Achieveability of the Key-Capacity in a Scenario of Key Sharing by Public Discussion and in the Presence of Passive Eavesdropper

摘要

We consider a scenario of key sharing between a pair of legal users in the presence of passive eavesdropper. In this setting it is assumed the existence of a noisy channel between legal parties and also the existence of a noisy wire-tap channel (which is not necessary inferior to the main channel). In addition to noisy channel there is a noiseless public channel connecting legal parties. This means that eavesdropper can receive without errors all messages transmitted through this noiseless channel. Because eavesdropper is passive (by our assumption) this illegal party is unable to change any message transmitting by legal parties both over noisy and noiseless channel. The final goal of legal parties is to arrange such date exchange protocol using both noisy and noiseless channels that provides them with bit strings K_A and K_B of the same length l possessing the following properties: the probability P_e of their discrepancy is close to zero; the amount of information I_0 about these strings leaking to eavesdropper is close to zero. Legal parties have nothing secret date shared in advance except the knowledge of protocol and channel parameters that are known also for eavesdropper. The key-rate R_k is the ratio of the string length l to the length of the string transmitted between legal users through noisy channel. Key-capacity C_k is the maximum possible key-rate when P_e and I_0 approach both to zero. For some particular cases of noisy channels key-capacity has been found by U. Maurer. But it was open problem how to reach this capacity with limited computing power. The authors presented at previous MMM-ACNS'2001 workshop the constructive methods of key sharing for the same model. But for some channel parameters the key rates differed key-capacity in the several orders! In the current paper we use another protocol of key sharing and demonstrate how near to key-capacity can be provided the key-rate depending on complexity of key-sharing protocol.