摘要
以前对保密增强理论的研究都是基于这样一个前提:敌手是被动攻击者,即敌手只能在公共信道上进行窃听而不能篡改信道上所传递的信息。本文主要研究能够防主动攻击的保密增强:借助于通信双方间共享的部分保密串作为认证密钥,实现信息理论安全认证以防止主动攻击。同时得出结论:如果敌手关于部分保密串的最小熵至少是串长的2/3,那么,只要部分保密串足够长,防主动攻击的保密增强就有可能实现。此外还给出了保密增强能够提取出的高度保密串的长度与敌手关于部分保密串的最小熵的关系。
Previous results on privacy amplification assumed that an opponent has access to the public channel but is passive or , equivalently, that messages inserted by the opponent can be detected by two parties. In this paper, we consider privacy amplification secure against active opponents. The common string which is partially secret between two parties is used to information-theoretically authenticate messages over the public channel . We conclude that for sufficiently large common string privacy amplification is possible when the opponent's min-entropy about the common string exceeds 2/3 the size of the string. The relationship between the size of highly secret string distilled and the opponent's min-entropy is also illustrated.
出处
《信息安全与通信保密》
1999年第1期14-19,共6页
Information Security and Communications Privacy
关键词
保密增强
无条件安全
主动攻击
认证码
privacy amplification, unconditional secrecy,active attack, authentication codes
