Deep Random Secrecy Presentation

© Thibault de Valroger - 2015© Thibault de Valroger - 2015
What is Deep Random Secrecy ?
Thibault de Valroger
tdevalroger@gmail.com
September 2015

© Thibault de Valroger - 2015
What is Deep Random Secrecy ?
• A new kind of cryptographic method, designed to
resist to unlimitedly powered opponents
• Based on a new kind of randomized information,
such that probability distribution is made
unknowledgeable for external observers
• Made to enable partners to exchange data with
perfect security even if they don’t share priorly
any secret common information

Why building such a mehod ?
• Existing methods to securely exchange data :
– Or rely on unproven hypothesis of hardness, like public key cryptography.
• P≠NP conjecture may happen to be proven as false
• Quantum computing is likely to cause most of those methods to collapse within the next
decades to come
– Or rely on setup procedures that are complex to roll out and potentially
breachable, like one time pad
– Or rely on hypothesis about the environment that are difficult if not
impossible to verify in practice, such as memory bounded adversaries or
idependant noisy channels
– Or rely on physical theories that are not proven and make the system difficult
to build and use, like quantum cryptography or chaos cryptography
• Securing information exchange is about managing risk of interception. If
the information is really sensitive, the risk shall be zero

What is the concept ?
• To run Deep Random Secrecy, 2 partners
need:
– A Deep Random Generator (DRG) for each one,
that they can run on their own
– A Perfect Secrecy Protocol (PSP) that they can
execute together
– And of course a classical communication
environment that does not need any particular
characteristics

Degradation:
Reduce the accuracy of the signal
Bayesian Inference: 𝑃(𝑋 = 𝑥 𝐼 = 𝑖) =
𝜒(𝑖,𝑥)𝛷(𝑥)
𝜒 𝑖,𝑥 𝛷 𝑥 𝑑𝑥
Need to know the probability distribution Φ !
Private random
information: 𝑋
with distribution
𝑃 𝑋 = 𝑥 = Φ(𝑥)
Public degraded
information: 𝐼
𝑃(𝐼 = 𝑖 𝑋 = 𝑥) = 𝜒(𝑖, 𝑥)

If you know the
distibution, the
inference from public
information is easy
???
If you don’t, any secret
information is a priori as
much possible as another
knowing the public
information

DRG Alice
Partner Alice
Φ(𝑥) = ? ? ?
PSP role Alice
DRG Bob
Partner Bob
Φ′(𝑦) = ? ? ?
PSP role Bob⋮
𝑥 𝑦Private random
information for Alice
Private random
information for Bob
𝑖
Public information
degraded form 𝑥
and published by
Alice
𝑗
Public information
degraded form 𝑦
and published by Bob
Estimation of secret
shared information by
Alice = 𝑽 𝑨(𝒙, 𝒋)
Estimation of secret
shared information by
Bob = 𝑽 𝑩(𝒚, 𝒊)
Estimation of secret shared
information by Mallory = 𝑽 𝑴(𝒊, 𝒋)
𝑽 𝑴(𝒊, 𝒋) 𝑽 𝑨 𝒐𝒓 𝑽 𝑩
? ? ?
Opponent
Mallory
No possible Bayesian inference if Φ and Φ’ are unknown

How to figure Degradation concept ?
A definition first: 𝑉 being a random variable with
values in 𝐸, a random variable 𝑉′ with values in
𝐹 is said « engendered by 𝑉 » iff there exists an
engendering distribution 𝜓: 𝐸 × 𝐹 ⟶ [0,1] of
𝑉′ such that:
∀𝑥 ∈ 𝐸,
𝑦∈𝐹
𝜓 𝑥, 𝑦 𝜕𝑦 = 1
𝑃 𝑉′
= 𝑦 𝑉 = 𝑥 = 𝜓 𝑥, 𝑦

