This paper presents a method for secret-key reconciliation using public discussion, where Alice and Bob correct errors in their shared secret key through public communication, which may leak information to an eavesdropper. The goal is to minimize the amount of information leaked while ensuring the secret key remains secure. The authors show that optimal protocols can be constructed, but they are not efficient. However, if Alice and Bob are willing to reveal a small amount of additional information, they can implement efficient polynomial-time protocols.
The paper introduces a more efficient protocol that leaks information close to the theoretical minimum for sufficiently reliable secret channels (with a bit error probability of at least 15%). The protocol uses a binary symmetric channel model and involves public discussion to correct discrepancies between Alice's and Bob's keys.
The authors define an optimal reconciliation protocol as one that minimizes the information leaked to an eavesdropper. They show that an optimal protocol can be constructed by associating a random label with each n-bit string and using it to decode the other string. However, this method is not practical due to the large number of possible functions.
To address this, the authors use a universal hash function class, which allows for efficient decoding. They also introduce an almost-ideal protocol that is not necessarily optimal but leaks slightly more information than the theoretical minimum while being efficient. This protocol is constructed by dividing the key into blocks and using interactive primitives to correct errors.
The paper also presents a practical protocol called Cascade, which is efficient and leaks information close to the theoretical bound for a BSC with a bit error probability of 15%. Cascade uses multiple passes to correct errors, with each pass reducing the number of errors exponentially. The protocol is shown to be effective in practice and improves upon previous reconciliation methods.
The authors conclude that reconciliation is a variant of the noisy coding problem and that optimal reconciliation protocols can be constructed using systematic linear codes. They also highlight the importance of efficient protocols for practical applications such as quantum oblivious transfer.This paper presents a method for secret-key reconciliation using public discussion, where Alice and Bob correct errors in their shared secret key through public communication, which may leak information to an eavesdropper. The goal is to minimize the amount of information leaked while ensuring the secret key remains secure. The authors show that optimal protocols can be constructed, but they are not efficient. However, if Alice and Bob are willing to reveal a small amount of additional information, they can implement efficient polynomial-time protocols.
The paper introduces a more efficient protocol that leaks information close to the theoretical minimum for sufficiently reliable secret channels (with a bit error probability of at least 15%). The protocol uses a binary symmetric channel model and involves public discussion to correct discrepancies between Alice's and Bob's keys.
The authors define an optimal reconciliation protocol as one that minimizes the information leaked to an eavesdropper. They show that an optimal protocol can be constructed by associating a random label with each n-bit string and using it to decode the other string. However, this method is not practical due to the large number of possible functions.
To address this, the authors use a universal hash function class, which allows for efficient decoding. They also introduce an almost-ideal protocol that is not necessarily optimal but leaks slightly more information than the theoretical minimum while being efficient. This protocol is constructed by dividing the key into blocks and using interactive primitives to correct errors.
The paper also presents a practical protocol called Cascade, which is efficient and leaks information close to the theoretical bound for a BSC with a bit error probability of 15%. Cascade uses multiple passes to correct errors, with each pass reducing the number of errors exponentially. The protocol is shown to be effective in practice and improves upon previous reconciliation methods.
The authors conclude that reconciliation is a variant of the noisy coding problem and that optimal reconciliation protocols can be constructed using systematic linear codes. They also highlight the importance of efficient protocols for practical applications such as quantum oblivious transfer.