message transmission and key establishment conditions for
play

Message Transmission and Key Establishment: Conditions for Equality - PowerPoint PPT Presentation

Nov 24, 2022 •206 likes •407 views

Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities Hadi Ahmadi University of Calgary (joint work with Reihaneh Safavi-Naini) October 25, 2012 1 / 20 Overview Secrecy capacity Secure message

  1. Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities Hadi Ahmadi University of Calgary (joint work with Reihaneh Safavi-Naini) October 25, 2012 1 / 20

  2. Overview Secrecy capacity ◮ Secure message transmission (SMT) over wiretap channel [Wy75,CK78]. ◮ Discrete memoryless channels from Alice to Bob and Eve. ◮ Alice wants to send Bob a message that stays private from Eve. ◮ SMT is possible when Eve’s channel is noisier. 2 / 20

  3. Overview Secrecy capacity ◮ Secure message transmission (SMT) over wiretap channel [Wy75,CK78]. ◮ Discrete memoryless channels from Alice to Bob and Eve. ◮ Alice wants to send Bob a message that stays private from Eve. ◮ SMT is possible when Eve’s channel is noisier. ◮ But how many message bits can be sent? 3 / 20

  4. Overview Secrecy capacity ◮ Secure message transmission (SMT) over wiretap channel [Wy75,CK78]. ◮ Discrete memoryless channels from Alice to Bob and Eve. ◮ Alice wants to send Bob a message that stays private from Eve. ◮ SMT is possible when Eve’s channel is noisier. ◮ But how many message bits can be sent? infinite! 4 / 20

  5. Overview Secrecy capacity ◮ Secure message transmission (SMT) over wiretap channel [Wy75,CK78]. ◮ Discrete memoryless channels from Alice to Bob and Eve. ◮ Alice wants to send Bob a message that stays private from Eve. ◮ SMT is possible when Eve’s channel is noisier. ◮ But how many message bits can be sent? infinite! ◮ Say how may message bits per channel use? That is secrecy capacity! 5 / 20

  6. Overview Secrecy capacity ◮ Secure message transmission (SMT) over wiretap channel [Wy75,CK78]. ◮ Discrete memoryless channels from Alice to Bob and Eve. ◮ Alice wants to send Bob a message that stays private from Eve. ◮ SMT is possible when Eve’s channel is noisier. ◮ Secrecy capacity (the highest transmission rate) is derived as C wc ws = U ↔ X ↔ ( Y , Z ) I ( U ; Y ) − I ( U ; Z ) . max 6 / 20

  7. Overview SK capacity ◮ Secret key agreement (SKE) over noisy channels [Ma93,AC93]. ◮ Alice and Bob want to share a key that stays private from Eve. ◮ Secret key (SK) capacity: highest key rate in bits/channel use. ◮ SKE is like SMT in the wiretap channel setting. C wc wsk = C wc ws 7 / 20

  8. Overview SK capacity ◮ Secret key agreement (SKE) over noisy channels [Ma93,AC93]. ◮ Alice and Bob want to share a key that stays private from Eve. ◮ Secret key (SK) capacity: highest key rate in bits/channel use. ◮ SKE is like SMT in the wiretap channel setting. C wc wsk = C wc ws ◮ By adding public discussion SK capacity increases. C wc + pdc ≥ C wc wsk wsk 8 / 20

  9. Overview weak/strong SK capacity ◮ From weak to strong security in SKE [MW00]. ◮ Motivation: use of weak security (negligible leakage rate). ◮ Proposal: define strong security (negligible absolute leakage). ◮ Problem: relation between the two. Definition (Weak SK capacity) Requiring S A ≈ S B such that weak secrecy: I ( S A ; View E ) ≤ H ( S A ) δ . Definition (Strong SK capacity) Requiring uniform S A ≈ S B such that strong secrecy: I ( S A ; View E ) ≤ δ . Note: Similarly one can define weak and strong secercy capacities. 9 / 20

  10. Motivation to our work ◮ Maurer and Wolf [MW00] prove strengthening security is doable without sacrificing the key rate: C wc + pdc = C wc + pdc C wc wsk = C wc ssk , wsk ssk ◮ Followup research studied weakly secure SKE in new setups. ◮ Not clear whether these results also holds for strong security. Question1: What are general conditions for the equality of weak and strong SK capacities? Question2: What about weak and strong secrecy capacities (for message transmission)? 10 / 20

