Key Agreement from Close Secrets over Unsecured Channels

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5479)


We consider information-theoretic key agreement between two parties sharing somewhat different versions of a secret w that has relatively little entropy. Such key agreement, also known as information reconciliation and privacy amplification over unsecured channels, was shown to be theoretically feasible by Renner and Wolf (Eurocrypt 2004), although no protocol that runs in polynomial time was described. We propose a protocol that is not only polynomial-time, but actually practical, requiring only a few seconds on consumer-grade computers.

Our protocol can be seen as an interactive version of robust fuzzy extractors (Dodis et al., Crypto 2006). While robust fuzzy extractors, due to their noninteractive nature, require w to have entropy at least half its length, we have no such constraint. In fact, unlike in prior solutions, in our solution the entropy loss is essentially unrelated to the length or the entropy of w, and depends only on the security parameter.


Extractor Seed Edit Distance Authentication Protocol Message Authentication Code Entropy Loss 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BC92]
    Bos, J.N.E., Chaum, D.: Provably Unforgeable Signatures. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 1–14. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  2. [BDK+05]
    Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure Remote Authentication Using Biometric Data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. [BJKS93]
    Bierbrauer, J., Johansson, T., Kabatianskii, G., Smeets, B.: On Families of Hash Functions via Geometric Codes and Concatenation. In: Stinson [Sti93], pp. 331–342Google Scholar
  4. [CDF+08]
    Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. [Che97]
    Cheung, S.: An efficient message authentication scheme for link state routing. In: 13th Annual Computer Security Applications Conference, pp. 90–98 (1997)Google Scholar
  6. [CL06]
    Chang, E.-C., Li, Q.: Hiding Secret Points Amidst Chaff. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 59–72. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. [CRVW02]
    Capalbo, M.R., Reingold, O., Vadhan, S.P., Wigderson, A.: Randomness conductors and constant-degree lossless expanders. In: IEEE Conference on Computational Complexity, p. 15 (2002)Google Scholar
  8. [CW79]
    Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer and System Sciences 18, 143–154 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  9. [dB93]
    den Boer, B.: A Simple and Key-Economical Unconditional Authentication Scheme. Journal of Computer Security 2, 65–71 (1993)Google Scholar
  10. [DKRS06]
    Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 232–250. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. [DORS08]
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing 38(1), 97–139 (2007); arXiv:cs/0602007MathSciNetCrossRefzbMATHGoogle Scholar
  12. [DW08]
    Dodis, Y., Wichs, D.: One-round authenticated key agreement from weak secrets. Technical Report 2008/503, Cryptology ePrint archive (2008),
  13. [HILL99]
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: Construction of pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  14. [KR08a]
    Kanukurthi, B., Reyzin, L.: An Improved Robust Fuzzy Extractor. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 156–171. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. [KR08b]
    Kanukurthi, B., Reyzin, L.: Key agreement from close secrets over unsecured channels. Technical Report 2008/494, Cryptology ePrint archive (2008),
  16. [Mau97]
    Maurer, U.M.: Information-theoretically secure secret-key agreement by NOT authenticated public discussion. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 209–225. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. [MW97]
    Maurer, U.M., Wolf, S.: Privacy amplification secure against active adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 307–321. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  18. [MW03]
    Maurer, U., Wolf, S.: Secret-key agreement over unauthenticated public channels — Part III: Privacy amplification. IEEE Trans. Info. Theory 49(4), 839–851 (2003)CrossRefzbMATHGoogle Scholar
  19. [NZ96]
    Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52(1), 43–53 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  20. [RR02]
    Reyzin, L., Reyzin, N.: Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 144–153. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. [RW03]
    Renner, R.S., Wolf, S.: Unconditional authenticity and privacy from an arbitrarily weak secret. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 78–95. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. [RW04]
    Renner, R.S., Wolf, S.: The Exact Price for Unconditionally Secure Asymmetric Cryptography. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 109–125. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. [Sho99]
    Shoup, V.: On formal models for secure key exchange. Technical Report RZ 3120 (#93166), IBM Zurich Research Lab (1999),
  24. [Sho01]
    Shoup, V.: Ntl: A library for doing number theory, version 5.4.2 (2001),
  25. [Sti93]
    Stinson, D.R. (ed.): CRYPTO 1993. LNCS, vol. 773, pp. 22–26. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  26. [Tay93]
    Taylor, R.: An Integrity Check Value Algorithm for Stream Ciphers. In: Stinson [Sti93], pp. 40–48Google Scholar
  27. [Wol98]
    Wolf, S.: Strong security against active attacks in information-theoretic secret-key agreement. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 405–419. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  1. 1.Boston University Computer ScienceBostonUSA

Personalised recommendations