Secret-Key Reconciliation by Public Discussion

  • Gilles Brassard
  • Louis Salvail
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 765)


Assuming that Alice and Bob use a secret noisy channel (modelled by a binary symmetric channel) to send a key, reconciliation is the process of correcting errors between Alice’s and Bob’s version of the key. This is done by public discussion, which leaks some information about the secret key to an eavesdropper. We show how to construct protocols that leak a minimum amount of information. However this construction cannot be implemented efficiently. If Alice and Bob are willing to reveal an arbitrarily small amount of additional information (beyond the minimum) then they can implement polynomial-time protocols. We also present a more efficient protocol, which leaks an amount of information acceptably close to the minimum possible for sufficiently reliable secret channels (those with probability of any symbol being transmitted incorrectly as large as 15%). This work improves on earlier reconciliation approaches [R, BBR, BBBSS].


Hash Function Quantum Channel Public Channel Quantifier Game Primary Block 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BBBSS]
    C.H. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, Experimental Quantum Cryptography, Journal of Cryptology, Vol. 5, No. 1, 1992, pp. 3–28.CrossRefzbMATHGoogle Scholar
  2. [BBR]
    C.H. Bennett, G. Brassard, J.-M. Robert, Privacy Amplification by Public Discussion, SIAM Journal on Computing, Vol. 17, No. 2, 1988, pp. 210–229.CrossRefMathSciNetGoogle Scholar
  3. [BBCS]
    C.H. Bennett, G. Brassard, C. Crépeau, M.-H. Skubiszewska, Practical Quantum Oblivious Transfer, In proceedings of Crypto’ 91, Lecture Notes in Computer Science, vol 576, Springer Verlag, Berlin, 1992, pp. 351–366.Google Scholar
  4. [BMT]
    E.R. Berlekamp, R. J. McEliece, H.C.A. van Tilborg, On the Inherent Intractability of Certain Coding Problems, IEEE Transaction on Information Theory, Vol. IT-24, No. 3, 1978, pp. 384–386.CrossRefGoogle Scholar
  5. [CW]
    J. L. Carter, M. N. Wegman, Universal Classes of Hash Functions, Journal of Computer and System Sciences, Vol. 18, 1979, pp. 143–154.zbMATHCrossRefMathSciNetGoogle Scholar
  6. [E]
    P. Elias, Coding for Noisy Channels, IRE Convention Record, 1957, pp. 46–47.Google Scholar
  7. [M]
    U.M. Maurer, Perfect Cryptographic Security from Partially Independent Channels, In proceedings of 23rd Symposium on Theory of Computing, 1991, pp. 561–571.Google Scholar
  8. [Sh]
    C. E. Shannon, A Mathematical Theory of Communication (Part I), Bell System Technical Journal, Vol. 27, 1948, pp. 379–423.MathSciNetGoogle Scholar
  9. [Sa]
    L. Salvail, Le Problème. de Réconciliation en Cryptographie, Master thesis, Département d’informatique et de recherche opérationnelle, Université de Montreal, 1991.Google Scholar
  10. [R]
    J.-M. Robert, Detection et Correction d’Erreurs en Cryptographie, Master thesis, Département d’informatique et de recherche opérationnelle, Université de Montréal, 1985.Google Scholar
  11. [WC]
    M. N. Wegman, J.L. Carter, New Hash Functions and Their Use in Authentication and Set Equality, Journal of Computer and System Sciences, Vol. 22, 1981, pp. 265–279.zbMATHCrossRefMathSciNetGoogle Scholar
  12. [W]
    D. Welsh, Codes and Cryptography, Oxford Science Publications, 1989.Google Scholar
  13. [Z]
    S. Zachos, Probabilistic Quantifiers Games, Journal of Computer and System Sciences, Vol. 36, 1988, pp. 433–451.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Gilles Brassard
    • 1
  • Louis Salvail
    • 1
  1. 1.Département IROUniversité de MontréalMontréalCanada

Personalised recommendations