacy amplification by public discussion”, SIAM Journal on Computing, Vol. 17, no. 2, April 1988, pp. 210–229.CrossRefMathSciNetGoogle Scholar
  5. 5.
    R. E. Blahut, Theory and Practice of Error Control Codes, Reading, MA: Addison-Wesley, 1983.zbMATHGoogle Scholar
  6. 6.
    R. E. Blahut, Principles and Practice of Information Theory, Reading, MA: Addison-Wesley, 1987.zbMATHGoogle Scholar
  7. 7.
    J. L. Carter and M. N. Wegman, “Universal classes of hash functions”, Journal of Computer and System Sciences, Vol. 18, 1979, pp. 143–154.CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    I. Csiszár and J. Körner, “Broadcast channels with confidential messages”, IEEE Transactions on Information Theory, Vol. IT-24, no. 3, 1978, pp. 339–348.CrossRefGoogle Scholar
  9. 9.
    W. Diffie and M. E. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, Vol. IT-22, 1976, pp. 644–654.CrossRefMathSciNetGoogle Scholar
  10. 10.
    P. Gemmell and M. Naor, Codes for interactive authentication Advances in Cryptology — Proceedings of Crypto’ 93, Lecture Notes in Computer Science, Vol. 773, Springer-Verlag, Berlin, 1994, pp. 355–367.Google Scholar
  11. 11.
    E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane, Codes which detect deception, Bell Syst. Tech. J., Vol. 53, No. 3, 1974, pp. 405–424.MathSciNetGoogle Scholar
  12. 12.
    R. L. Graham, D. E. Knuth and O. Patashnik, Concrete mathematics, Reading, MA: Addison-Wesley, 1990.Google Scholar
  13. 13.
    U.M. Maurer, Protocols for secret key agreement by public discussion based on common information, Advances in Cryptology — CRYPTO’ 92, Lecture Notes in Computer Science, Berlin: Springer-Verlag, vol. 740, pp. 461–470, 1993.Google Scholar
  14. 14.
    U. M. Maurer, Secret key agreement by public discussion from common information, IEEE Transactions on Information Theory, vol. IT-39, 1993, pp. 733–742.CrossRefMathSciNetGoogle Scholar
  15. 15.
    U. M. Maurer, The strong secret key rate of discrete random triples, Communications and Cryptography, Two Sides of one Tapestry, R.E. Blahut et al. (editors), Kluwer Academic Publishers, 1994, pp. 271–285.Google Scholar
  16. 16.
    U. M. Maurer and P.E. Schmid, A calculus for security bootstrapping in distributed systems, Journal of Computer Security, vol. 4, no. 1, pp. 55–80, 1996.Google Scholar
  17. 17.
    U. M. Maurer and S. Wolf, Towards characterizing when information-theoretic secret key agreement is possible, Advances in Cryptology — ASIACRYPT’ 96, K. Kim and T. Matsumoto (Eds.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, vol. 1163, pp. 145–158, 1996.Google Scholar
  18. 18.
    U. M. Maurer and S. Wolf, The intrinsic conditional mutual information and perfect secrecy, to appear in Proc. 1997 IEEE Symposium on Information Theory, (Abstracts), Ulm, Germany, June 29–July 4, 1997.Google Scholar
  19. 19.
    U. M. Maurer and S. Wolf, Privacy amplification secure against active adversaries, preprint, 1997.Google Scholar
  20. 20.
    R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120–126.CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    C. E. Shannon, Communication theory of secrecy systems, Bell System Technical Journal, Vol. 28, October 1949, pp. 656–715.MathSciNetGoogle Scholar
  22. 22.
    G. J. Simmons, Authentication theory/coding theory, in Advances in Cryptology — CRYPTO 84, G.R. Blakley and D. Chaum (Eds.), Lecture Notes in Computer Science, No. 196, Berlin: Springer Verlag, 1985, pp. 411–431.Google Scholar
  23. 23.
    D. R. Stinson, Universal hashing and authentication codes, Advances in Cryptology — Proceedings of Crypto’ 91, Lecture Notes in Computer Science, Vol. 576, Springer-Verlag, Berlin, 1994, pp. 74–85.Google Scholar
  24. 24.
    M. N. Wegman and J. L. Carter, New hash functions and their use in authentication and set equality, Journal of Computer and System Sciences, Vol. 22, 1981, pp. 265–279.CrossRefzbMATHMathSciNetGoogle Scholar
  25. 25.
    A. D. Wyner, The wire-tap channel, Bell System Technical Journal, Vol. 54, no. 8, 1975, pp. 1355–1387.MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Ueli Maurer
    • 1
  1. 1.Department of Computer ScienceETH ZurichZurich

Personalised recommendations