A simple example then (the « quantum analogy »):
• Let 𝑉 be a binary random variable with parameter
𝜃/𝑘 with θ ∈ [0,1] and 𝑘 > 1
• An observer wants to engender another binary
random variable 𝑉′ from 𝑉 with first moment
(expectation) = 𝜃 : the only possibility is 𝑉′
= 𝑘𝑉
• Then the second moment (variance) of 𝑉′ is then
larger than for 𝑉 which means that 𝑉′ is less
accurate than 𝑉
𝜃 → 𝜃/𝑘
is a degradation transformation of a binary
random variable with parameter 𝜃

The Quantum analogy
𝑉 a binary random variable with
parameter 𝜃
𝑄 a quantum particule
𝜃 → 𝜃/𝑘, the degradation of 𝑉
Choice of a measurement instrument. A
measurement instrument is capturing only
a « partial view » of quantum reality
Experiment of 𝑉′ degraded variable of 𝑉 Measurement of 𝑄
Impossibility to engender a random
variable from 𝑉′ with same mean and
variance than 𝑉
Heisenberg uncertainty principle:
impossibility to reliably measure both
position and speed
Deep Random Secrecy relies on this
principle, but Bayesian inference shall
be overcome by sophisticated methods
Benefit from Heisenberg principle at
macroscopic scale for cryptography needs
complex systems

What is a Deep Random Generator ?
• In an effort to govern uncertainty
with a set of logical rules, Laplace
expressed the Principle of
insufficient reason:
« if you know nothing about the
probability of occurrence of 2 events,
you should consider them as equaliy
likely »

• The theoretical approach is based on a new axiomatic: the
Deep Random Axiom (as a modern version of Laplace’s
principle)
Formulation 1:
 𝑋 and 𝑌 being 2 random variables ; if 𝑋 has a secret distribution for
Mallory, then:
Formulation 2:
 𝑋, 𝑋′ being 2 random variables with values in 𝐸, and 𝑌 being a random
variable with values in 𝐹 engendered from any variable with values in
𝐸; if 𝑋, 𝑋′ have secret distribution for Mallory, then:
𝑬 𝒇(𝑿) 𝒀 𝑴𝒂𝒍𝒍𝒐𝒓𝒚 has no dependency with probability distribution of 𝑿
𝑬 𝒇(𝑿) 𝒀 𝑴𝒂𝒍𝒍𝒐𝒓𝒚 = 𝑬 𝒇(𝑿′) 𝒀 𝑴𝒂𝒍𝒍𝒐𝒓𝒚

In practice, Deep Random can be generated from computing ressources
Alice emulates internally the PSP playing the roles of Alice, Bob and Mallory
Step 𝑚 − 1:
𝜔 𝑚−1 is the best
strategy knowing the
past distributions Φ𝑗,
𝑗 ≤ 𝑚 − 1
Step 𝑚:
Φ 𝑚 is a new distribution that makes
𝜔 𝑚−1unefficient for the given PSP
…
The PSP must be such that
whatever is 𝜔 the strategy of the
opponent, there exists a
distribution for each partner such
that 𝜔 becomes unefficient
t t
Alice’s DRG Alice needs for a
« secret » distribution
at a given moment 𝑡 𝑚
The DRG generates a
draw with Φ 𝑚 for Alice

How to build a Perfect Secrecy
Protocol ?
• A PSP (Perfect Secrecy Protocol) is a
communication protocol in which:
– Legitimate partners make use of Deep Random
Generation
– Published information is obtained by Degradation
transformation of secret information generated by
DRG
– The legitimate partners have an advantage when they
estimate say 𝑉𝐴 compared to the opponent who
estimate 𝑉𝐴 from the public information under the
hypothesis of the Deep Random Axiom
• Let’s see hereafter what that means

Protocol ?
• Under the hypothesis of the Deep Random
Axiom, a reversible transformation in the
sample space do not change the perception of
the probability distribution for the opponent
• In other (technical) words, one can consider 𝐺
any group of transformations in the sample
space, such that for any 𝑔 ∈ 𝐺, Φ(𝑥) and Φ ∘
𝑔(𝑥) are undistinguishable for the opponent
under Deep Random Axiom

