Advertisement

How to Reduce your Enemy’s Information (extended abstract)

  • Charles H. Bennett
  • Gilles Brassard
  • Jean-Marc Robert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 218)

6. Conclusions

If no eavesdropping occurred over the private channel, it is possible for Alice and Bob to publicly verify that no transmission errors nor tampering occurred either. with a 2K error probability, and end up with an entirely secret final string that is only K bits shorter than the original private transmission. This is optimal. A somewhat shorter common string, on which Eve still has no information, can also be obtained with high probability despite transmission errors over the private channel.

If partial eavesdropping occurred over the private channel, leaking up to K bits of information to Eve, in Shannon’s sense, it is still possible for Alice and Bob to publicly verify that no transmission errors nor tampering occurred, with a 2L error probability, and end up with a final string that is K+L+S bits shorter than the original private transmission, on which Eve has less than 2s /ln2 bit of information. Here again, transmission errors can be handled at the cost of reducing some more the length of the final common string.

Finally, if partial eavesdropping over the private channel is restricted to K physical bits secretly chosen by Eve, it becomes possible again for Alice and Bob to verify with high probability that no errors nor tampering occurred, and end up with a new string on which Eve has no information whatsoever. However, the new string is substantially shorter than if Alice and Bob had tolerated knowledge by Eve of an arbitrarily small fraction of one bit of information.

Keywords

Hash Function Transmission Error Random String Public Channel Binary Linear Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

7. References

  1. [Be]
    E. R. Berlekamp, Algebraic Coding Theory, McGraw-Hill, New York, 1968.zbMATHGoogle Scholar
  2. [Br]
    G. Brassard, “On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys”, in Advances in Cryptology: Proc. of Crypto 82, D. Chaum, R. L. Rivest and A. T. Sherman, eds., Plenum, New York, 1983, pp. 267–275.Google Scholar
  3. [BB1]
    C. H. Bennett and G. Brassard, “Quantum Cryptography and its Application to Provably Secure Key Expansion, Public-Key Distribution and Coin-Tossing”, in IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, December 1984, pp. 175–179.Google Scholar
  4. [BB2]
    C. H. Bennett and G. Brassard, “An Update on Quantum Cryptography”, in Advances in Cryptology: Proc. of Crypto 84, G. R. Blakley and D. Chaum, eds., Lecture Notes in Computer Science 196, Springer-Verlag, Berlin, 1985, pp. 475–480.Google Scholar
  5. [BBR]
    C. H. Bennett, G. Brassard and J.-M. Robert, “Privacy Amplification through Public Discussion”, submitted to SIAM J. Comput., 1985.Google Scholar
  6. [CW]
    J. L. Carter, and M. N. Wegman, “Universal Classes of Hash Functions”, J. Comput. System Sci., 18 (1979), pp. 143–154.zbMATHCrossRefMathSciNetGoogle Scholar
  7. [CGHFRS]
    B. Chor, O. Goldreich, J. Hastad, J. Freidmann, S. Rudich and R. Smolensky, “The Bit Extraction Problem or t-Resilient Functions”, in Proc. 26th IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, 1985, pp. 396–407.Google Scholar
  8. [DH]
    W. Diffie and M. Hellman, “New Directions in Cryptography”, IEEE Trans. Information Theory, IT-22 (1976), pp. 644–654.CrossRefMathSciNetGoogle Scholar
  9. [G]
    R. G. Gallager, Information Theory and Reliable Communication, John Wiley and Sons, New York, 1968.zbMATHGoogle Scholar
  10. [GGM]
    O. Goldreich, S. Goldwasser and S. Micali, “How to Construct Random Functions”, in Proc. 25th IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, 1984, pp. 464–479.Google Scholar
  11. [GM]
    S. Goldwasser and S. Micali, “Probabilistic Encryption”, J. Comput. System Sci., 28 (1984), pp. 270–299.zbMATHCrossRefMathSciNetGoogle Scholar
  12. [MS]
    F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes, North-Holland, New York, 1977.zbMATHGoogle Scholar
  13. [WC]
    M. N. Wegman and J. L. Carter, “New Hash Functions and Their Use in Authentication and Set Equality”, J. Comput. System Sci., 22 (1981), pp. 265–279.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [W]
    A. D. Wyner, “The Wire-Tap Channel”, Bell System Journal, 54 (1975), pp. 1355–1387.MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1986

Authors and Affiliations

  • Charles H. Bennett
    • 1
  • Gilles Brassard
    • 2
  • Jean-Marc Robert
    • 3
  1. 1.IBM T. J. Watson Research LaboratoryYorktown Heights
  2. 2.Dépt. IROUniversité de MontréalMontréal
  3. 3.Génie Electrique, Ecole PolytechniqueMontréal

Personalised recommendations