Secret Key Sharing Based on the Use of ESPAR With Multipath Channel Model.,V.Korzhik, V.Yakovlev, Y.Kovajkin, D.Ovechkin (University of Telecommunications, St.Petersburg, Russia; E-mail: val-korzhikyandex.ru),Singapor NTU, 2010,1,1. Introduction The main ways of key sharing: a) Transmission the keys over secure (encrypted) channels or a delivering them by special messengers; b) Using public key concept; c) Key sharing based on a presence of any noisy channel if adversary is passive, (wire-tap channel type I and II) 1,2,3 d) Key sharing based on a presence of active adversary if its channel is less noisy than channel of legal users. 4,5 e) Key sharing using quantum channels.6 f) Key sharing based on a concept of anonymous channel. g) Key sharing based on a concept of broadcasting channel. h) Key sharing based on ESPAR-like radiator over multipath channels. 7,8,2,Because method a) is trivial and b) is well known, we consider briefly methods c) g) and method h) in more details as a subject of our presentation.,c) Source model with a passive eavesdropping .,Aplication Key distribution via a satellite. Fact ( Maurer 3 ),3,4,Privacy amplification ( Bennett , Brassard , Crepeau , Maurer 9,10) The feature of keyless cryptography is : ( i ) Share the secret key by legal parties using this concept ( ii ) Use key - cryptography after receiving this key by legal parties (including perfect cipher),To share secret key , A and B perform the following steps 1.A sends to B a truly random string x over public noisy channel . 2.A sends to B the check symbols to x chosen in line with some error correcting code V 3.A sends to B a truly random hash function h taken from universal class , which maps a string x of length n to string K of length k . 4.B corrects errors in the string x using check symbols transmitted by A . 5.Both A and B produce the key string as K = h ( x ) . Then the amount of information leaking over the wire - tap channel to eavesdropper E has the following upper bound 9,11,where n is the length of x , k - is the length of the key K , r - is the number of check symbols , t - is the amount of collision ( Renyi ) information leaking over the wire - tap channel to eavesdropper E .,for BSC - wire - tap channel with BER=,5,Wire - tap channel type 2 . (Wyner 2),An eavesdropper can observe a subset of his ( her ) choice of size t n , where n is the block length,Main applications - quantum cryptography (see in the sequel ) , optical fiber multiplexing , computer network containing eavesdroppers in some nodes,Regular coding ( noiseless main channel ) The key shared by A and B is the following :,where H is the check matrix of some binary ( n , n-k ) code V , x is a binary string of length n radomly chosen by A and transmitted over the main public channel from A to B . Then the amount of information leaking over the wire - tap channel type 2 to easvesdropper is zero ( no easvesdropping at all ! ) providing the following inequality is true,where,is the minimum code distance of the code,which is dual of code V .,6,Example. V is ( 15 , 11 ) Hamming code . Then we have no easvesdropping about the key of length 4 if,This concep can be exteded to noisy main channel ( Korjik , Kushnir 12) .Privacy amplification 9If A and B follow to the protocol described in the case type 1 in order to produce secret key, the amount of information leaking to eavesdropper has the following upper bound,where n is the length of x , K is the length of the key , P is the number of check symbols , t is the maximum number of bits that cavesdropper can obseved of each block .,7,d) A cryptographic scenario for source model (active illegal users ),Satellite,Alice,Bob,Eve,S,Y( ),X( ),Z( ),B,A,E,e,e,e,1 .- Initialization phase ( S (X,Y,Z ) over BSC- s with BER-s :,e,e,e,A B E, ,respectively ),8,e = e + e ( e ) = e + e ( e ),2.-Authentication phase : ( M , a ) , where M - a string consisting of k information bits , a - authenticator a = f ( M , X ) , where f ( , ) is a public function . Intruders activity ( Upon receiving the pair ( M , a ) and knowing the authentication algorithm , to form a pair ( M , a ) , where M = M - substitution attack ) P - To be cheating by intruder ( the pair ( M , a ) is accepted by Bob as the original one ) P - To be rejection the original message by Bob when an intruder has not intervented into transmission at all . ( The length of the string ,a as well as the length of the string X ( Y ) are very important parameters . ) BER - s between corresponding bits of X and Y , X and Z , Y and Z are , respectively :,Ch,R,e = e + e ( e ) = e + e ( e ),e = e + e ( e ) = e + e ( e ),9,e e e e,A E AB B E,( It is easy to show that this inequality results in impossibility for Bob to authenticate message sent by Alice ) b) ( It offers a positive solution for the authentication problem ),