Abstract.A completely insecure communication channel can only be transformed into an unconditionally secure channel if some informationtheoretic primitive is given to start from. All previous approaches to realizing such authenticity and privacy from weak primitives were symmetric in the sense that security for both parties was achieved. We show that asymmetric information-theoretic security can, however, be obtained at a substantially lower price than two-way security-like in the computational-security setting, as the example of public-key cryptography demonstrates. In addition to this, we show that also an unconditionally secure bidirectional channel can be obtained under weaker conditions than previously known. One consequence of these results is that the assumption usually made in the context of quantum key distribution that the two parties share a short key initially is unnecessarily strong.Keywords. Information-theoretic security, authentication, information reconciliation, privacy amplification, quantum key agreement, reductions of information-theoretic primitives.
Motivation and Main Results
Realizing Unconditional Security from Other PrimitivesThere are mainly two types of cryptographic security, namely computational and information-theoretic security. Systems of the first type can in principle be broken by adversaries with sufficient computing power; their security is based on the hardness of certain computational tasks-such as factoring large integers or computing discrete logarithms. However, no proofs can be given up to date for the security of such schemes. To make things even worse, the realization of a quantum computer would allow for breaking many presently-used systems efficiently. These facts serve as a strong motivation for the study of informationtheoretically secure cryptography. Systems of this type are provably unbreakable even by computationally unlimited adversaries. Clearly, this is the most desirable type of security-but it has its price [21], the exact determination of which