Abstract
Information reconciliation allows two parties knowing correlated random variables, such as a noisy version of the partner's random bit string, to agree on a shared string. Privacy amplification allows two parties sharing a partially secret string about which an opponent has some partial information, to distill a shorter but almost completely secret key by communicating only over an insecure channel, as long as an upper bound on the opponent’s knowledge about the string is known. The relation between these two techniques has not been well understood. In particular, it is important to understand the effect of side-information, obtained by the opponent through an initial reconciliation step, on the size of the secret key that can be distilled safely by subsequent privacy amplification. The purpose of this paper is to provide the missing link between these techniques by presenting bounds on the reduction of the Rényi entropy of a random variable induced by side-information. We show that, except with negligible probability, each bit of side-information reduces the size of the key that can be safely distilled by at most two bits. Moreover, in the important special case of side-information and raw key data generated by many independent repetitions of a random experiment, each bit of side-information reduces the size of the secret key by only about one bit. The results have applications in unconditionally secure key agreement protocols and in quantum cryptography.
Article PDF
Similar content being viewed by others
References
C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, Experimental quantum cryptography,Journal of Cryptology, vol. 5, no. 1, pp. 3–28, 1992.
C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, Generalized privacy amplification,IEEE Transactions on Information Theory, vol. 41, pp. 1915–1923, Nov. 1995.
C. H. Bennett, G. Brassard, and J.-M. Robert, Privacy amplification by public discussion,SIAM Journal on Computing, vol. 17, pp. 210–229, April 1988.
R. E. Blahut,Principles and Practice of Information Theory, Addison-Wesley, Reading, MA, 1987.
G. Brassard, A quantum jump in computer science, In.Computer Science Today (J. van Leeuwen, ed.), Lecture Notes in Computer Science, vol. 1000, pp. 1–14, Springer-Verlag, New York, 1995.
G. Brassard and L. Salvail, Secret-key reconciliation by public discussion, In:Advances in Cryptology—EUROCRYPT '93 (T. Helleseth, ed.), Lecture Notes in Computer Science, vol. 765, pp. 410–423, Springer-Verlag, New York, 1994.
J. L. Carter and M. N. Wegman, Universal classes of hash functions,Journal of Computer and System Sciences, vol. 18, pp. 143–154, 1979.
T. M. Cover and J. A. Thomas,Elements of Information Theory, Wiley, New York, 1991.
W. Diffie and M. E. Hellman, New directions in cryptography.IEEE Transactions on Information Theory, vol. 22, pp. 644–654, Nov. 1976.
U. M. Maurer, Secret key agreement by public discussion from common information.IEEE Transactions on Information Theory, vol. 39, pp. 733–742, May 1993.
U. M. Maurer, The strong secret key rate of discrete random triples, In:Communications and Cryptography: Two Sides of One Tapestry (R. E. Blahutet al., eds.), Kluwer, Amsterdam, 1994.
A. Rényi, On measures of entropy and information, In.Proc. 4th Berkeley Symposium on Mathematical and Statistical Probability, vol. 1 (Berkeley), pp. 547–561, University of California Press, Berkeley, CA, 1961.
P. W. Shor, Algorithms for quantum computation: Discrete logarithm and factoring, In:Proc. 35th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 124–134, 1994.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Gilles Brassard
This research was supported by the Swiss National Science Foundation. A preliminary version of this paper was presented at Eurocrypt '94, May 9–12, Perugia, Italy.
Rights and permissions
About this article
Cite this article
Cachin, C., Maurer, U.M. Linking information reconciliation and privacy amplification. J. Cryptology 10, 97–110 (1997). https://doi.org/10.1007/s001459900023
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/s001459900023