Yanqing Yao,Zhoujun Li

DOI: https://doi.org/10.1007/978-3-319-04268-8_10

2014-01-01

Abstract:In the ideal world, cryptographic models take for granted that the secret sources (e.g. secret keys and other secret randomness) are derived from uniform distribution. However, in reality, we may only obtain some ‘weak’ random sources guaranteed with high unpredictability (e.g. biometric data, physical sources, and secrets with partial leakage). Formally, the security of cryptographic models is measured by the expectation of some function, called ‘perfect’ expectation in the ideal model and ‘weak’ expectation in the real model respectively. We propose some elementary inequalities which show that the ‘weak’ expectation is not much worse than the ‘perfect’ expectation. Instead of discussing the results based on the min-entropy and collision entropy by Dodis and Yu [TCC 2013], we present how to overcome weak expectations dependent on the R\(\acute{e}\)nyi entropy and the expanded computational entropy. We achieve these results via employing the discrete form of the H\(\ddot{o}\)lder inequality. We also use some techniques to guarantee that the expanded computational entropy is useful in the security model. Thus our results are more general, and we also obtain some results from a computational perspective. The results apply to all ‘unpredictability’ applications and some indistinguishability applications including CPA-secure symmetric-key encryption schemes, weak Pseudorandom Functions and Weaker Computational Extractors.

Yanqing Yao,Zhoujun Li

DOI: https://doi.org/10.1049/iet-ifs.2015.0007

2016-01-01

IET Information Security

Abstract:In ideality, cryptographic primitives take for granted that the secret sources are derived from uniform distribution. However, in reality, we may only obtain some ‘weak’ random sources guaranteed with high unpredictability (e.g. biometric data, physical sources, and secrets with partial leakage). Formally, the security of cryptographic primitives is measured by the expectation of some function, called ‘perfect’ expectation in the ideal model and ‘weak’ expectation in the real model. The authors propose some elementary inequalities which show that the ‘weak’ expectation is not much worse than the ‘perfect’ expectation. The authors present how to overcome weak expectations dependent on the Renyi entropy other than the min and collision entropies by Dodis and Yu [TCC 2013]. The authors achieve these results by capturing on two approaches: one is by observing a new relationship between the collision entropy and other Renyi entropy, the other is by developing the connection between different moments of a variable. Furthermore, pseudorandom generator, and pairwise independent hash function family, the authors extend key derivation functions based on the Renyi entropy. The results are applied to all unpredictability applications and ‘square-friendly’ indistinguishability applications including CPA-secure symmetric-key encryption schemes.

Amir Arqand,Thomas A. Hahn,Ernest Y.-Z. Tan

2024-10-27

Abstract:The entropy accumulation theorem, and its subsequent generalized version, is a powerful tool in the security analysis of many device-dependent and device-independent cryptography protocols. However, it has the drawback that the finite-size bounds it yields are not necessarily optimal, and furthermore it relies on the construction of an affine min-tradeoff function, which can often be challenging to construct optimally in practice. In this work, we address both of these challenges simultaneously by deriving a new entropy accumulation bound. Our bound yields significantly better finite-size performance, and can be computed as an intuitively interpretable convex optimization, without any specification of affine min-tradeoff functions. Furthermore, it can be applied directly at the level of Rényi entropies if desired, yielding fully-Rényi security proofs. Our proof techniques are based on elaborating on a connection between entropy accumulation and the frameworks of quantum probability estimation or $f$-weighted Rényi entropies, and in the process we obtain some new results with respect to those frameworks as well. In particular, those findings imply that our bounds apply to prepare-and-measure protocols without the virtual tomography procedures or repetition-rate restrictions previously required for entropy accumulation.

Quantum Physics

Zhang Li-Xin

DOI: https://doi.org/10.1007/s10473-022-0203-z

2022-01-01

Acta Mathematica Scientia

Abstract:Limit theorems for non-additive probabilities or non-linear expectations are challenging issues which have attracted a lot of interest recently. The purpose of this paper is to study the strong law of large numbers and the law of the iterated logarithm for a sequence of random variables in a sub-linear expectation space under a concept of extended independence which is much weaker and easier to verify than the independence proposed by Peng [20]. We introduce a concept of extended negative dependence which is an extension of the kind of weak independence and the extended negative independence relative to classical probability that has appeared in the recent literature. Powerful tools such as moment inequality and Kolmogorov's exponential inequality are established for these kinds of extended negatively independent random variables, and these tools improve a lot upon those of Chen, Chen and Ng [1]. The strong law of large numbers and the law of iterated logarithm are also obtained by applying these inequalities.

