Beyond the Csiszár–Körner Bound: Best-Possible Wiretap Coding via Obfuscation

IF 2.3 3区 计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS Journal of Cryptology Pub Date : 2023-10-18 DOI:10.1007/s00145-023-09482-2
Yuval Ishai, Alexis Korb, Paul Lou, Amit Sahai
{"title":"Beyond the Csiszár–Körner Bound: Best-Possible Wiretap Coding via Obfuscation","authors":"Yuval Ishai, Alexis Korb, Paul Lou, Amit Sahai","doi":"10.1007/s00145-023-09482-2","DOIUrl":null,"url":null,"abstract":"Abstract A wiretap coding scheme (Wyner in Bell Syst Tech J 54(8):1355–1387, 1975) enables Alice to reliably communicate a message m to an honest Bob by sending an encoding c over a noisy channel $$\\textsf{ChB}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChB</mml:mi> </mml:math> , while at the same time hiding m from Eve who receives c over another noisy channel $$\\textsf{ChE}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChE</mml:mi> </mml:math> . Wiretap coding is clearly impossible when $$\\textsf{ChB}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChB</mml:mi> </mml:math> is a degraded version of $$\\textsf{ChE}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChE</mml:mi> </mml:math> , in the sense that the output of $$\\textsf{ChB}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChB</mml:mi> </mml:math> can be simulated using only the output of $$\\textsf{ChE}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChE</mml:mi> </mml:math> . A classic work of Csiszár and Korner (IEEE Trans Inf Theory 24(3):339–348, 1978) shows that the converse does not hold. This follows from their full characterization of the channel pairs $$(\\textsf{ChB},\\textsf{ChE})$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mo>(</mml:mo> <mml:mi>ChB</mml:mi> <mml:mo>,</mml:mo> <mml:mi>ChE</mml:mi> <mml:mo>)</mml:mo> </mml:mrow> </mml:math> that enable information-theoretic wiretap coding. In this work, we show that in fact the converse does hold when considering computational security ; that is, wiretap coding against a computationally bounded Eve is possible if and only if $$\\textsf{ChB}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChB</mml:mi> </mml:math> is not a degraded version of $$\\textsf{ChE}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChE</mml:mi> </mml:math> . Our construction assumes the existence of virtual black-box obfuscation of specific classes of “evasive” functions that generalize fuzzy point functions and can be heuristically instantiated using indistinguishability obfuscation. Finally, our solution has the appealing feature of being universal in the sense that Alice’s algorithm depends only on $$\\textsf{ChB}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChB</mml:mi> </mml:math> and not on $$\\textsf{ChE}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mi>ChE</mml:mi> </mml:math> .","PeriodicalId":54849,"journal":{"name":"Journal of Cryptology","volume":null,"pages":null},"PeriodicalIF":2.3000,"publicationDate":"2023-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s00145-023-09482-2","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 2

Abstract

Abstract A wiretap coding scheme (Wyner in Bell Syst Tech J 54(8):1355–1387, 1975) enables Alice to reliably communicate a message m to an honest Bob by sending an encoding c over a noisy channel $$\textsf{ChB}$$ ChB , while at the same time hiding m from Eve who receives c over another noisy channel $$\textsf{ChE}$$ ChE . Wiretap coding is clearly impossible when $$\textsf{ChB}$$ ChB is a degraded version of $$\textsf{ChE}$$ ChE , in the sense that the output of $$\textsf{ChB}$$ ChB can be simulated using only the output of $$\textsf{ChE}$$ ChE . A classic work of Csiszár and Korner (IEEE Trans Inf Theory 24(3):339–348, 1978) shows that the converse does not hold. This follows from their full characterization of the channel pairs $$(\textsf{ChB},\textsf{ChE})$$ ( ChB , ChE ) that enable information-theoretic wiretap coding. In this work, we show that in fact the converse does hold when considering computational security ; that is, wiretap coding against a computationally bounded Eve is possible if and only if $$\textsf{ChB}$$ ChB is not a degraded version of $$\textsf{ChE}$$ ChE . Our construction assumes the existence of virtual black-box obfuscation of specific classes of “evasive” functions that generalize fuzzy point functions and can be heuristically instantiated using indistinguishability obfuscation. Finally, our solution has the appealing feature of being universal in the sense that Alice’s algorithm depends only on $$\textsf{ChB}$$ ChB and not on $$\textsf{ChE}$$ ChE .

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
超越Csiszár-Körner界限:通过混淆实现最佳窃听编码
一种窃听编码方案(Wyner in Bell system Tech J 54(8): 1355-1387, 1975)使Alice能够通过噪声信道$$\textsf{ChB}$$ ChB发送编码c,从而可靠地将消息m传递给诚实的Bob,同时将m隐藏给Eve, Eve通过另一个噪声信道$$\textsf{ChE}$$ ChE接收到c。当$$\textsf{ChB}$$ ChB是$$\textsf{ChE}$$ ChE的降级版本时,窃听编码显然是不可能的,因为只能使用$$\textsf{ChE}$$ ChE的输出来模拟$$\textsf{ChB}$$ ChB的输出。Csiszár和Korner的经典著作(IEEE Trans Inf Theory 24(3):339 - 348,1978)表明,相反的情况并不成立。这源于他们对信道对$$(\textsf{ChB},\textsf{ChE})$$ (ChB, ChE)的完整描述,这些信道对使信息论窃听编码成为可能。在这项工作中,我们表明,事实上,在考虑计算安全性时,相反的情况确实成立;也就是说,当且仅当$$\textsf{ChB}$$ ChB不是$$\textsf{ChE}$$ ChE的降级版本时,针对计算受限的Eve进行窃听编码是可能的。我们的构造假设存在特定类别的“回避”函数的虚拟黑箱混淆,这些函数概括了模糊点函数,并且可以使用不可区分混淆进行启发式实例化。最后,我们的解决方案具有吸引人的通用性,因为Alice的算法仅依赖于$$\textsf{ChB}$$ ChB而不依赖于$$\textsf{ChE}$$ ChE。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Cryptology
Journal of Cryptology 工程技术-工程:电子与电气
CiteScore
7.10
自引率
3.30%
发文量
24
审稿时长
18 months
期刊介绍: The Journal of Cryptology is a forum for original results in all areas of modern information security. Both cryptography and cryptanalysis are covered, including information theoretic and complexity theoretic perspectives as well as implementation, application, and standards issues. Coverage includes such topics as public key and conventional algorithms and their implementations, cryptanalytic attacks, pseudo-random sequences, computational number theory, cryptographic protocols, untraceability, privacy, authentication, key management and quantum cryptography. In addition to full-length technical, survey, and historical articles, the journal publishes short notes.
期刊最新文献
Randomness Recoverable Secret Sharing Schemes Memory-Efficient Attacks on Small LWE Keys Finding Collisions in a Quantum World: Quantum Black-Box Separation of Collision-Resistance and One-Wayness Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of a Prevailing Assumption The Price of Active Security in Cryptographic Protocols
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1