scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Common randomness in information theory and cryptography. I. Secret sharing

TL;DR: As the first part of a study of problems involving common randomness at distance locations, information-theoretic models of secret sharing (generating a common random key at two terminals, without letting an eavesdropper obtain information about this key) are considered.
Abstract: As the first part of a study of problems involving common randomness at distance locations, information-theoretic models of secret sharing (generating a common random key at two terminals, without letting an eavesdropper obtain information about this key) are considered. The concept of key-capacity is defined. Single-letter formulas of key-capacity are obtained for several models, and bounds to key-capacity are derived for other models. >
Citations
More filters
Journal ArticleDOI
TL;DR: Essential theoretical tools that have been developed to assess the security of the main experimental platforms are presented (discrete- variable, continuous-variable, and distributed-phase-reference protocols).
Abstract: Quantum key distribution (QKD) is the first quantum information task to reach the level of mature technology, already fit for commercialization. It aims at the creation of a secret key between authorized partners connected by a quantum channel and a classical authenticated channel. The security of the key can in principle be guaranteed without putting any restriction on an eavesdropper's power. This article provides a concise up-to-date review of QKD, biased toward the practical side. Essential theoretical tools that have been developed to assess the security of the main experimental platforms are presented (discrete-variable, continuous-variable, and distributed-phase-reference protocols).

2,926 citations


Cites methods from "Common randomness in information th..."

  • ...Besides QKD, the additional resource in this case being the quantum channel, a number of alternative schemes to this end have been put forward (Ahlswede and Csiszár, 1993; Csiszár and Körner, 1978; Maurer, 1993; Wyner, 1975), to which one can also count the traditional trusted courier approach…...

    [...]

Book
16 Jan 2012
TL;DR: In this article, a comprehensive treatment of network information theory and its applications is provided, which provides the first unified coverage of both classical and recent results, including successive cancellation and superposition coding, MIMO wireless communication, network coding and cooperative relaying.
Abstract: This comprehensive treatment of network information theory and its applications provides the first unified coverage of both classical and recent results. With an approach that balances the introduction of new models and new coding techniques, readers are guided through Shannon's point-to-point information theory, single-hop networks, multihop networks, and extensions to distributed computing, secrecy, wireless communication, and networking. Elementary mathematical tools and techniques are used throughout, requiring only basic knowledge of probability, whilst unified proofs of coding theorems are based on a few simple lemmas, making the text accessible to newcomers. Key topics covered include successive cancellation and superposition coding, MIMO wireless communication, network coding, and cooperative relaying. Also covered are feedback and interactive communication, capacity approximations and scaling laws, and asynchronous and random access channels. This book is ideal for use in the classroom, for self-study, and as a reference for researchers and engineers in industry and academia.

2,442 citations

Journal ArticleDOI
TL;DR: A practical secure communication protocol is developed, which uses a four-step procedure to ensure wireless information-theoretic security and is shown that the protocol is effective in secure key renewal-even in the presence of imperfect channel state information.
Abstract: This paper considers the transmission of confidential data over wireless channels. Based on an information-theoretic formulation of the problem, in which two legitimates partners communicate over a quasi-static fading channel and an eavesdropper observes their transmissions through a second independent quasi-static fading channel, the important role of fading is characterized in terms of average secure communication rates and outage probability. Based on the insights from this analysis, a practical secure communication protocol is developed, which uses a four-step procedure to ensure wireless information-theoretic security: (i) common randomness via opportunistic transmission, (ii) message reconciliation, (iii) common key generation via privacy amplification, and (iv) message protection with a secret key. A reconciliation procedure based on multilevel coding and optimized low-density parity-check (LDPC) codes is introduced, which allows to achieve communication rates close to the fundamental security limits in several relevant instances. Finally, a set of metrics for assessing average secure key generation rates is established, and it is shown that the protocol is effective in secure key renewal-even in the presence of imperfect channel state information.

1,759 citations


Cites background from "Common randomness in information th..."

  • ...Powerful tools, such as common randomness, advantage distillation, and privacy amplification, were developed in the context of secret key agreement over wiretap channels [23], [25] and will be discussed, as they form the basis...

    [...]

  • ...The key generation/distribution problem in wiretap channels falls under the general problem of key generation from correlated source outputs, which has been extensively studied in an information-theoretic context [5], [23], [24]....

    [...]

