Unconditional Authenticity and Privacy from an Arbitrarily Weak Secret

  • Renato Renner
  • Stefan Wolf
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


Unconditional cryptographic security cannot be generated simply from scratch, but must be based on some given primitive to start with (such as, most typically, a private key). Whether or not this implies that such a high level of security is necessarily impractical depends on how weak these basic primitives can be, and how realistic it is therefore to realize or find them in|classical or quantum|reality. A natural way of minimizing the required resources for information-theoretic security is to reduce the length of the private key. In this paper, we focus on the level of its secrecy instead and show that even if the communication channel is completely insecure, a shared string of which an arbitrarily large fraction is known to the adversary can be used for achieving fundamental cryptographic goals such as message authentication and encryption. More precisely, we give protocols|using such a weakly secret key|allowing for both the exchange of authenticated messages and the extraction of the key’s entire amount of privacy into a shorter virtually secret key. Our schemes, which are highly interactive, show the power of two-way communication in this context: Under the given conditions, the same objectives cannot be achieved by one-way communication only.


Information-theoretic security authentication privacy amplification extractors quantum key agreement 


  1. 1.
    Aumann, Y., Ding, Y.Z., Rabin, M.O.: Everlasting security in the bounded storage model. IEEE Trans. on Information Theory 48, 1668–1680 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, pp. 175–179 (1984)Google Scholar
  3. 3.
    Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.M.: Generalized privacy amplification. IEEE Trans. on Information Theory 41(6), 1915–1923 (1995)zbMATHCrossRefGoogle Scholar
  4. 4.
    Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion. SIAM Journal on Computing 17, 210–229 (1988)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Cachin, C.: Entropy measures and unconditional security in cryptography, Ph. D. Thesis, ETH Zürich. Hartung-Gorre Verlag, Konstanz (1997)Google Scholar
  6. 6.
    Csiszár, I., Körner, J.: Broadcast channels with confidential messages. IEEE Trans. on Information Theory 24, 339–348 (1978)zbMATHCrossRefGoogle Scholar
  7. 7.
    Dodis, Y., Spencer, J.: On the (non)universality of the one-time pad. In: Proceedings of FOCS 2002 (2002)Google Scholar
  8. 8.
    Dziembowski, S., Maurer, U.M.: ight security proofs for the bounded-storage model. In: Proceedings of STOC 2002, pp. 341–350 (2002)Google Scholar
  9. 9.
    Feller, W.: An introduction to probability theory and its applications, 3rd edn., vol. 1. Wiley International, Chichester (1968)zbMATHGoogle Scholar
  10. 10.
    Gemmell, P., Naor, M.: Codes for interactive authentication. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 355–367. Springer, Heidelberg (1994)Google Scholar
  11. 11.
    Holenstein, T., Maurer, U.M., Renner, R.: personal communicationGoogle Scholar
  12. 12.
    Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher. Journal of Cryptology 5(1), 53–66 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Maurer, U.M.: Secret key agreement by public discussion from common information. IEEE Trans. on Information Theory 39(3), 733–742 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Maurer, U.M., Wolf, S.: Privacy amplification secure against active adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 307–321. Springer, Heidelberg (1997)Google Scholar
  15. 15.
    Maurer, U.M., Wolf, S.: Secret-key agreement over unauthenticated public channels – Part I: Definitions and a completeness result. IEEE Trans. on Information Theory 49(4), 822–831 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Maurer, U.M., Wolf, S.: Secret-key agreement over unauthenticated public channels – Part II: The simulatability condition. IEEE Trans. on Information Theory 49(4), 832–838 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Maurer, U.M., Wolf, S.: Secret-key agreement over unauthenticated public channels – Part III: Privacy amplification. IEEE Trans. on Information Theory 49(4), 839–851 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    McInnes, J.L., Pinkas, B.: On the impossibility of private key cryptography with weakly random keys. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 421–435. Springer, Heidelberg (1991)Google Scholar
  19. 19.
    Raz, R., Reingold, O., Vadhan, S.: Extracting all the randomness and reducing the error in Trevisan’s extractors. In: Proceedings of STOC 1999, pp. 149–158 (1999)Google Scholar
  20. 20.
    Raz, R., Reingold, O., Vadhan, S.: Error reduction for extractors. In: Proceedings of FOCS 1999, pp. 191–201 (1999)Google Scholar
  21. 21.
    Russell, A., Wang, H.: How to fool an unbounded adversary with a short key. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 133–148. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28, 656–715 (1949)zbMATHMathSciNetGoogle Scholar
  23. 23.
    Stinson, D.R.: Universal hashing and authentication codes. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 74–85. Springer, Heidelberg (1992)Google Scholar
  24. 24.
    Wolf, S.: Strong security against active attacks in information-theoretic secret-key agreement. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 405–419. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  25. 25.
    Wolf, S.: Information-theoretically and computationally secure key agreement in cryptography, ETH dissertation No. 13138, ETH Zürich (1999)Google Scholar
  26. 26.
    Wyner, A.D.: The wire-tap channel. Bell System Technical Journal 54(8), 1355–1387 (1975)MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Renato Renner
    • 1
  • Stefan Wolf
    • 2
  1. 1.Department of Computer ScienceETH ZürichSwitzerland
  2. 2.Département d’Informatique et R.O.Université de MontréalCanada

Personalised recommendations