deep random secrecy presentation

© Thibault de Valroger - 2015© Thibault de Valroger - 2015

What is Deep Random Secrecy ?

Thibault de [email protected] September 2015

mailto:[email protected]

© Thibault de Valroger - 2015

What is Deep Random Secrecy ?

• A new kind of cryptographic method, designed to resist to unlimitedly powered opponents

• Based on a new kind of randomized information, such that probability distribution is made unknowledgeable for external observers

• Made to enable partners to exchange data with perfect security even if they don’t share priorly any secret common information


Why building such a mehod ?• Existing methods to securely exchange data :

– Or rely on unproven hypothesis of hardness, like public key cryptography.• P≠NP conjecture may happen to be proven as false• Quantum computing is likely to cause most of those methods to collapse within the next

decades to come

– Or rely on setup procedures that are complex to roll out and potentially breachable, like one time pad

– Or rely on hypothesis about the environment that are difficult if not impossible to verify in practice, such as memory bounded adversaries or idependant noisy channels

– Or rely on physical theories that are not proven and make the system difficult to build and use, like quantum cryptography or chaos cryptography

• Securing information exchange is about managing risk of interception. If the information is really sensitive, the risk shall be zero


What is the concept ?

• To run Deep Random Secrecy, 2 partners need:– A Deep Random Generator (DRG) for each one,

that they can run on their own– A Perfect Secrecy Protocol (PSP) that they can

execute together– And of course a classical communication

environment that does not need any particular characteristics


What is the concept ?Degradation:

Reduce the accuracy of the signal

Bayesian Inference: Need to know the probability distribution !

Private random information:

with distributionPublic degraded

information:



If you know the distibution, the

inference from public information is easy

???

If you don’t, any secret information is a priori as

much possible as another knowing the public

information



DRG Alice

Partner Alice

Φ (𝑥)=?? ?

PSP role Alice

DRG Bob

Partner Bob

Φ′ (𝑦 )=? ??

PSP role Bob⋮

𝑥 𝑦Private random information for Alice

Private random information for Bob

𝑖Public information degraded form and published by Alice

𝑗Public information degraded form and published by Bob

Estimation of secret shared information by

Alice =

Estimation of secret shared information by Bob =

Estimation of secret shared information by Mallory =

𝑽𝑴 (𝒊 , 𝒋) 𝑽 𝑨𝒐𝒓 𝑽 𝑩?? ?

Opponent Mallory

No possible Bayesian inference if and ’ are unknown


How to figure Degradation concept ?

A definition first: being a random variable with values in , a random variable with values in is said « engendered by » iff there exists an engendering distribution of such that:


How to figure Degradation concept ?

A simple example then (the « quantum analogy »):• Let be a binary random variable with parameter

with and • An observer wants to engender another binary

random variable from with first moment (expectation) : the only possibility is

• Then the second moment (variance) of is then larger than for which means that is less accurate than

𝜃→𝜃 /𝑘 is a degradation transformation of a binary random variable with parameter


How to figure Degradation concept ?The Quantum analogy

a binary random variable with parameter a quantum particule

, the degradation of Choice of a measurement instrument. A

measurement instrument is capturing only a « partial view » of quantum reality

Experiment of degraded variable of Measurement of

Impossibility to engender a random variable from with same mean and

variance than

Heisenberg uncertainty principle: impossibility to reliably measure both

position and speed

Deep Random Secrecy relies on this principle, but Bayesian inference shall

be overcome by sophisticated methods

Benefit from Heisenberg principle at macroscopic scale for cryptography needs

complex systems


What is a Deep Random Generator ?

