Traditionally, secure one-round key exchange protocols in the PKI setting have either achieved perfect forward secrecy, or forms of deniability, but not both. On the one hand, achieving perfect forward secrecy against active attackers seems to require some form of authentication of the messages, as in signed Diffie-Hellman style protocols, that subsequently sacrifice deniability. On the other h...

We establish a construction of optimal authentication codes achieving perfect multi-fold secrecy by means of combinatorial designs. This continues the author’s work (ISIT 2009, cf. [1]) and answers an open question posed therein. As an application, we present the first infinite class of optimal codes that provide two-fold security against spoofing attacks and at the same time perfect two-fold s...

Claude Shannon introduced an entropy model for information, and applied it to secrecy in communications. It supposes a source of information, Alice, which chooses among a set of possible messages. There is associated with this choice a likelihood that Alice would chose a particular message. Symbols are then sent across a channel to Bob. These symbols should refine Bob’s likelihood function, emp...

Everyone knows that the one-time pad provides perfect security. But what does this mean? In this chapter, we make this concept precise. Also, we know that it is very difficult in practice to produce a truly random key for a one-time pad. In Section 2, we show quantitatively how biases in producing the key affect the security of the encryption. The topics of this chapter are part of the subject ...

With the advent of quantum key distribution (QKD) systems, perfect (i.e. information-theoretic) security can now be achieved for distribution of a cryptographic key. QKD systems and similar protocols use classical errorcorrecting codes for both error correction (for the honest parties to correct errors) and privacy amplification (to make an eavesdropper fully ignorant). From a coding perspectiv...

In this paper, a characterization of authentication codes in terms of bipartite graphs is given. By using such a characterization, two necessary and sufficient conditions for a minimal authentication code with perfect secrecy are derived. The probabilities of a successful impersonation and of a successful substitution attack are discussed. As a result, some (optimal) minimal authentication code...

In the splitting model, information theoretic authentication codes allow non-deterministic encoding, that is, several messages can be used to communicate a particular plaintext. Certain applications require that the aspect of secrecy should hold simultaneously. Ogata–Kurosawa–Stinson–Saido (2004) have constructed optimal splitting authentication codes achieving perfect secrecy for the special c...

In this paper we discuss AN.ON’s need to provide perfect forward secrecy and show by an estimation of the channel build up time that the straight forward solution is not a practical solution. In the remaining paper we propose an improvement which enables AN.ON to provide perfect forward secrecy with respect to their current attacker model. Finally, we show that the delay, caused by our improvem...

The famous Shannon impossibility result says that any encryption scheme with perfect secrecy requires a secret key at least as long as the message. In this paper we prove its quantum analogue with imperfect secrecy and imperfect correctness. We also provide a systematic study of information-theoretically secure quantum encryption with two secrecy definitions.