Sciweavers

STOC
2009
ACM

Non-malleable extractors and symmetric key cryptography from weak secrets

15 years 1 months ago
Non-malleable extractors and symmetric key cryptography from weak secrets
We study the question of basing symmetric key cryptography on weak secrets. In this setting, Alice and Bob share an n-bit secret W, which might not be uniformly random, but the adversary has at least k bits of uncertainty about it (formalized using conditional min-entropy). Since standard symmetrickey primitives require uniformly random secret keys, we would like to construct an authenticated key agreement protocol in which Alice and Bob use W to agree on a nearly uniform key R, by communicating over a public channel controlled by an active adversary Eve. We study this question in the information theoretic setting where the attacker is computationally unbounded. We show that single-round (i.e. one message) protocols do not work when k n 2 , and require poor parameters even when n 2 < k n. On the other hand, for arbitrary values of k, we design a communication efficient two-round (challenge-response) protocol extracting nearly k random bits. This dramatically improves the previous ...
Yevgeniy Dodis, Daniel Wichs
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Where STOC
Authors Yevgeniy Dodis, Daniel Wichs
Comments (0)