  11. Part 1: Equality conditions for SK capacity The MW approach ◮ For equality conditions of SK capacity, we revisit the MW proof. ◮ The proof is quite generic: slight modification makes it work for many other setups. ◮ But it does not apply to ALL existing setups ◮ The MW approach has two phases: Ph1 Equality of weak and uniform SK capacities. ◮ This is general: works for any DM setup. Ph2 Construction of strong protocols from uniform ones. ◮ Relies on implicit assumptions... Let’s see what is inside this phase! 11 / 20

  12. Part 1: Equality conditions for SK capacity Phase 2 of the MW approach ◮ Four steps to make a strong protocol from a uniform one: S1 Independent repetition of uniform protocol n times: S A , S B ◮ Cost is n times that of the uniform protocol. S2 Information reconciliation by universal hashing: S A ≈ S B ◮ Resources to send function description, say l bits. S3 Privacy amplification by a seeded extractor: S = Ext ( R , S A ) ◮ Resources to generate random seed, say r bits. ◮ Resources to send r -bit random seed. S4 Uniformization to make key uniform: H ( S ) = log |S| . ◮ Free: does not require resource. 12 / 20

  13. Part 1: Equality conditions for SK capacity Phase 2 of the MW approach ◮ Four steps to make a strong protocol from a uniform one: S1 Independent repetition of uniform protocol n times: S A , S B ◮ Cost is n times that of the uniform protocol. S2 Information reconciliation by universal hashing: S A ≈ S B ◮ Resources to send function description, say l bits. S3 Privacy amplification by a seeded extractor: S = Ext ( R , S A ) ◮ Resources to generate random seed, say r bits. ◮ Resources to send r -bit random seed. S4 Uniformization to make key uniform: H ( S ) = log |S| . ◮ Free: does not require resource. ◮ Proof sketch: By choosing n sufficiently large, ◮ the parameters l and r become negligible in cost, and ◮ The key size is close to n time that of uniform protocol. ◮ hence the key rate stays the same. 13 / 20

  14. Part 1: Equality conditions for SK capacity Modified proof sketch ◮ Assumptions made by the MW approach: ◮ Channel with positive (reliability) capacity. ◮ Free local source of randomness. ◮ The assumptions do not hold in all setups, e.g., ◮ Two-way wiretap channels [AS11] with zero reliability capacity. ◮ Secret key from noise [AS11*] with no random source. ◮ Are both assumptions necessary conditions? ◮ We remove the first assumption, i.e., need for randomness. ◮ Trick: using a two-source extractor for privacy amplification. 14 / 20

  15. Part 1: Equality conditions for SK capacity Modified proof sketch ◮ Our steps to make a strong protocol from a uniform one. S1 Independent repetition of uniform protocol 2 n times: ◮ Alice has ( S A , 1 , S A , 2 ) and Bob has ( S B , 1 , S B , 2 ). ◮ Cost is 2 n times that of the uniform protocol. S2 Information reconciliation by universal hashing: S A ≈ S B ◮ Gives ( S A , 1 , S A , 2 ) ≈ ( S B , 1 , S B , 2 ). ◮ Resources to send function description, say 2 l bits. S3 Privacy amplification by a two-source extractor: ◮ Gives S = TExt ( S A , 1 , S A , 2 ). ◮ Free: does not require resource. S4 Uniformization to make key uniform: H ( S ) = log |S| . ◮ Free: does not require resource. ◮ Reliable transmission however is still needed. 15 / 20

  16. Part 1: Equality conditions for SK capacity Modified proof sketch ◮ Our steps to make a strong protocol from a uniform one. S1 Independent repetition of uniform protocol 2 n times: ◮ Alice has ( S A , 1 , S A , 2 ) and Bob has ( S B , 1 , S B , 2 ). ◮ Cost is 2 n times that of the uniform protocol. S2 Information reconciliation by universal hashing: S A ≈ S B ◮ Gives ( S A , 1 , S A , 2 ) ≈ ( S B , 1 , S B , 2 ). ◮ Resources to send function description, say 2 l bits. S3 Privacy amplification by a two-source extractor: ◮ Gives S = TExt ( S A , 1 , S A , 2 ). ◮ Free: does not require resource. S4 Uniformization to make key uniform: H ( S ) = log |S| . ◮ Free: does not require resource. ◮ Reliable transmission however is still needed. Conclusion: Weak and strong SK capacities equal in any discrete memoryless setup that allows reliable transmission. 16 / 20

