Abstract
In this paper, we propose various quantitative information-theoretic bit security reduction measures that correlate the statistical difference between two probability distributions with the security level gap for two cryptographic schemes. We derive tighter relations between information-theoretic measures for quantifying the precision and guarantee the security level of the cryptographic scheme implemented over a precision-restricted environment. Further, the generalized versions of previous security reductions are devised by relaxing the constraints on the upper bounds of the information-theoretic measures. This makes it possible to estimate bit security more reliable and improves the security level. We also estimate the effects on the security level when the $\kappa $ -bit secure original scheme is implemented on a $p$ -bit precision system. In previous studies, $p$ was fixed as $\frac {\kappa }2$ ; however, the proposed schemes are generalized such that the security level $\kappa $ and precision $p$ can vary independently. This results in a significant difference. Moreover, previous results cannot provide the exact lower bound of the security level for $p\ne {\frac {\kappa }{2}}$ . However, the proposed results can provide the exact lower bound of the estimation value of the security level as long as the precision $p$ satisfies certain conditions. We provide diverse types of security reduction formulas for the six types of information-theoretic measures. The proposed schemes can provide information-theoretic guidelines regarding the difference between the security levels of two identical cryptographic schemes when extracting randomness from two different probability distributions. In particular, the proposed schemes can be used to quantitatively estimate the effect of the statistical difference between the ideal and real distributions on the security level.
Highlights
T HE security of almost every modern cryptographic primitive depends on randomness, which is extracted from a specific probability distribution
Many studies have been conducted to analyze the way that the security level changes when the probability distribution for the randomness of the cryptographic scheme is replaced by another probability distribution
We propose methodologies for elaborately estimating the effects on the security level of the cryptographic scheme when the κ-bit secure original scheme is implemented on a p-bit precision system, where p can be set to any value as long as certain conditions are satisfied
Summary
T HE security of almost every modern cryptographic primitive depends on randomness, which is extracted from a specific probability distribution (e.g., a lattice-based cryptographic scheme extracts its randomness from a discrete Gaussian distribution). It still has significant limitations owing to its universal use because we can obtain the exact lower bound of the estimation value of the security level by applying Theorem 1 only when an efficient measure δ satisfies δ(Pθ, Qθ) Theorem 3 without exception provides the exact lower bound of the estimation value of the security level of SQ as long as f (κ) satisfies the condition f (κ) ≥ −2log2(1 − e−1 − 2−κ).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
