Information-Theoretic Secret-Key Agreement: The Asymptotically Tight Relation Between the Secret-Key Rate and the Channel Quality Ratio

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11239)


Information-theoretic secret-key agreement between two parties Alice and Bob is a well-studied problem that is provably impossible in a plain model with public (authenticated) communication, but is known to be possible in a model where the parties also have access to some correlated randomness. One particular type of such correlated randomness is the so-called satellite setting, where uniform random bits (e.g., sent by a satellite) are received by the parties and the adversary Eve over inherently noisy channels. The antenna size determines the error probability, and the antenna is the adversary’s limiting resource much as computing power is the limiting resource in traditional complexity-based security. The natural assumption about the adversary is that her antenna is at most Q times larger than both Alice’s and Bob’s antenna, where, to be realistic, Q can be very large.

The goal of this paper is to characterize the secret-key rate per transmitted bit in terms of Q. Traditional results in this so-called satellite setting are phrased in terms of the error probabilities \(\epsilon _A\), \(\epsilon _B\), and \(\epsilon _E\), of the binary symmetric channels through which the parties receive the bits and, quite surprisingly, the secret-key rate has been shown to be strictly positive unless Eve’s channel is perfect (\(\epsilon _E=0\)) or either Alice’s or Bob’s channel output is independent of the transmitted bit (i.e., \(\epsilon _A=0.5\) or \(\epsilon _B=0.5\)). However, the best proven lower bound, if interpreted in terms of the channel quality ratio Q, is only exponentially small in Q. The main result of this paper is that the secret-key rate decreases asymptotically only like \(1/Q^2\) if the per-bit signal energy, affecting the quality of all channels, is treated as a system parameter that can be optimized. Moreover, this bound is tight if Alice and Bob have the same antenna sizes.

Motivated by considering a fixed sending signal power, in which case the per-bit energy is inversely proportional to the bit-rate, we also propose a definition of the secret-key rate per second (rather than per transmitted bit) and prove that it decreases asymptotically only like 1/Q.


  1. 1.
    Ahlswede, R., Csiszár, I.: Common randomness in information theory and cryptography. I. Secret sharing. IEEE Trans. Inf. Theory 39(4), 1121–1132 (1993)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Calabro, C.: The exponential complexity of satisfiability problems. Ph.D. thesis, University of California, San Diego (2009)Google Scholar
  3. 3.
    Cover, T., Thomas, J.: Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing). Wiley, Hoboken (2006)Google Scholar
  4. 4.
    Csiszár, I., Körner, J.: Broadcast channels with confidential messages. IEEE Trans. Inf. Theory 24(3), 339–348 (1978)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Csiszár, I., Narayan, P.: Secrecy capacities for multiple terminals. IEEE Trans. Inf. Theory 50(12), 3047–3061 (2004)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Gander, M.J., Maurer, U.M.: On the secret-key rate of binary random variables. In: Proceedings of the 1994 IEEE International Symposium on Information Theory (ISIT 1994), p. 351. IEEE (1994)Google Scholar
  7. 7.
    Gohari, A.A., Anantharam, V.: Information-theoretic key agreement of multiple terminals: Part I. IEEE Trans. Inf. Theory 56(8), 3973–3996 (2010)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Hayashi, M., Tyagi, H., Watanabe, S.: Secret key agreement: general capacity and second-order asymptotics. IEEE Trans. Inf. Theory 62(7), 3796–3810 (2016)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Jost, D., Maurer, U., Ribeiro, J.L.: Information-theoretic secret-key agreement: the asymptotically tight relation between the secret-key rate and the channel quality ratio. Cryptology ePrint Archive, Report 2017/1130 (2017).
  10. 10.
    Liu, S., Van Tilborg, H.C.A., Van Dijk, M.: A practical protocol for advantage distillation and information reconciliation. Des. Codes Cryptogr. 30(1), 39–62 (2003). Scholar
  11. 11.
    Maurer, U.M.: Secret key agreement by public discussion from common information. IEEE Trans. Inf. Theory 39(3), 733–742 (1993)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Maurer, U.M., Wolf, S.: Unconditionally secure key agreement and the intrinsic conditional information. IEEE Trans. Inf. Theory 45(2), 499–514 (1999)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Maurer, U.: The strong secret key rate of discrete random triples. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science (Communications and Information Theory), vol. 276, pp. 271–285. Springer, Boston, MA (1994). Scholar
  14. 14.
    Maurer, U., Wolf, S.: Towards characterizing when information-theoretic secret key agreement is possible. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 196–209. Springer, Heidelberg (1996). Scholar
  15. 15.
    Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher. J. Cryptol. 5(1), 53–66 (1992). Scholar
  16. 16.
    Maurer, U.M.: Protocols for secret key agreement by public discussion based on common information. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 461–470. Springer, Heidelberg (1993). Scholar
  17. 17.
    Maurer, U., Wolf, S.: Information-theoretic key agreement: from weak to strong secrecy for free. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 351–368. Springer, Heidelberg (2000). Scholar
  18. 18.
    Naito, M., Watanabe, S., Matsumoto, R., Uyematsu, T.: Secret key agreement by reliability information of signals in Gaussian Maurer’s Model. In: Proceedings of the 2008 IEEE International Symposium on Information Theory (ISIT 2008), pp. 727–731. IEEE (2008)Google Scholar
  19. 19.
    Ozarow, L.H., Wyner, A.D.: Wire-tap channel II. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 33–50. Springer, Heidelberg (1985). Scholar
  20. 20.
    Renner, R., Skripsky, J., Wolf, S.: A new measure for conditional mutual information and its properties. In: Proceedings of the 2003 IEEE International Symposium on Information Theory (ISIT 2003), p. 259. IEEE (2003)Google Scholar
  21. 21.
    Shannon, C.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Shannon, C.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28(4), 656–715 (1949)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Stinson, D.: Universal hashing and authentication codes. Des. Codes Cryptogr. 4(3), 369–380 (1994)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Tyagi, H., Watanabe, S.: A bound for multiparty secret key agreement and implications for a problem of secure computing. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 369–386. Springer, Heidelberg (2014). Scholar
  25. 25.
    Wyner, A.D.: The wire-tap channel. Bell Syst. Tech. J. 54(8), 1355–1387 (1975)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland
  2. 2.Department of ComputingImperial College LondonLondonUK

Personalised recommendations