  17. Part 2: Equality conditions for secrecy capacity Proof sketch ◮ Steps for strong transmission protocol from weak one. S1 Expansion of message by extractor inversion. ◮ Resources to generate random bits for expansion, say r bits. S2 Split: message in to pieces and send by weak protocol. ◮ Cost equals that of weak protocol. S3 Information reconciliation: to make key uniform. ◮ Resources to send function description, say l bits. S4 Extraction: of message by two-source extractor. ◮ Free: does not require resource. ◮ Reliable transmission requirement can be removed: A setup with weak secrecy capacity always allows reliable transmission. ◮ Randomness generation however is needed. Conclusion: Weak and strong secrecy capacities equal in any discrete memoryless setup that lets sender generate randomness. 17 / 20

  18. Conclusion ◮ SMT vs. SKE: duality Requirement MW approach Our approach Our approach (SK) (SK) (Secrecy) required - required Randomness access Reliable transmission required required - ◮ Equality conditions: Sufficient but not necessary, e.g., ◮ Noisy two-way two-way channel Y A = Y B = X A + X B + N and Y E = f ( Y A ) where N is uniform. ◮ Secure channel Y B = X A + N ′ and Y E = ⊥ , and no randomness. 18 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Transmission Control Protocol (TCP) Segmentation -- breaks message into packets Error

Transmission Control Protocol (TCP) Segmentation -- breaks message into packets Error

TCP: Transmission Control Protocol z TCP must perform typical transport layer functions: Transmission Control Protocol (TCP) Segmentation -- breaks message into packets Error recovery -- since IP is an unreliable service Srinidhi

371 views • 3 slides
1. Packet-Switching Principles Store & forward scheme message is split into

1. Packet-Switching Principles Store & forward scheme message is split into

1 Chap. 9 Packet Switching 1. Packet-Switching Principles Store & forward scheme message is split into size-limited packets for transmission Pipelining of packet transmission reduces transmission delay Advantages

647 views • 27 slides
Transmission Control Protocol (TCP) Srinidhi Varadarajan TCP: Transmission Control Protocol z TCP

Transmission Control Protocol (TCP) Srinidhi Varadarajan TCP: Transmission Control Protocol z TCP

Transmission Control Protocol (TCP) Srinidhi Varadarajan TCP: Transmission Control Protocol z TCP must perform typical transport layer functions: Segmentation -- breaks message into packets Error recovery -- since IP is an unreliable

323 views • 16 slides
Establishment Unit 9 Site Establishment and Procurement Site Establishment This section of

Establishment Unit 9 Site Establishment and Procurement Site Establishment This section of

Safety Management & Site Establishment Unit 9 Site Establishment and Procurement Site Establishment This section of this course seeks to focus on the physical establishment of a site, as with the selection of common temporary

780 views • 59 slides
Error Coding Transmission process may introduce errors into a message. Single bit errors

Error Coding Transmission process may introduce errors into a message. Single bit errors

Error Coding Transmission process may introduce errors into a message. Single bit errors versus burst errors Detection: Requires a convention that some messages are invalid Hence requires extra bits An (n,k) code has

850 views • 72 slides
ting e plan n tree urba ent lishm estab Site Conditions + Required Maintenance Potential

ting e plan n tree urba ent lishm estab Site Conditions + Required Maintenance Potential

ting e plan n tree urba ent lishm estab Site Conditions + Required Maintenance Potential Damage + tree e Tree Growth Conflicts Establishment Establishment Water Gator Bags g Contractor responsible the first year

587 views • 27 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
Elementary Coding Theory 1 MATH 280 Discrete Mathematical Structures Elementary Coding Theory

Elementary Coding Theory 1 MATH 280 Discrete Mathematical Structures Elementary Coding Theory

Elementary Coding Theory 1 MATH 280 Discrete Mathematical Structures Elementary Coding Theory Information Transmission Transmission Encode Code word Received Decode Message Decoded message (special ntuple) ntuple (with

570 views • 32 slides
Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure

Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure

Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure communication C D A B E F N parties want to communicate securely with each other (N=6 in this figure) If U sends a message to V (U V

771 views • 54 slides
Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical aspect of successful advocacy is the ability to create and deliver a message. While your passion matters greatly, your coalitions make the work

487 views • 15 slides
Offshore Wind & Transmission Forum Financing Offshore Transmission A Transmission

Offshore Wind & Transmission Forum Financing Offshore Transmission A Transmission

Offshore Wind & Transmission Forum Financing Offshore Transmission A Transmission Owners Perspective Overview Transmission Capital Financing Offshore Transmission An Emerging Issue in Europe? UK Offshore

224 views • 20 slides
Sharing: Transmission of HIV during Injecting 6 Ways SW-IDUs put themselves at risk of HIV