LiXin Zhang

DOI: https://doi.org/10.1007/s11425-015-5105-2

2015-01-01

Science China Mathematics

Abstract:Classical Kolmogorov's and Rosenthal's inequalities for the maximum partial sums of random variables are basic tools for studying the strong laws of large numbers. In this paper, motived by the notion of independent and identically distributed random variables under the sub-linear expectation initiated by Peng (2008), we introduce the concept of negative dependence of random variables and establish Kolmogorov's and Rosenthal's inequalities for the maximum partial sums of negatively dependent random variables under the sub-linear expectations. As an application, we show that Kolmogorov's strong law of larger numbers holds for independent and identically distributed random variables under a continuous sub-linear expectation if and only if the corresponding Choquet integral is finite.

Lixin Zhang,Jinghang Lin

DOI: https://doi.org/10.1016/j.spl.2018.01.022

IF: 0.718

2018-01-01

Statistics & Probability Letters

Abstract:The sub-linear expectation space is a nonlinear expectation space having advantages of modeling the uncertainty of probability and distribution. In the sub-linear expectation space, we use capacity and sub-linear expectation to replace probability and expectation of classical probability theory. In this paper, the method of selecting subsequence is used to prove Marcinkiewicz’s strong law of large numbers under sub-linear expectation space. This result is a natural extension of the classical Marcinkiewicz’s strong law of large numbers to the case where the expectation is nonlinear. In addition, this paper also gives a theorem about convergence of a random series.

LiXin Zhang

DOI: https://doi.org/10.1007/s11425-016-0079-1

2016-01-01

Abstract:Kolmogorov’s exponential inequalities are basic tools for studying the strong limit theorems such as the classical laws of the iterated logarithm for both independent and dependent random variables. This paper establishes the Kolmogorov type exponential inequalities of the partial sums of independent random variables as well as negatively dependent random variables under the sub-linear expectations. As applications of the exponential inequalities, the laws of the iterated logarithm in the sense of non-additive capacities are proved for independent or negatively dependent identically distributed random variables with finite second order moments. For deriving a lower bound of an exponential inequality, a central limit theorem is also proved under the sub-linear expectation for random variables with only finite variances.

Li-Xin Zhang

DOI: https://doi.org/10.1016/j.spl.2020.108987

IF: 0.718

2021-01-01

Statistics & Probability Letters

Abstract:Let {Xn;n≥1} be a sequence of independent and identically distributed random variables in a sub-linear expectation space (Ω,ℋ,E) with a capacity V generated by E. The convergence rate of ∑n=1∞V(|∑k=1nXk|>ϵn) as ϵ→0 is studied. Heyde (1975)’s theorem is shown under the sub-linear expectation.

James Melbourne,Saurav Talukdar,Shreyas Bhaban,Murti V. Salapaka

DOI: https://doi.org/10.1109/isit.2018.8437601

2018-06-01

Abstract:Motivated by the entropy computations relevant to the evaluation of decrease in entropy in bit reset operations, the authors investigate the deficit in an entropic inequality involving two independent random variables, one continuous and the other discrete. In the case where the continuous random variable is Gaussian, we derive strong quantitative bounds on the deficit in the inequality. More explicitly it is shown that the decay of the deficit is sub-Gaussian with respect to the reciprocal of the standard deviation of the Gaussian variable. What is more, up to rational terms these results are shown to be sharp.

Julien Béguinot,Olivier Rioul

2024-01-30

Abstract:We leverage the Gibbs inequality and its natural generalization to Rényi entropies to derive closed-form parametric expressions of the optimal lower bounds of $\rho$th-order guessing entropy (guessing moment) of a secret taking values on a finite set, in terms of the Rényi-Arimoto $\alpha$-entropy. This is carried out in an non-asymptotic regime when side information may be available. The resulting bounds yield a theoretical solution to a fundamental problem in side-channel analysis: Ensure that an adversary will not gain much guessing advantage when the leakage information is sufficiently weakened by proper countermeasures in a given cryptographic implementation. Practical evaluation for classical leakage models show that the proposed bounds greatly improve previous ones for analyzing the capability of an adversary to perform side-channel attacks.

Information Theory

Xingyuan Chen,Yong Deng

DOI: https://doi.org/10.15837/ijccc.2023.2.5299

IF: 2.635

2023-01-01

International Journal of Computers Communications & Control

Abstract:The measurement of uncertainty has been an important topic of research. In Dempster's frame-work, Deng entropy serves as a reliable tool for such measurements. However, it fails to consider more comprehensive information, resulting in the loss of critical data. An improved belief entropy is proposed in this paper, which preserves all the merits of Deng entropy. When there is only a single element, it can be degraded to Shannon entropy. When dealing with multiple elements, the partitioning method employed for mass functions makes it more responsive and efficient than alternative measures of uncertainty. Some numerical examples are given to further illustrate the effectiveness and applicability of the proposed entropy measure. Additionally, a case study is con-ducted on software risk analysis, demonstrating the practical value and relevance of the proposed method in real-world scenarios.

