Privacy amplification by public discussion
SIAM Journal on Computing - Special issue on cryptography
Pseudo-random generation from one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Elements of information theory
Elements of information theory
Conditionally-perfect secrecy and a provably-secure randomized cipher
Journal of Cryptology - Eurocrypt '90
Small-bias probability spaces: efficient constructions and applications
SIAM Journal on Computing
Journal of Computer and System Sciences
Perfectly one-way probabilistic hash functions (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Tiny families of functions with random properties: a quality-size trade-off for hashing
Proceedings of the workshop on Randomized algorithms and computation
LFSR-based Hashing and Authentication
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
How to Fool an Unbounded Adversary with a Short Key
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Tight bounds for depth-two superconcentrators
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
On interactive proofs with a laconic prover
Computational Complexity
Computational soundness for standard assumptions of formal cryptography
Computational soundness for standard assumptions of formal cryptography
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Simple construction of almost k-wise independent random variables
SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Random Cayley graphs and expanders
Random Structures & Algorithms
Generalized privacy amplification
IEEE Transactions on Information Theory - Part 2
Correcting errors without leaking partial information
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
A model and architecture for pseudo-random generation with applications to /dev/random
Proceedings of the 12th ACM conference on Computer and communications security
Robust key generation from signal envelopes in wireless networks
Proceedings of the 14th ACM conference on Computer and communications security
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Hidden credential retrieval from a reusable password
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Hedged Public-Key Encryption: How to Protect against Bad Randomness
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Deterministic and efficiently searchable encryption
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Randomness extraction via δ-biased masking in the presence of a quantum attacker
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Proceedings of the forty-third annual ACM symposium on Theory of computing
Better security for deterministic public-key encryption: the auxiliary-input setting
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Confidential signatures and deterministic signcryption
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
A provable-security treatment of the key-wrap problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Incremental deterministic public-key encryption
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
ICITS'12 Proceedings of the 6th international conference on Information Theoretic Security
Stronger security model for public-key encryption with equality test
Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Journal of the ACM (JACM)
Hi-index | 0.00 |
We study entropic security, an information-theoretic notion of security introduced by Russell and Wang [24] in the context of encryption and by Canetti et al. [5,6] in the context of hash functions. Informally, a probabilitic map $Y = \mathcal{E}(X)$ (e.g., an encryption sheme or a hash function) is entropically secure if knowledge of Y does not help predicting any predicate of X, whenever X has high min-entropy from the adversary's point of view. On one hand, we strengthen the formulation of [5,6,24] and show that entropic security in fact implies that Y does not help predicting any function of X (as opposed to a predicate), bringing this notion closer to the conventioonal notion of semantic security [10]. On the other hand, we also show that entropic security is equivalent to indistinguishability on pairs of input distributions of sufficiently high entropy, which is in turn related to randomness extraction from non-uniform distributions [21]. We then use the equivalence above, and the connection to randomness extraction, to prove several new results on entropically-secure encryption. First, we give two general frameworks for constructing entropically secure encryption schemes: one based on expander graphs and the other on XOR-universal hash functions. These schemes generalize the schemes of Russell and Wang, yielding simpler constructions and proofs, as well as improved parameters. To encrypt an n-bit message of min-entropy t while allowing at most ε-advantage to the adversary, our best schemes use a shared secret key of length $k = n - t + 2{\rm log} (\frac {1}{\epsilon})$. Second, we obtain lower bounds on the key length k for entropic security and indistinguishability. In particular, we show near tightness of our constructions: k n – t. For a large class of schemes — including all the schemes we study — the bound can be strengthened to $k \geq n - t+{\rm log} (\frac {1}{\epsilon})-O(1)$.