Key Agreement from Close Secrets over Unsecured Channels
We consider information-theoretic key agreement between two parties sharing somewhat different versions of a secret w that has relatively little entropy. Such key agreement, also known as information reconciliation and privacy amplification over unsecured channels, was shown to be theoretically feasible by Renner and Wolf (Eurocrypt 2004), although no protocol that runs in polynomial time was described. We propose a protocol that is not only polynomial-time, but actually practical, requiring only a few seconds on consumer-grade computers.
Our protocol can be seen as an interactive version of robust fuzzy extractors (Dodis et al., Crypto 2006). While robust fuzzy extractors, due to their noninteractive nature, require w to have entropy at least half its length, we have no such constraint. In fact, unlike in prior solutions, in our solution the entropy loss is essentially unrelated to the length or the entropy of w, and depends only on the security parameter.
KeywordsExtractor Seed Edit Distance Authentication Protocol Message Authentication Code Entropy Loss
- [BJKS93]Bierbrauer, J., Johansson, T., Kabatianskii, G., Smeets, B.: On Families of Hash Functions via Geometric Codes and Concatenation. In: Stinson [Sti93], pp. 331–342Google Scholar
- [Che97]Cheung, S.: An efficient message authentication scheme for link state routing. In: 13th Annual Computer Security Applications Conference, pp. 90–98 (1997)Google Scholar
- [CRVW02]Capalbo, M.R., Reingold, O., Vadhan, S.P., Wigderson, A.: Randomness conductors and constant-degree lossless expanders. In: IEEE Conference on Computational Complexity, p. 15 (2002)Google Scholar
- [dB93]den Boer, B.: A Simple and Key-Economical Unconditional Authentication Scheme. Journal of Computer Security 2, 65–71 (1993)Google Scholar
- [DW08]Dodis, Y., Wichs, D.: One-round authenticated key agreement from weak secrets. Technical Report 2008/503, Cryptology ePrint archive (2008), http://eprint.iacr.org
- [KR08b]Kanukurthi, B., Reyzin, L.: Key agreement from close secrets over unsecured channels. Technical Report 2008/494, Cryptology ePrint archive (2008), http://eprint.iacr.org
- [Sho99]Shoup, V.: On formal models for secure key exchange. Technical Report RZ 3120 (#93166), IBM Zurich Research Lab (1999), http://eprint.iacr.org/1999/012
- [Sho01]Shoup, V.: Ntl: A library for doing number theory, version 5.4.2 (2001), http://www.shoup.net/ntl
- [Tay93]Taylor, R.: An Integrity Check Value Algorithm for Stream Ciphers. In: Stinson [Sti93], pp. 40–48Google Scholar