Author_Institution :
Dept. of Comput. Sci., Swiss Federal Inst. of Technol., Zurich, Switzerland
Abstract :
The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y, respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution P/sub XYZ/, can also receive all messages exchanged by the two parties over a public channel. The goal of a protocol is that the enemy obtains at most a negligible amount of information about S. Upper bounds on H(S) as a function of P/sub XYZ/ are presented. Lower bounds on the rate H(S)/N (as N to infinity ) are derived for the case in which X=(X/sub 1/, . . ., X/sub N/), Y=(Y/sub 1/, . . ., Y/sub N/) and Z=(Z/sub 1/, . . ., Z/sub N/) result from N independent executions of a random experiment generating X/sub i/, Y/sub i/ and Z/sub i/ for i=1, . . ., N. It is shown that such a secret key agreement is possible for a scenario in which all three parties receive the output of a binary symmetric source over independent binary symmetric channels, even when the enemy´s channel is superior to the other two channels.<>
Keywords :
cryptography; information theory; telecommunication channels; binary symmetric source; common information; cryptography; lower bounds; probability distribution; protocol; public discussion; random variables; secret key agreement; upper bounds; Broadcasting; Channel capacity; Communication channels; Communication system security; Cryptography; Information security; Power system security; Probability distribution; Protocols; Random variables; Upper bound;
