The Exact Price for Unconditionally Secure Asymmetric Cryptography

  • Renato Renner
  • Stefan Wolf
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3027)


A completely insecure communication channel can only be transformed into an unconditionally secure channel if some information-theoretic primitive is given to start from. All previous approaches to realizing such authenticity and privacy from weak primitives were symmetric in the sense that security for both parties was achieved. We show that asymmetric information-theoretic security can, however, be obtained at a substantially lower price than two-way security|like in the computational-security setting, as the example of public-key cryptography demonstrates. In addition to this, we show that also an unconditionally secure bidirectional channel can be obtained under weaker conditions than previously known. One consequence of these results is that the assumption usually made in the context of quantum key distribution that the two parties share a short key initially is unnecessarily strong.


Information-theoretic security authentication information reconciliation privacy amplification quantum key agreement reductions of information-theoretic primitives 


  1. 1.
    Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, pp. 175–179 (1984)Google Scholar
  2. 2.
    Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.M.: Generalized privacy amplification. IEEE Trans. on Information Theory 41(6), 1915–1923 (1995)zbMATHCrossRefGoogle Scholar
  3. 3.
    Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion. SIAM Journal on Computing 17, 210–229 (1988)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Cachin, C.: Entropy measures and unconditional security in cryptography, Ph. D. Thesis, ETH Zürich, Hartung-Gorre Verlag, Konstanz (1997)Google Scholar
  5. 5.
    Cover, T.M., Thomas, J.A.: Elements of information theory. Wiley Series in Telecommunications (1992)Google Scholar
  6. 6.
    Csiszár, I., Körner, J.: Broadcast channels with confidential messages. IEEE Trans. on Information Theory 24, 339–348 (1978)zbMATHCrossRefGoogle Scholar
  7. 7.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. on Information Theory 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Dodis, Y., Smith, A.: Fooling an unbounded adversary with a short key: a notion of indistinguishability, relations to extractors, and lower bounds (2003) (manuscript)Google Scholar
  9. 9.
    Dodis, Y., Spencer, J.: On the (non)universality of the one-time pad. In: Proceedings of FOCS 2002, pp. 376–385 (2002)Google Scholar
  10. 10.
    Forney Jr., G.D.: Concatenated codes, Massachusetts Institute of Technology, Cambridge, Massachusetts (1966)Google Scholar
  11. 11.
    Gemmell, P., Naor, M.: Codes for interactive authentication. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 355–367. Springer, Heidelberg (1994)Google Scholar
  12. 12.
    König, R., Maurer, U.M., Renner, R.: On the power of quantum memory (2003), available on quant-ph/0305154
  13. 13.
    Maurer, U.M.: Secret key agreement by public discussion from common information. IEEE Trans. on Information Theory 39(3), 733–742 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Maurer, U.M.: Information-theoretically secure secret-key agreement by NOT authenticated public discussion. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 209–225. Springer, Heidelberg (1997)Google Scholar
  15. 15.
    Maurer, U.M.: Information-theoretic cryptography. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 47–64. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Maurer, U.M., Schmid, P.: A calculus for security bootstrapping in distributed systems. Journal of Computer Security 4(1), 55–80 (1996)Google Scholar
  17. 17.
    Maurer, U.M., Wolf, S.: Secret-key agreement over unauthenticated public channels – Parts I–III. IEEE Trans. on Information Theory 49(4), 822–851 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    McInnes, J.L., Pinkas, B.: On the impossibility of private key cryptography with weakly random keys. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 421–436. Springer, Heidelberg (1991)Google Scholar
  19. 19.
    Renner, R., Wolf, S.: Unconditional authenticity and privacy from an arbitrarily weak secret and completely insecure communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 78–95. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Russell, A., Wang, H.: How to fool an unbounded adversary with a short key. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 133–148. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28, 656–715 (1949)zbMATHMathSciNetGoogle Scholar
  22. 22.
    Wyner, D.: The wire-tap channel. Bell System Technical Journal 54(8), 1355–1387 (1975)MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Renato Renner
    • 1
  • Stefan Wolf
    • 2
  1. 1.Department of Computer ScienceETH ZürichSwitzerland
  2. 2.Département d’Informatique et R.O.Université de MontréalCanada

Personalised recommendations