Xu Guanlei,Wang Xiaotong,Xu Xiaogang

DOI: https://doi.org/10.1049/iet-spr.2014.0072

IF: 1.819

2016-01-01

IET Signal Processing

Abstract:: In this study, some new entropic inequalities on sparse representation for pairs of bases are investigated. First, the generalised Shannon entropic uncertainty principle and the generalised Rényi entropic uncertainty principle via new derived Hausdorff – Young inequality are proved. These new derived uncertainty principles show that signals cannot have unlimited concentration related to minimum entropies in pairs of bases. Second, the conditions of uniqueness of sparse representation under minimum entropies are given. This study also demonstrates that the entropic greedy-like algorithms can achieve the ‘ sparsest ’ representation for minimum entropies approximately. Third, the relations between the minimum l 0 solution and minimum entropy are discussed as well. It shows that even if the sparsest representation of l 0 -norm is obtained, the entropy cannot always be the minimum and it is possible that the entropy is limited to a interval. These new derived inequalities will be primarily to contribute to a better understanding of sparse representation in the sense of limited entropic uncertainty bounds. Finally, the experiments are shown to verify the authors ’ ideas.

Xinyu Zhang,Yujun Liu,Yuling Chen

DOI: https://doi.org/10.1007/s12652-020-02633-4

IF: 3.662

2021-02-16

Journal of Ambient Intelligence and Humanized Computing

Abstract:Rational secure two-party computation is one of the important researches in cryptography. Since the purpose of rational parties is to maximize their own utilities, the parties prefer to use a mixed strategy, which will cause a change in entropy. Some protocols solved the problems of fairness and security by using entropy function and utility function respectively. However, the cost of ensuring protocol security by setting a really high utility function is often higher than the value of the protocol itself, and the protocol is only suitable for a single privacy requirement. In this paper, we propose a secure two-party computation protocol based on entropic criterion and set the corresponding security entropic threshold according to different privacy requirements. Secure entropy is used as a method to evaluate the security of two parties in different scenes. Furthermore, we explore the relationship between secure entropy and utility function, then to select the optimal utility function within the range of secure entropic threshold. The model we proposed is more flexible and universal. Furthermore, the security state of the model is well predicted.

computer science, information systems,telecommunications, artificial intelligence

Rong Wang,H. F. Chau

2024-06-21

Abstract:In quantum Shannon theory, various kinds of quantum entropies are used to characterize the capacities of noisy physical systems. Among them, min-entropy and its smooth version attract wide interest especially in the field of quantum cryptography as they can be used to bound the information obtained by an adversary. However, calculating the exact value or non-trivial bounds of min-entropy are extremely difficult because the composite system dimension may scale exponentially with the dimension of its subsystem. Here, we develop a one-shot lower bound calculation technique for the min-entropy of a classical-quantum state that is applicable to both finite and infinite dimensional reduced quantum states. Moreover, we show our technique is of practical interest in at least two situations. First, it gives an alternative tight finite-data analysis for the well-known BB84 quantum key distribution protocol. More importantly, it provides a security proof for a novel source-independent continuous-variable quantum random number generation protocol. These show the effectiveness and wide applicability of our approach.

Quantum Physics

Tony Metger,Omar Fawzi,David Sutter,Renato Renner

DOI: https://doi.org/10.1007/s00220-024-05121-4

IF: 2.361

2024-10-14

Communications in Mathematical Physics

Abstract:Consider a sequential process in which each step outputs a system and updates a side information register E . We prove that if this process satisfies a natural "non-signalling" condition between past outputs and future side information, the min-entropy of the outputs conditioned on the side information E at the end of the process can be bounded from below by a sum of von Neumann entropies associated with the individual steps. This is a generalisation of the entropy accumulation theorem (EAT) (Dupuis et al. in Commun Math Phys 379: 867–913, 2020), which deals with a more restrictive model of side information: there, past side information cannot be updated in subsequent rounds, and newly generated side information has to satisfy a Markov condition. Due to its more general model of side-information, our generalised EAT can be applied more easily and to a broader range of cryptographic protocols. As examples, we give the first multi-round security proof for blind randomness expansion and a simplified analysis of the E91 QKD protocol. The proof of our generalised EAT relies on a new variant of Uhlmann's theorem and new chain rules for the Rényi divergence and entropy, which might be of independent interest.

