### Abstract

We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. Despite being extensively studied in the literature, the problem of designing "optimal" efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k - m. Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some "useful information" about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys. Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, thereby achieving the following goals for the first time: - 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ^{2}) (resp. k > n/2(1-α) for some universal constant α > 0) . - 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ^{2}) or k > n/2(1-α) (the latter is also source-private). - The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ^{2}). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.).

Original language | English (US) |
---|---|

Title of host publication | Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings |

Publisher | Springer Verlag |

Pages | 183-198 |

Number of pages | 16 |

Volume | 8617 LNCS |

Edition | PART 2 |

ISBN (Print) | 9783662443804 |

DOIs | |

State | Published - 2014 |

Event | 34rd Annual International Cryptology Conference, CRYPTO 2014 - Santa Barbara, CA, United States Duration: Aug 17 2014 → Aug 21 2014 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Number | PART 2 |

Volume | 8617 LNCS |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 34rd Annual International Cryptology Conference, CRYPTO 2014 |
---|---|

Country | United States |

City | Santa Barbara, CA |

Period | 8/17/14 → 8/21/14 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings*(PART 2 ed., Vol. 8617 LNCS, pp. 183-198). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8617 LNCS, No. PART 2). Springer Verlag. https://doi.org/10.1007/978-3-662-44381-1_11

**Amplifying privacy in privacy amplification.** / Aggarwal, Divesh; Dodis, Yevgeniy; Jafargholi, Zahra; Miles, Eric; Reyzin, Leonid.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings.*PART 2 edn, vol. 8617 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 2, vol. 8617 LNCS, Springer Verlag, pp. 183-198, 34rd Annual International Cryptology Conference, CRYPTO 2014, Santa Barbara, CA, United States, 8/17/14. https://doi.org/10.1007/978-3-662-44381-1_11

}

TY - GEN

T1 - Amplifying privacy in privacy amplification

AU - Aggarwal, Divesh

AU - Dodis, Yevgeniy

AU - Jafargholi, Zahra

AU - Miles, Eric

AU - Reyzin, Leonid

PY - 2014

Y1 - 2014

N2 - We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. Despite being extensively studied in the literature, the problem of designing "optimal" efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k - m. Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some "useful information" about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys. Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, thereby achieving the following goals for the first time: - 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ2) (resp. k > n/2(1-α) for some universal constant α > 0) . - 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ2) or k > n/2(1-α) (the latter is also source-private). - The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ2). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.).

AB - We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. Despite being extensively studied in the literature, the problem of designing "optimal" efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k - m. Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some "useful information" about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys. Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, thereby achieving the following goals for the first time: - 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ2) (resp. k > n/2(1-α) for some universal constant α > 0) . - 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ2) or k > n/2(1-α) (the latter is also source-private). - The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ2). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.).

UR - http://www.scopus.com/inward/record.url?scp=84905377741&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84905377741&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-44381-1_11

DO - 10.1007/978-3-662-44381-1_11

M3 - Conference contribution

SN - 9783662443804

VL - 8617 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 183

EP - 198

BT - Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings

PB - Springer Verlag

ER -