Protocol ?
• This means then that you can reasonnably
assume that the probability distribution is
restricted for the opponent to an invariant class
by group 𝐺
• Or in other words, that the only distributions that
shall be considered by the opponent are of the
form:
1
𝐺
𝑔∈𝐺
Φ ∘ 𝑔(𝑥)
Φ
≜ Δ 𝐺

Protocol ?
• This kind of restriction over the set of
distributions to be considered by the opponent,
also induces a restriction over the set of relevant
strategies to use for the opponent,
• This restriced set of strategies is:
𝜔 𝑖, 𝑗 = 𝐸 𝑉𝐴 (𝑖, 𝑗 and Φ, Φ′ ∈ Δ 𝐺] Φ,Φ′ ≜ Ω 𝐺

Protocol ?
• Then you can manage to build a Perfect Secrecy
Protocol if:
Inf 𝜔∈Ω 𝐺
𝐸 (𝜔 − 𝑉𝐴)2
> 𝐸 (𝑉𝐵 − 𝑉𝐴)2
• More precisely, when you are there, you have
created « Advantage Distillation » for the
legitimate partners. Perfect Secrecy can then be
obtained by « Reconciliation » and « Privacy
Amplification » techniques.
• See
http://crypto.cs.mcgill.ca/~crepeau/COMP649/04.
00476316.pdf for a good understanding of those
notions

Independence Phenomenon
• In pratical, Perfect Secrecy Protocols are not easy to
design because:
– You need to implement a DRG (see before)
– You need to overcome the Independence Phonomenon
• The Independence Phenomenon is basically the fact
that, even if the distributions chosen by Alice and Bob
are totally unknown for the opponent Mallory, he, at
least, knows that they have been chosen idependently
because Alice and Bob don’t know each other before
the transaction
• This gives a huge information to Mallory, and Perfect
Secrecy Protocols have to discard this information by
clever (and complex) « synchronization process »

The Cryptologic Limit Quest
• Can all this really work ??
• Good new is YES ! (I believe so), and the
simple fact that it is possible is a surprising
result (apparently contradicting Shannon
impossibility Theorem)
• An example is presented with proven
security : http://arxiv.org/abs/1507.08258
• But the story is far from being over

• If such a Perfect Secrecy Protocol exists, then
the next question is: what is the best one ?
• Typically the best one is
the one consuming less
network banwidth

• We thus define a new kind of entropy
– 𝜀 the bit error rate of the protocol
– 𝜀′ the bit knowledge rate of the opponent enabled by the
protocol
– 𝐻 𝑉𝐴 the entropy (classic) of the legitimate shared secret
estimation by 𝐴
– 𝑄 the quantity of information exchanged through the protocol
• Then the Reliability rate is defined intuitively by
𝑅 = 1 − 𝜀 − 𝜀′
• And the entropy to measure the perfectly reliable
information obtained through the protocol 𝒫 is defined
intuitively by
𝐻(𝒫) ≜ 𝐻 𝑉𝐴 𝒫 × max(0, 𝑅 𝒫 )

• The search of the Cryptologic Limit is then the search
of:
𝐶 = sup 𝒫
𝐻(𝒫)
𝑄(𝒫)
• in other words, the less greedy Perfectly Secure
Protocol (under Deep Random Axiom)
• Hope you will join the Quest !

That’s all (here) folks !
• Want serious reading with detailed
explanations and hard calculations ?
(will not cure your scratching head)
• Want to discuss the idea ?
• Want to insult the heretic ?
• Headached ?
http://arxiv.org/abs
/1507.08258
tdevalroger@gmail.com

Deep Random Secrecy Presentation

More Related Content

Similar to Deep Random Secrecy Presentation (20)

Recently uploaded (20)

Deep Random Secrecy Presentation