Error Correcting Codes, Block Designs, Perfect Secrecy and Finite Fields

The ancient difficulty for establishing a common cryptographic secret key between two communicating parties Alice and Bob is nicely summarized by the Catch-22 dictum of S.J. Lomonaco [1999], to wit: “in order to communicate in secret one must first communicate in secret”. In other words, to communicate in secret, Alice and Bob must already have a shared secret key. In this paper we analyse an algorithm for establishing such a common secret key by public discussion, under the modest and practical requirement that Alice and Bob are initially in possession of keys \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$A$\end{document} and \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$B$\end{document}, respectively, of a common length \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$N$\end{document} which are not necessarily equal but are such that the mutual information \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$I(A,B)$\end{document} is non-zero. This assumption is tantamount to assuming only that the corresponding statistical variables are correlated. The common secret key distilled by the algorithm will enjoy perfect secrecy in the sense of Shannon. The method thus provides a profound generalization of traditional symmetric key cryptography and applies also to quantum cryptography. Here, by purely elementary methods, we give a rigorous proof that the method proposed by Bennett, Bessette, Brassard, Salvail, and Smolin will in general converge to a non-empty common key under moderate assumptions on the choice of block lengths provided the initial bit strings are sufficiently long. Full details on the length requirements are presented. Furthermore, we consider the question of which block lengths should be chosen for optimal performance with respect to the length of the resulting common key. A new and fundamental aspect of this paper is the explicit utilization of finite fields and error-correcting codes both for checking equality of the generated keys and, later, for the construction of various hash functions. Traditionally this check has been done by performing a few times a comparison of the parity of a random subset of the bits. Here we give a much more efficient procedure by using the powerful methods of error-correcting codes. More general situations are treated in Section 8.