physics, mathematical

Yongjune Kim,Cyril Guyot,Young-Sik Kim

DOI: https://doi.org/10.1109/tifs.2021.3070424

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The min-entropy is a widely used metric to quantify the randomness of generated random numbers in cryptographic applications; it measures the difficulty of guessing the most likely output. An important min-entropy estimator is the compression estimator of NIST Special Publication (SP) 800-90B, which relies on Maurer's universal test. In this paper, we propose two kinds of min-entropy estimators to improve computational complexity and estimation accuracy by leveraging two variations of Maurer's test: Coron's test (for Shannon entropy) and Kim's test (for Rényi entropy). First, we propose a min-entropy estimator based on Coron's test. It is computationally more efficient than the compression estimator while maintaining the estimation accuracy. The secondly proposed estimator relies on Kim's test that computes the Rényi entropy. This estimator improves estimation accuracy as well as computational complexity. We analytically characterize the bias-variance tradeoff, which depends on the order of Rényi entropy. By taking into account this tradeoff, we observe that the order of two is a proper assignment and focus on the min-entropy estimation based on the collision entropy (i.e., Rényi entropy of order two). The min-entropy estimation from the collision entropy can be described by a closed-form solution, whereas both the compression estimator and the proposed estimator based on Coron's test do not have closed-form solutions. By leveraging the closed-form solution, we also propose a lightweight estimator that processes data samples in an online manner. Numerical evaluations demonstrate that the first proposed estimator achieves the same accuracy as the compression estimator with much less computation. The proposed estimator based on the c-llision entropy can even improve the accuracy and reduce the computational complexity.

computer science, theory & methods,engineering, electrical & electronic

Eldon Chung

2024-06-24

Abstract:In this thesis, we study extensions of statistical cryptographic primitives. In particular we study leakage-resilient secret sharing, non-malleable extractors, and immunized ideal one-way functions. The thesis is divided into three main chapters. In the first chapter, we show that 2-out-of-2 leakage resilient (and also non-malleable) secret sharing requires randomness sources that are also extractable. This rules out the possibility of using min-entropic sources. In the second, we introduce collision-resistant seeded extractors and show that any seeded extractor can be made collision resistant at a small overhead in seed length. We then use it to give a two-source non-malleable extractor with entropy rate 0.81 in one source and polylogarithmic in the other. The non-malleable extractor lead to the first statistical privacy amplification protocol against memory tampering adversaries. In the final chapter, we study the hardness of the data structure variant of the 3SUM problem which is motivated by a recent construction to immunise random oracles against pre-processing adversaries. We give worst-case data structure hardness for the 3SUM problem matching known barriers in data structures for adaptive adversaries. We also give a slightly stronger lower bound in the case of non-adaptivity. Lastly, we give a novel result in the bit-probe setting.

Cryptography and Security

Serge Fehr,Ran Gelles,Christian Schaffner

DOI: https://doi.org/10.1103/PhysRevA.87.012335

2012-03-01

Abstract:The nonlocal behavior of quantum mechanics can be used to generate guaranteed fresh randomness from an untrusted device that consists of two nonsignalling components; since the generation process requires some initial fresh randomness to act as a catalyst, one also speaks of randomness expansion. Colbeck and Kent proposed the first method for generating randomness from untrusted devices, however, without providing a rigorous analysis. This was addressed subsequently by Pironio et al. [Nature 464 (2010)], who aimed at deriving a lower bound on the min-entropy of the data extracted from an untrusted device, based only on the observed non-local behavior of the device. Although that article succeeded in developing important tools towards the acquired goal, it failed in putting the tools together in a rigorous and correct way, and the given formal claim on the guaranteed amount of min-entropy needs to be revisited. In this paper we show how to combine the tools provided by Pironio et al., as to obtain a meaningful and correct lower bound on the min-entropy of the data produced by an untrusted device, based on the observed non-local behavior of the device. Our main result confirms the essence of the improperly formulated claims of Pironio et al., and puts them on solid ground. We also address the question of composability and show that different untrusted devices can be composed in an alternating manner under the assumption that they are not entangled. This enables for superpolynomial randomness expansion based on two untrusted yet unentangled devices.

Quantum Physics,Cryptography and Security

Yanqing YAO,Zhoujun LI

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.02.003

2016-01-01

Abstract:Cryptography is a core area in information security. Traditional cryptographic primitives take for granted the availability of perfect random sources. However, in many situations it seems unrealistic to expect a source to be perfectly random, and one must deal with various imperfect sources of randomness. Some well known examples are physical sources, biometric data, secrets with partial leakage, etc. Hence, can cryptographic primitives with imperfect randomness be secure? It has become a frontier and hot research topic in Cryptography. This paper reviews the background, signifi-cance, and the development history of this topic. It also reviews the latest advances of this topic. Namely, some general impossibility results of traditional privacy (e.g., bit extractor, encryption, commitment, secret sharing scheme) and differ-ential privacy under a general imperfect source proposed by Dodis and Yao in CRYPTO 2015. Finally, the paper analyzes the problems worth exploring in this area.