• In an effort to govern uncertainty with a set of logical rules, Laplace expressed the Principle of insufficient reason:

« if you know nothing about the probability of occurrence of 2 events, you should consider them as equaliy likely »


What is a Deep Random Generator ?• The theoretical approach is based on a new axiomatic: the Deep

Random Axiom (as a modern version of Laplace’s principle)

Formulation 1: Þ and being 2 random variables ; if has a secret distribution for Mallory, then:

Formulation 2:Þ being 2 random variables with values in , and being a random variable with

values in engendered from any variable with values in ; if have secret distribution for Mallory, then:

has no dependency with probability distribution of

𝑬 [ 𝒇 (𝑿 )|𝒀 ]𝑴𝒂𝒍𝒍𝒐𝒓𝒚=𝑬 [ 𝒇 (𝑿 ′)|𝒀 ]𝑴𝒂𝒍𝒍𝒐𝒓𝒚


What is a Deep Random Generator ?In practice, Deep Random can be generated from computing ressourcesAlice emulates internally the PSP playing the roles of Alice, Bob and Mallory

Step : is the best strategy knowing the past distributions

Step : is a new distribution that makes unefficient for the given PSP

…

The PSP must be such that whatever is the strategy of the opponent, there exists a distribution for each partner such that becomes unefficient

t t

Alice’s DRG Alice needs for a « secret » distribution at a given moment

The DRG generates a draw with for Alice


How to build a Perfect Secrecy Protocol ?

• A PSP (Perfect Secrecy Protocol) is a communication protocol in which:– Legitimate partners make use of Deep Random

Generation– Published information is obtained by Degradation

transformation of secret information generated by DRG– The legitimate partners have an advantage when they

estimate say compared to the opponent who estimate from the public information under the hypothesis of the Deep Random Axiom• Let’s see hereafter what that means



• Under the hypothesis of the Deep Random Axiom, a reversible transformation in the sample space do not change the perception of the probability distribution for the opponent

• In other (technical) words, one can consider any group of transformations in the sample space, such that for any , and are undistinguishable for the opponent under Deep Random Axiom



• This means then that you can reasonnably assume that the probability distribution is restricted for the opponent to an invariant class by group

• Or in other words, that the only distributions that shall be considered by the opponent are of the form:



• This kind of restriction over the set of distributions to be considered by the opponent, also induces a restriction over the set of relevant strategies to use for the opponent,

• This restriced set of strategies is:



• Then you can manage to build a Perfect Secrecy Protocol if:

• More precisely, when you are there, you have created « Advantage Distillation » for the legitimate partners. Perfect Secrecy can then be obtained by « Reconciliation » and « Privacy Amplification » techniques.

• See http://crypto.cs.mcgill.ca/~crepeau/COMP649/04.00476316.pdf for a good understanding of those notions

http://crypto.cs.mcgill.ca/~crepeau/COMP649/04.00476316.pdf




Independence Phenomenon• In pratical, Perfect Secrecy Protocols are not easy to design

because:– You need to implement a DRG (see before)– You need to overcome the Independence Phonomenon

• The Independence Phenomenon is basically the fact that, even if the distributions chosen by Alice and Bob are totally unknown for the opponent Mallory, he, at least, knows that they have been chosen idependently because Alice and Bob don’t know each other before the transaction

• This gives a huge information to Mallory, and Perfect Secrecy Protocols have to discard this information by clever (and complex) « synchronization process »


The Cryptologic Limit Quest

• Can all this really work ??

• Good new is YES ! (I believe so), and the simple fact that it is possible is a surprising result (apparently contradicting Shannon impossibility Theorem)

• An example is presented with proven security : http://arxiv.org/abs/1507.08258

• But the story is far from being over


The Cryptologic Limit Quest

• If such a Perfect Secrecy Protocol exists, then the next question is: what is the best one ?

• Typically the best one is the one consuming less network banwidth


The Cryptologic Limit Quest• We thus define a new kind of entropy

– the bit error rate of the protocol– the bit knowledge rate of the opponent enabled by the protocol– the entropy (classic) of the legitimate shared secret estimation

by – the quantity of information exchanged through the protocol

• Then the Reliability rate is defined intuitively by

• And the entropy to measure the perfectly reliable information obtained through the protocol is defined intuitively by


The Cryptologic Limit Quest• The search of the Cryptologic Limit is then the search

of:

• in other words, the less greedy Perfectly Secure Protocol (under Deep Random Axiom)

• Hope you will join the Quest !


That’s all (here) folks !

• Want serious reading with detailed explanations and hard calculations ? (will not cure your scratching head)

• Want to discuss the idea ?

• Want to insult the heretic ?

• Headached ?

http://arxiv.org/abs/1507.08258

[email protected]




mailto:[email protected]

deep random secrecy presentation

Science