On the Impossibility of Private Key Cryptography with Weakly Random Keys

McInnes, James; Pinkas, Benny

doi:10.1007/3-540-38424-3_31

Cited by 36 publications

(33 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Clearly, this is the most desirable type of security-but it has its price [21], the exact determination of which has been an open problem and subject to intensive study. Most generally speaking, this price is some information-theoretic primitive [15] I, such as shared keys that are fully [20], [8], [11] or partially random [9], [18] and secret [19], authenticated and/or noisy classical [22], [6] or quantum [1] communication channels, or correlated pieces of information [13].…”

Section: Realizing Unconditional Security From Other Primitivesmentioning

confidence: 99%

See 1 more Smart Citation

The Exact Price for Unconditionally Secure Asymmetric Cryptography

Renner

Wolf

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.A completely insecure communication channel can only be transformed into an unconditionally secure channel if some informationtheoretic primitive is given to start from. All previous approaches to realizing such authenticity and privacy from weak primitives were symmetric in the sense that security for both parties was achieved. We show that asymmetric information-theoretic security can, however, be obtained at a substantially lower price than two-way security-like in the computational-security setting, as the example of public-key cryptography demonstrates. In addition to this, we show that also an unconditionally secure bidirectional channel can be obtained under weaker conditions than previously known. One consequence of these results is that the assumption usually made in the context of quantum key distribution that the two parties share a short key initially is unnecessarily strong.Keywords. Information-theoretic security, authentication, information reconciliation, privacy amplification, quantum key agreement, reductions of information-theoretic primitives. Motivation and Main Results Realizing Unconditional Security from Other PrimitivesThere are mainly two types of cryptographic security, namely computational and information-theoretic security. Systems of the first type can in principle be broken by adversaries with sufficient computing power; their security is based on the hardness of certain computational tasks-such as factoring large integers or computing discrete logarithms. However, no proofs can be given up to date for the security of such schemes. To make things even worse, the realization of a quantum computer would allow for breaking many presently-used systems efficiently. These facts serve as a strong motivation for the study of informationtheoretically secure cryptography. Systems of this type are provably unbreakable even by computationally unlimited adversaries. Clearly, this is the most desirable type of security-but it has its price [21], the exact determination of which

show abstract

Section: Realizing Unconditional Security From Other Primitivesmentioning

confidence: 99%

“…Note that we have conditioned the involved random variables on an adversary's knowledge U = u. Alternatively, our results can be interpreted as to concern the model of unconditional security from keys generated by correlated weak random sources (other examples of such results are given in [9] and [18]). …”

mentioning

confidence: 99%

The Exact Price for Unconditionally Secure Asymmetric Cryptography

Renner

Wolf

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Many works consider achieving strong cryptography given only a "weak random source" [28,16,14]. This is a source that does have high min-entropy but may not produce truly random bits.…”

Section: Introductionmentioning

confidence: 99%

“…This is a source that does have high min-entropy but may not produce truly random bits. They show that many cryptographic tasks including symmetric encryption [28], commitment, secret-sharing, and zero knowledge [16] are impossible in this setting. We are not in this setting.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Hedged Public-Key Encryption: How to Protect against Bad Randomness

Bellare

Brakerski

Naor

et al. 2009

Lecture Notes in Computer Science

107

122

View full text Add to dashboard Cite

Abstract. Public-key encryption schemes rely for their IND-CPA security on per-message fresh randomness. In practice, randomness may be of poor quality for a variety of reasons, leading to failure of the schemes. Expecting the systems to improve is unrealistic. What we show in this paper is that we can, instead, improve the cryptography to offset the lack of possible randomness. We provide public-key encryption schemes that achieve IND-CPA security when the randomness they use is of high quality, but, when the latter is not the case, rather than breaking completely, they achieve a weaker but still useful notion of security that we call IND-CDA. This hedged public-key encryption provides the best possible security guarantees in the face of bad randomness. We provide simple RO-based ways to make in-practice IND-CPA schemes hedge secure with minimal software changes. We also provide non-RO model schemes relying on lossy trapdoor functions (LTDFs) and techniques from deterministic encryption. They achieve adaptive security by establishing and exploiting the anonymity of LTDFs which we believe is of independent interest.

show abstract

Separating Sources for Encryption and Secret Sharing

Dodis

Pietrzak

Przydatek

2006

Theory of Cryptography

View full text Add to dashboard Cite

Abstract. Most cryptographic primitives such as encryption, authentication or secret sharing require randomness. Usually one assumes that perfect randomness is available, but those primitives might also be realized under weaker assumptions. In this work we continue the study of building secure cryptographic primitives from imperfect random sources initiated by Dodis and Spencer (FOCS'02). Their main result shows that there exists a (high-entropy) source of randomness allowing for perfect encryption of a bit, and yet from which one cannot extract even a single weakly random bit, separating encryption from extraction. Our main result separates encryption from 2-out-2 secret sharing (both in the information-theoretic and in the computational settings): any source which can be used to achieve one-bit encryption also can be used for 2-out-2 secret sharing of one bit, but the converse is false, even for highentropy sources. Therefore, possibility of extraction strictly implies encryption, which in turn strictly implies 2-out-2 secret sharing.

show abstract

On the Impossibility of Private Key Cryptography with Weakly Random Keys

Cited by 36 publications

References 5 publications

The Exact Price for Unconditionally Secure Asymmetric Cryptography

The Exact Price for Unconditionally Secure Asymmetric Cryptography

Hedged Public-Key Encryption: How to Protect against Bad Randomness

Separating Sources for Encryption and Secret Sharing

Contact Info

Product

Resources

About