Simple and Tight Bounds for Information Reconciliation and Privacy Amplification

  • Renato Renner
  • Stefan Wolf
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3788)


Shannon entropy is a useful and important measure in information processing, for instance, data compression or randomness extraction, under the assumption—which can typically safely be made in communication theory—that a certain random experiment is independently repeated many times. In cryptography, however, where a system’s working has to be proven with respect to a malicious adversary, this assumption usually translates to a restriction on the latter’s knowledge or behavior and is generally not satisfied. An example is quantum key agreement, where the adversary can attack each particle sent through the quantum channel differently or even carry out coherent attacks, combining a number of particles together. In information-theoretic key agreement, the central functionalities of information reconciliation and privacy amplification have, therefore, been extensively studied in the scenario of general distributions: Partial solutions have been given, but the obtained bounds are arbitrarily far from tight, and a full analysis appeared to be rather involved to do. We show that, actually, the general case is not more difficult than the scenario of independent repetitions—in fact, given our new point of view, even simpler. When one analyzes the possible efficiency of data compression and randomness extraction in the case of independent repetitions, then Shannon entropy H is the answer. We show that H can, in these two contexts, be generalized to two very simple quantities—\(H_0^\epsilon\) and \(H_\infty^\epsilon\), called smooth Rényi entropies—which are tight bounds for data compression (hence, information reconciliation) and randomness extraction (privacy amplification), respectively. It is shown that the two new quantities, and related notions, do not only extend Shannon entropy in the described contexts, but they also share central properties of the latter such as the chain rule as well as sub-additivity and monotonicity.


Information-theoretic cryptography entropy measures data compression randomness extraction information reconciliation privacy amplification quantum key agreement 


  1. 1.
    Bennett, C.H., Brassard, G.: Quantum cryptography: Public key distribution and coin tossing. In: Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, pp. 175–179. IEEE, Los Alamitos (1984)Google Scholar
  2. 2.
    Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.: Generalized privacy amplification. IEEE Transactions on Information Theory 41(6), 1915–1923 (1995)zbMATHCrossRefGoogle Scholar
  3. 3.
    Bennett, C.H., Brassard, G., Robert, J.M.: Privacy amplification by public discussion. SIAM Journal on Computing 17, 210–229 (1988)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Brassard, G., Salvail, L.: Secret-key reconciliation by public discussion. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 410–423. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Cachin, C.: Smooth entropy and Rényi entropy. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 193–208. Springer, Heidelberg (1997)Google Scholar
  6. 6.
    Cachin, C.: Entropy Measures and Unconditional Security in Cryptography, Ph. D. Thesis, ETH Zürich, Hartung-Gorre Verlag, Konstanz (1997)Google Scholar
  7. 7.
    Cachin, C., Maurer, U.: Smoothing probability distributions and smooth entropy. In: Proceedings of International Symposium on Information Theory (ISIT) 1997. IEEE, Los Alamitos (1997)Google Scholar
  8. 8.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, Chichester (1991)zbMATHCrossRefGoogle Scholar
  9. 9.
    Csiszár, I., Körner, J.: Broadcast channels with confidential messages. IEEE Transactions on Information Theory 24, 339–348 (1978)zbMATHCrossRefGoogle Scholar
  10. 10.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Holenstein, T., Renner, R.: On the smooth Rényi entropy of independently repeated random experiments (2005) (manuscript)Google Scholar
  13. 13.
    Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions (extended abstract). In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing (STOC 1989), pp. 12–24 (1989)Google Scholar
  14. 14.
    Luby, M., Wigderson, A.: Pairwise independence and derandomization, Technical Report CSD-95-880, Computer Science Institute, Berkeley, CA (1995),
  15. 15.
    Maurer, U.M.: Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory 39(3), 733–742 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52, 43–52 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Renner, R., Gisin, N., Kraus, B.: Information-theoretic security proof for quantum-key-distribution protocols. Physical Review A 72, 12332 (2005)CrossRefGoogle Scholar
  18. 18.
    Renner, R., König, R.: Universally composable privacy amplification against quantum adversaries. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 407–425. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Renner, R., Wolf, S.: Smooth Rényi entropy and its properties. In: Proceedings of International Symposium on Information Theory (ISIT) 2004, p. 233. IEEE, Los Alamitos (2004)Google Scholar
  20. 20.
    Rényi, A.: On measures of entropy and information. In: Proceedings of the 4th Berkeley Symp. on Math. Stat. and Prob., vol. 1, pp. 547–561. Univ. of Calif. Press, Berkeley (1961)Google Scholar
  21. 21.
    Shaltiel, R.: Recent developments in explicit constructions of extractors. In: Current trends in theoretical computer science. The Challenge of the New Century. Algorithms and Complexity, vol. 1 (2002)Google Scholar
  22. 22.
    Wiesner, S.: Conjugate coding. SIGACT News 15, 78–88 (1983)CrossRefGoogle Scholar
  23. 23.
    Wyner, A.D.: The wire-tap channel. Bell System Technical Journal 54(8), 1355–1387 (1975)MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Renato Renner
    • 1
  • Stefan Wolf
    • 2
  1. 1.Computer Science DepartmentETH ZürichSwitzerland
  2. 2.Département d’Informatique et R.O.Université de MontréalCanada

Personalised recommendations