Journal ArticleDOI
27 Jun 1994
TL;DR: This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard, and Robert for a special scenario, and yields results on wiretap and broadcast channels for a considerably strengthened definition of secrecy capacity.
Abstract: This paper, provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard, and Robert for a special scenario. Privacy amplification is a process that allows two parties to distil a secret key from a common random variable about which an eavesdropper has partial information. The two parties generally know nothing about the eavesdropper's information except that it satisfies a certain constraint. The results have applications to unconditionally secure secret-key agreement protocols and quantum cryptography, and they yield results on wiretap and broadcast channels for a considerably strengthened definition of secrecy capacity.

1,493 citations

Journal ArticleDOI
TL;DR: A comprehensive review of the domain of physical layer security in multiuser wireless networks, with an overview of the foundations dating back to the pioneering work of Shannon and Wyner on information-theoretic security and observations on potential research directions in this area.
Abstract: This paper provides a comprehensive review of the domain of physical layer security in multiuser wireless networks. The essential premise of physical layer security is to enable the exchange of confidential messages over a wireless medium in the presence of unauthorized eavesdroppers, without relying on higher-layer encryption. This can be achieved primarily in two ways: without the need for a secret key by intelligently designing transmit coding strategies, or by exploiting the wireless communication medium to develop secret keys over public channels. The survey begins with an overview of the foundations dating back to the pioneering work of Shannon and Wyner on information-theoretic security. We then describe the evolution of secure transmission strategies from point-to-point channels to multiple-antenna systems, followed by generalizations to multiuser broadcast, multiple-access, interference, and relay networks. Secret-key generation and establishment protocols based on physical layer mechanisms are subsequently covered. Approaches for secrecy based on channel coding design are then examined, along with a description of inter-disciplinary approaches based on game theory and stochastic geometry. The associated problem of physical layer message authentication is also briefly introduced. The survey concludes with observations on potential research directions in this area.

1,294 citations


Additional excerpts

  • ...were presented in [21]: S(X;Y||Z)≤ min[I (X;Y),I (X;Y|Z)], (13) S (X;Y||Z)≥ max[I (X;Y)− I (X;Z),I (Y;X)−I (Y ;Z)]. Closely related results were offered in the concurrent work by Ahlswede and Csiza´r [176]. Csisza´r and Narayan studied the augmentation of key-based secrecy capacity with the aid of a helper which supplies additional correlated information in [177], and obtained a single-letter character...

    [...]

References
More filters
Journal ArticleDOI
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

14,980 citations


Additional excerpts

  • ...The popular computational complexity approach (Diffie and Hellman [ 7 ], Rivest, Shamir, and Adleman [9]) certainly appears fruitful....

    [...]

Journal ArticleDOI
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.

14,659 citations

Journal ArticleDOI
TL;DR: Given two discrete memoryless channels (DMC's) with a common input, a single-letter characterization is given of the achievable triples where R_{e} is the equivocation rate and the related source-channel matching problem is settled.
Abstract: Given two discrete memoryless channels (DMC's) with a common input, it is desired to transmit private messages to receiver 1 rate R_{1} and common messages to both receivers at rate R_{o} , while keeping receiver 2 as ignorant of the private messages as possible. Measuring ignorance by equivocation, a single-letter characterization is given of the achievable triples (R_{1},R_{e},R_{o}) where R_{e} is the equivocation rate. Based on this channel coding result, the related source-channel matching problem is also settled. These results generalize those of Wyner on the wiretap channel and of Korner-Marton on the broadcast Channel.

3,570 citations

Journal ArticleDOI
TL;DR: Under a mild regularity condition this formula for the average error capacity in case of randomized encoding turns out to be valid and follows as consequence from either a or b.
Abstract: The author determines for arbitrarily varying channels a) the average error capacity and b) the maximal error capacity in case of randomized encoding.

387 citations

Journal ArticleDOI
TL;DR: The capacity of the AVC is determined with constraints on the transmitted codewords as well as on the channel state sequences, and it is demonstrated that it may be positive but less than the corresponding random code capacity.
Abstract: A well-known result of R. Ahlswede (1970) asserts that the deterministic code capacity of an arbitrarily varying channel (AVC), under the average-error-probability criterion, either equals its random code capacity or else is zero. A necessary and sufficient condition is identified for deciding between these alternative, namely, the capacity is zero if and only if the AVC is symmetrizable. The capacity of the AVC is determined with constraints on the transmitted codewords as well as on the channel state sequences, and it is demonstrated that it may be positive but less than the corresponding random code capacity. A special case of the results resolves a weakened version of a fundamental problem of coding theory. >

364 citations


"Common randomness in information th..." refers background in this paper

  • ...In certain communication situations random codes can far outperform deterministic codes, e.g., in the case of arbitrarily varying channels; for the latter, concerning the relation of capacity for deterministic codes to capacity for random codes, cf. Ahlswede [l] and Csisziir and Narayan [ 6 ]....

    [...]