Sharing: Transmission of HIV during Injecting 6 Ways SW-IDUs put themselves at risk of HIV

Sharing: Transmission of HIV during Injecting 6 Ways SW-IDUs put themselves at risk of HIV beyond using the same syringes/needles Messages Our main message for the safer injecting theme is: Use a sterile syringe and needle each time

252 views • 8 slides
Categories of Ministerial staff and their Role Mr. Naveed Ahmed Khan Two Establishment of

Categories of Ministerial staff and their Role Mr. Naveed Ahmed Khan Two Establishment of

Categories of Ministerial staff and their Role Mr. Naveed Ahmed Khan Two Establishment of Ministerial S taff in Distt: 1. Establishment of D&SJ 2. Establishment Composition of D&S J Establishment Superintended Nazir/

474 views • 8 slides
Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies, a message is defined as information conveyed by words (in speech or writing), and/or other signs and symbols. A message (verbal or nonverbal, or

485 views • 17 slides
GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

National Taiwan University Department of Computer Science and Information Engineering GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message Service Phone Lin Phone Lin Ph.D. Ph.D. Email:

360 views • 13 slides
Adaptive Design in an Establishment Survey: Adaptive Design in an Establishment Survey: Strategic

Adaptive Design in an Establishment Survey: Adaptive Design in an Establishment Survey: Strategic

Adaptive Design in an Establishment Survey: Adaptive Design in an Establishment Survey: Strategic Targeting in the Agricultural Resource Management Survey (ARMS) Dr. Jaki McCarthy T l Tyler Wilson Wil Research and Development Division,

734 views • 22 slides
Additivity in classical-quantum wiretap channels ISIT 2020 *University of Sydney Arkin Tikku*,

Additivity in classical-quantum wiretap channels ISIT 2020 *University of Sydney Arkin Tikku*,

Additivity in classical-quantum wiretap channels ISIT 2020 *University of Sydney Arkin Tikku*, Mario Berta , Joseph M. Renes Imperial College London ETH Zrich Motivation Classical Shannon Theory Basic settings fully

426 views • 18 slides
Surveillance, Censorship, and Countermeasures Professor Ristenpart

Surveillance, Censorship, and Countermeasures Professor Ristenpart

Surveillance, Censorship, and Countermeasures Professor Ristenpart h/p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

729 views • 46 slides
Semantic Security for the Wiretap Channel Stefano Tessaro MIT Joint work with Mihir Bellare

Semantic Security for the Wiretap Channel Stefano Tessaro MIT Joint work with Mihir Bellare

Semantic Security for the Wiretap Channel Stefano Tessaro MIT Joint work with Mihir Bellare (UCSD) Alexander Vardy (UCSD) Cryptography today is (mainly) based on computational assumptions. We wish instead to base cryptography on a physical

290 views • 25 slides
A Model for Adversarial Wiretap Channel Rei Safavi-Naini, U Calgary, CANADA Joint work with

A Model for Adversarial Wiretap Channel Rei Safavi-Naini, U Calgary, CANADA Joint work with

A Model for Adversarial Wiretap Channel Rei Safavi-Naini, U Calgary, CANADA Joint work with Pengwei Wang . Alice wants to send a private message to Bob Shannon (1949) E-enc E-dec Hello n First reliability Hello n Then, secrecy k Hello

417 views • 22 slides
Improvement of Certain Encryption Approaches Based on the LPN Problem Miodrag Mihaljevic and

Improvement of Certain Encryption Approaches Based on the LPN Problem Miodrag Mihaljevic and

Employment of Homophonic Coding for Improvement of Certain Encryption Approaches Based on the LPN Problem Miodrag Mihaljevic and Hideki Imai Research Center for Information Security (RCIS), National Institute AIST, Tokyo Symmetric Key

551 views • 42 slides
INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information Theory Matthieu Bloch December 2, 2019 1 CONTEXT AND OBJECTIVES CONTEXT AND OBJECTIVES Context Security is an increasingly problematic

480 views • 27 slides
Quantum channels from subfactors Pieter Naaijkens Universidad Complutense de Madrid 21 March

Quantum channels from subfactors Pieter Naaijkens Universidad Complutense de Madrid 21 March

Quantum channels from subfactors Pieter Naaijkens Universidad Complutense de Madrid 21 March 2019 This work was funded by the ERC (grant agreement No 648913) Three cultures Type I n : everything finite dimensional (no infinite resources)

602 views • 26 slides
A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

4/18/18 A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017 Finding A Partner? Time at the end of class To seek out a classmate of similar interests To work together On the semester

393 views • 22 slides

More recommend