Information-Theoretic Security EE 25N, Science of Information 11/08/2018 Ziv Goldfeld

Past Lectures - Communication Despite Noise Alice the sender and Bob the receiver Communicate a message as a strings of 0’s and 1’s (bits) Use longer bit strings (codewords) to protect message carrying bits Agree on a strategy beforehand: 1) Set of codewords used 2) Encoding for Alice 3) Decoding for Bob ⇒ Error correcting codes for reliability 010001 011000

Communication under Eavesdropping 0100 1011… Alice and bob wish to communicate Channel is noiseless But Eve taps their line They don’t want Eve to decipher their chat Assumptions on Eve: She sees their transmitted bit string She knows their communication strategy (aka code) She has an extremely powerful computer Q: Can Alice send Bob a secret message without Eve finding out? A: Not without an additional recourse!

Resource 1: Pre-Eve Secret

? Simple Case Study E B A 𝐾 Alice sends Bob a bit 𝑀∈ 0,1 Hey, do you remember if it was raining on the first day of our last vacation? Sure I remember E 𝑀 B A 𝐾 𝐶 Alice sends Bob a bit 𝑀∈ 0,1 Bit probability: 𝑃 𝑀 0 = 𝑃 𝑀 1 = 1 2 They share a secret Eve has no access to ⇒ Resource: 1 secret bit 𝐾∈ 0,1 Formally: Alice: 𝑀,𝐾 →𝐶 Bob: (𝐶,𝐾)→ 𝑀 Eve: Intercepts 𝐶 and tries to figure out 𝑀 Good! 0100 1011… ?

Simple Case Study – Modeling Eve 𝑀 B A 𝐾 𝐶 Q1: How to model Eve’s perception of 𝐾? Knows 𝐾 is being used Doesn’t know its value ⇒ Eve has a guessing probability over 𝐾’s values 0,1 : Doesn’t have a clue: 𝑃 𝐾 0 = 𝑃 𝐾 1 = 1 2 Knows something: 𝑃 𝐾 0 =𝑝 , 𝑃 𝐾 1 =1−𝑝 , 𝑝≠ 1 2 Q2: Which kind of secret should Alice and Bob favor?

Simple Case Study – Modeling Security 𝑀 B A 𝐾 𝐶 Q3: What does it mean to secure 𝑀? Pre-transmission: 𝑃 𝑀 0 = 𝑃 𝑀 1 = 1 2 Eve tries to recover 𝑀 from 𝐶 ⇒ 𝑀 is secure if after seeing 𝐶 Eve’s odds don’t improve Goal: Design functions for Alice and Bob such that: Bob can decode 𝑀 from 𝐶,𝐾 Eve’s best guess of 𝑀 after seeing 𝐶 is still 50/50

Simple Case Study – Binary Operations 𝑀 B A 𝐾 𝐶 Assume 𝑀 and 𝐾 are both symmetric (50/50) Alice gets 𝐶 via binary operation on 𝑀,𝐾 Possible binary operations: Q4: Which binary operation is better for secrecy? OR AND XOR 𝑀 𝐾 𝑀+𝐾 1 𝑀 𝐾 𝑀∙𝐾 1 𝑀 𝐾 𝑀⊕𝐾 1

Simple Case Study – Reliability & Optimality 𝑀 B A 𝐾 𝐶 ⇒ Best function for symmetric 𝑀,𝐾 is XOR: Eve’s best guess after seeing 𝐶 is 50/50 Same odds like before seeing 𝐶 ⇒ Information-theoretic security Q4: Can Bob decode an XOR–based transmission? Q5: Can OR or AND operations be used for communication only? Symmetry is Crucial: Asymmetric keys can’t achieve security with XOR

Simple Case Study – General Claim 𝑀 B A 𝐾 𝐶 One-Time Pad: 𝑚 messages bits and 𝑘 key bits All bits are equiprobable 𝑘 ∗ = least 𝑘 s.t. secure communication is possible Shannon (1949): Achieving reliability & information-theoretic security over the OTP is: possible using exactly 𝑚 key bits ⇒ 𝑘 ∗ ≤𝑚 impossible using less than 𝑚 key bits ⇒ 𝑘 ∗ ≥𝑚 𝑘 ∗ =𝑚

Resource 2: Noise

Error Correcting Codes Repetition Code: Length 3 for two messages: 0→000 and 1→111 ‘1-flip’ ball around 111 111 011 101 000 001 100 110 010 110 111 111 100 101 ‘1-flip’ ball around 000 011 010 000 000 001

Noisy Channel In most real-world systems we don’t exactly know the number of bit flips Common mode of operation is to model noise probabilistically Contains all sequences with ≈20% flips of the center Contains all sequences with ≈10% flips of the center 1 0.1 0.9 Alice Bob

Noisy Channel In most real-world systems we don’t exactly know the number of bit flips Common mode of operation is to model noise probabilistically 1 0.1 0.9 Alice Bob

Wiretap Channel Noisy communication channel with an eavesdropper ⇒ We can exploit Eve’s extra noise for securing the transmitted message! 1 0.1 0.9 Alice Bob 1 0.2 0.8 Eve ‘weak’ noise accumulated ‘strong’ noise

Wiretap Codes Eve experiences strong noise ⇒ Large noise balls Bob experiences weak noise ⇒ Alice can use many codewords Wiretap Coding: Hide messages inside Eve’s noise balls Each message has several codewords one in each noise ball of Eve message color 1 2 3 4 5 6 7 8

Wiretap Codes Encoding: Alice want to transmit message #5 Chooses one codeword at random Decoding: Bob can decode due to fine resolution Security: Eve observes an output somewhere in her large noise ball But all message are there & equally likely! ⇒ Eve’s best guess is equiprobable ⇒ Security is achieved!

Information-Theoretic Security Research Many interesting research questions: Key agreement over noisy channels Active Adversaries Eve not only overhear the transmission but can influence the channel Has a set of possible actions Alice and Bob know They don’t know which action is chosen ⇒ Ensure security versus all actions! Covert Communication: Communicate without Eve noticing Many many many many more…