Amplifying privacy in privacy amplification

Divesh Aggarwal, Yevgeniy Dodis, Zahra Jafargholi, Eric Miles, Leonid Reyzin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. Despite being extensively studied in the literature, the problem of designing "optimal" efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k - m. Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some "useful information" about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys. Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, thereby achieving the following goals for the first time: - 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ2) (resp. k > n/2(1-α) for some universal constant α > 0) . - 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ2) or k > n/2(1-α) (the latter is also source-private). - The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ2). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.).

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings
PublisherSpringer Verlag
Pages183-198
Number of pages16
Volume8617 LNCS
EditionPART 2
ISBN (Print)9783662443804
DOIs
StatePublished - 2014
Event34rd Annual International Cryptology Conference, CRYPTO 2014 - Santa Barbara, CA, United States
Duration: Aug 17 2014Aug 21 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume8617 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other34rd Annual International Cryptology Conference, CRYPTO 2014
CountryUnited States
CitySanta Barbara, CA
Period8/17/148/21/14

Fingerprint

Amplification
Privacy
Entropy
Entropy Loss
Retrieval
Communication
Communication Channels
Model
Robustness
Optimization

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Aggarwal, D., Dodis, Y., Jafargholi, Z., Miles, E., & Reyzin, L. (2014). Amplifying privacy in privacy amplification. In Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings (PART 2 ed., Vol. 8617 LNCS, pp. 183-198). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8617 LNCS, No. PART 2). Springer Verlag. https://doi.org/10.1007/978-3-662-44381-1_11

Amplifying privacy in privacy amplification. / Aggarwal, Divesh; Dodis, Yevgeniy; Jafargholi, Zahra; Miles, Eric; Reyzin, Leonid.

Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings. Vol. 8617 LNCS PART 2. ed. Springer Verlag, 2014. p. 183-198 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8617 LNCS, No. PART 2).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Aggarwal, D, Dodis, Y, Jafargholi, Z, Miles, E & Reyzin, L 2014, Amplifying privacy in privacy amplification. in Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings. PART 2 edn, vol. 8617 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 2, vol. 8617 LNCS, Springer Verlag, pp. 183-198, 34rd Annual International Cryptology Conference, CRYPTO 2014, Santa Barbara, CA, United States, 8/17/14. https://doi.org/10.1007/978-3-662-44381-1_11
Aggarwal D, Dodis Y, Jafargholi Z, Miles E, Reyzin L. Amplifying privacy in privacy amplification. In Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings. PART 2 ed. Vol. 8617 LNCS. Springer Verlag. 2014. p. 183-198. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2). https://doi.org/10.1007/978-3-662-44381-1_11
Aggarwal, Divesh ; Dodis, Yevgeniy ; Jafargholi, Zahra ; Miles, Eric ; Reyzin, Leonid. / Amplifying privacy in privacy amplification. Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings. Vol. 8617 LNCS PART 2. ed. Springer Verlag, 2014. pp. 183-198 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2).
@inproceedings{40bfcbd0954e49be92f9b7d807f082fe,
title = "Amplifying privacy in privacy amplification",
abstract = "We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. Despite being extensively studied in the literature, the problem of designing {"}optimal{"} efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k - m. Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some {"}useful information{"} about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys. Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, thereby achieving the following goals for the first time: - 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ2) (resp. k > n/2(1-α) for some universal constant α > 0) . - 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ2) or k > n/2(1-α) (the latter is also source-private). - The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ2). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.).",
author = "Divesh Aggarwal and Yevgeniy Dodis and Zahra Jafargholi and Eric Miles and Leonid Reyzin",
year = "2014",
doi = "10.1007/978-3-662-44381-1_11",
language = "English (US)",
isbn = "9783662443804",
volume = "8617 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
number = "PART 2",
pages = "183--198",
booktitle = "Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings",
edition = "PART 2",

}

TY - GEN

T1 - Amplifying privacy in privacy amplification

AU - Aggarwal, Divesh

AU - Dodis, Yevgeniy

AU - Jafargholi, Zahra

AU - Miles, Eric

AU - Reyzin, Leonid

PY - 2014

Y1 - 2014

N2 - We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. Despite being extensively studied in the literature, the problem of designing "optimal" efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k - m. Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some "useful information" about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys. Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, thereby achieving the following goals for the first time: - 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ2) (resp. k > n/2(1-α) for some universal constant α > 0) . - 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ2) or k > n/2(1-α) (the latter is also source-private). - The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ2). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.).

AB - We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. Despite being extensively studied in the literature, the problem of designing "optimal" efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k - m. Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some "useful information" about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys. Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, thereby achieving the following goals for the first time: - 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ2) (resp. k > n/2(1-α) for some universal constant α > 0) . - 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ2) or k > n/2(1-α) (the latter is also source-private). - The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ2). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.).

UR - http://www.scopus.com/inward/record.url?scp=84905377741&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84905377741&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-44381-1_11

DO - 10.1007/978-3-662-44381-1_11

M3 - Conference contribution

SN - 9783662443804

VL - 8617 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 183

EP - 198

BT - Advances in Cryptology, CRYPTO 2014 - 34th Annual Cryptology Conference, Proceedings

PB - Springer Verlag

ER -