Optimal randomizer efficiency in the bounded-storage model (Q1879466): Difference between revisions
From MaRDI portal
Removed claim: author (P16): Item:Q676921 |
Changed an Item |
||
Property / author | |||
Property / author: Ueli M. Maurer / rank | |||
Normal rank |
Revision as of 15:05, 20 February 2024
scientific article
Language | Label | Description | Also known as |
---|---|---|---|
English | Optimal randomizer efficiency in the bounded-storage model |
scientific article |
Statements
Optimal randomizer efficiency in the bounded-storage model (English)
0 references
22 September 2004
0 references
This paper deals with information theoretically secure encryption and key agreement. This means that secure expansion of a short secret key into a much longer key is considered in the bounded-storage model. Such model is based, contrary to classical and practical cryptographic systems, only on the sole assumption that the adversary Eve can store only \(s\) bits, even if her computational power is unlimited. The communicating parties, Alice and Bob generate their key, which is a one-time pad, based on a publicly available source of random bits which can output a string of bits \(R\) of length \(t\). The one-time pad \(X\) of length \(n\) is also based on the shorter key \(K\), therefore suiting both the one time pad and the key the adversary can gain no information on the ciphertext. The main contribution of the paper is providing a stronger security proof. This comprises of the observation of the inability of the adversary to correctly predict the last bit of the expanded key even if she has access to all previous key bits and proving the negligeability of any strategy the adversary chooses for the faction of randomizers that give her a non-negligible advantage. The first three sections of the paper are introductory to the matter, sections 4 and 5 deal with parameter sizes closest to practical interest. Reasonable parameter sizes studied in previous sections lead to the conclusion that randomness efficiency \(v\) should be in the range 10. Open problems remain as the authors wonder about the security of proposed schemes under the assumption of an adversary with the ability to store \(s\) quantum bits rather than \(s\) classical bits.
0 references
bounded-storage model
0 references
unconditional security
0 references
one-time pad
0 references
information theory
0 references
min-entropy
0 references