Abstract
Privacy amplification allows two parties Alice and Bob knowing a partially secret string S to extract, by communication over a public channel, a shorter, highly secret string S'. Bennett, Brassard, Crépeau, and Maurer showed that the length of S' can be almost equal to the conditional Rényi entropy of S given an opponent Eve's knowledge. All previous results on privacy amplification assumed that Eve has access to the public channel but is passive or, equivalently, that messages inserted by Eve can be detected by Alice and Bob. In this paper we consider privacy amplification secure even against active opponents. First it is analyzed under what conditions information-theoretically secure authentication is possible even though the common key is only partially secret. This result is used to prove that privacy amplification can be secure against an active opponent and that the size of S' can be almost equal to Eve's min-entropy about S minus 2n/3 if 5 is an n-bit string. Moreover, it is shown that for sufficiently large n privacy amplification is possible when Eve's min-entropy about S exceeds only n/2 rather than 2n/3.
Keywords
Download to read the full chapter text
Chapter PDF
References
C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, Generalized privacy amplification, IEEE Transactions on Information Theory, Vol. 41, Nr. 6, 1995.
C. H. Bennett, G. Brassard, and J.-M. Robert, Privacy amplification by public discussion, SIAM Journal on Computing, Vol. 17, pp. 210–229, 1988.
C. Cachin, Smooth entropy and Rényi entropy, Advances in Cryptology — EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 193–208, Springer-Verlag, 1997.
T. M. Cover and J. A. Thomas, Elements of information theory, Wiley Series in Telecommunications, 1992.
P. Gemmell and M. Naor, Codes for interactive authentication, Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, Vol. 773, pp. 355–367, Springer-Verlag, 1993.
U. Maurer, Information-theoretically secure secret-key agreement by NOT authenticated public discussion, Advances in Cryptology — EUROCRYPT '97, Lecture Notes in Computer Science, Vol. 1233, pp. 209–225, Springer-Verlag, 1997.
U. M. Maurer, A unified and generalized treatment of authentication theory, Proceedings 13th Symp. on Theoretical Aspects of Computer Science — STACS '96, Lecture Notes in Computer Science, Vol. 1046, pp. 387–398, Springer-Verlag, 1996.
U. M. Maurer, Secret key agreement by public discussion from common information, IEEE Transactions on Information Theory, Vol. 39, No. 3, pp. 733–742, 1993.
N. Nisan, Extracting randomness: how and why — a survey, preprint, 1996.
N. Nisan and D. Zuckerman, Randomness is linear in space, Journal of Computer and System Sciences, Vol. 52, No. 1, pp. 43–52, 1996.
G. J. Simmons, A survey of information authentication, Proc. of the IEEE, Vol. 76, pp. 603–620, 1988.
D. R. Stinson, Universal hashing and authentication codes, Advances in Cryptology — CRYPTO '91, Lecture Notes in Computer Science, Vol. 576, pp. 74–85, Springer-Verlag, 1992.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag
About this paper
Cite this paper
Maurer, U., Wolf, S. (1997). Privacy amplification secure against active adversaries. In: Kaliski, B.S. (eds) Advances in Cryptology — CRYPTO '97. CRYPTO 1997. Lecture Notes in Computer Science, vol 1294. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0052244
Download citation
DOI: https://doi.org/10.1007/BFb0052244
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63384-6
Online ISBN: 978-3-540-69528-8
eBook Packages: Springer Book Archive