# Perfect Cryptographic Security from Partially Independent Channels

## Ueli Maurer

```
```Several protocols are presented that allow two parties Alice and Bob
not sharing any secret information initially (except possibly a short
key to be used for authentication) to generate a long shared secret key
such that even an enemy Eve with unlimited computing power is unable to
obtain a non-negligible amount of information (in Shannon's sense)
about this key.

Two different models are considered. In a first model we assume that
Alice can send information to Bob over a noisy main channel but that
Eve is able to receive the same information over a parallel independent
noisy channel from Alice to Eve. In a second, more general model we
assume that Alice, Bob and Eve receive the output of a random source
(e.g., a satellite broadcasting random bits) over three independent
individual channels. The condition that the channels be independent can
be replaced by the condition that they be independent only to a known,
arbitrarily small degree.

We demonstrate that * even when Eve's channel is superior*} (i.e.,
less noisy) to Alice's and Bob's channel(s), they can generate an
information-theoretically secure secret key by communicating over a
public (error-free) channel to which Eve is assumed to have
unrestricted access. The results of this paper suggest to base the
security of cryptographic systems on realistic statistical assumptions
about the partial independence of two (three) channels and about a
reasonable lower bound on the noise power on the enemy's channel, as an
alternative to commonly used approaches based on an intractability
hypothesis.

The paper suggests two general conclusions: (1) for cryptographic
purposes, a given noisy communication channel should not be converted
into an error-free channel (by means of error-correcting codes) on
which a conventional cryptographic protocol is executed, but rather
* cryptographic coding and error-control coding should be combined*},
and (2) a mere difference in the signals received by the enemy and the
legitimate receiver, but not necessarily with an advantage to the
receiver (such as his sharing of a secret key with a sender or
knowledge of a trapdoor), may be sufficient for achieving cryptographic
security. This observation seems to have broader applications in
cryptography.