Cryptology ePrint Archive: Report 2008/494

Key Agreement from Close Secrets over Unsecured Channels

Bhavana Kanukurthi and Leonid Reyzin

Abstract: We consider information-theoretic key agreement between two parties sharing somewhat different versions of a secret w that has relatively little entropy. Such key agreement, also known as information reconciliation and privacy amplification over unsecured channels, was shown to be theoretically feasible by Renner and Wolf (Eurocrypt 2004), although no protocol that runs in polynomial time was described. We propose a protocol that is not only polynomial-time, but actually practical, requiring only a few seconds on consumer-grade computers.

Our protocol can be seen as an interactive version of robust fuzzy extractors (Boyen et al., Eurocrypt 2005, Dodis et al., Crypto 2006). While robust fuzzy extractors, due to their noninteractive nature, require w to have entropy at least half its length, we have no such constraint. In fact, unlike in prior solutions, in our solution the entropy loss is essentially unrelated to the length or the entropy of w, and depends only on the security parameter.

Category / Keywords: applications / Robust Fuzzy Extractors, Privacy Amplification, Information Reconciliation, Implementation

Date: received 25 Nov 2008, last revised 24 Jun 2011

Contact author: bhavanak at bu edu

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Includes new subsection with a more detailed discussion on comparison with prior work. Corrected many minor typos and bugs.

Version: 20110624:204028 (All versions of this report)

Discussion forum: Show discussion | Start new discussion