How to Reduce your Enemy’s Information (extended abstract)
If no eavesdropping occurred over the private channel, it is possible for Alice and Bob to publicly verify that no transmission errors nor tampering occurred either. with a 2−K error probability, and end up with an entirely secret final string that is only K bits shorter than the original private transmission. This is optimal. A somewhat shorter common string, on which Eve still has no information, can also be obtained with high probability despite transmission errors over the private channel.
If partial eavesdropping occurred over the private channel, leaking up to K bits of information to Eve, in Shannon’s sense, it is still possible for Alice and Bob to publicly verify that no transmission errors nor tampering occurred, with a 2−L error probability, and end up with a final string that is K+L+S bits shorter than the original private transmission, on which Eve has less than 2−s /ln2 bit of information. Here again, transmission errors can be handled at the cost of reducing some more the length of the final common string.
Finally, if partial eavesdropping over the private channel is restricted to K physical bits secretly chosen by Eve, it becomes possible again for Alice and Bob to verify with high probability that no errors nor tampering occurred, and end up with a new string on which Eve has no information whatsoever. However, the new string is substantially shorter than if Alice and Bob had tolerated knowledge by Eve of an arbitrarily small fraction of one bit of information.
KeywordsHash Function Transmission Error Random String Public Channel Binary Linear Code
- [Br]G. Brassard, “On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys”, in Advances in Cryptology: Proc. of Crypto 82, D. Chaum, R. L. Rivest and A. T. Sherman, eds., Plenum, New York, 1983, pp. 267–275.Google Scholar
- [BB1]C. H. Bennett and G. Brassard, “Quantum Cryptography and its Application to Provably Secure Key Expansion, Public-Key Distribution and Coin-Tossing”, in IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, December 1984, pp. 175–179.Google Scholar
- [BB2]C. H. Bennett and G. Brassard, “An Update on Quantum Cryptography”, in Advances in Cryptology: Proc. of Crypto 84, G. R. Blakley and D. Chaum, eds., Lecture Notes in Computer Science 196, Springer-Verlag, Berlin, 1985, pp. 475–480.Google Scholar
- [BBR]C. H. Bennett, G. Brassard and J.-M. Robert, “Privacy Amplification through Public Discussion”, submitted to SIAM J. Comput., 1985.Google Scholar
- [CGHFRS]B. Chor, O. Goldreich, J. Hastad, J. Freidmann, S. Rudich and R. Smolensky, “The Bit Extraction Problem or t-Resilient Functions”, in Proc. 26th IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, 1985, pp. 396–407.Google Scholar
- [GGM]O. Goldreich, S. Goldwasser and S. Micali, “How to Construct Random Functions”, in Proc. 25th IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, 1984, pp. 464–479.Google Scholar