Section: Scientific Foundations

Probability and information theory

Participants : Mário Alvim, Miguel Andrés, Nicolás Bordenabe, Konstantinos Chatzikokolakis, Catuscia Palamidessi.

Much of the research of Cométe focuses on security and privacy. In particular, we are interested in the problem of the leakage of secret information through public observables.

Ideally we would like systems to be completely secure, but in practice this goal is often impossible to achieve. Therefore, we need to reason about the amount of information leaked, and the utility that it can have for the adversary, i.e. the probability that the adversary be able to exploit such information.

The recent tendency is to use information theoretic approach to model the problem and define the leakage in a quantitative way. The idea is to consider that system as an information-theoretic channel. The input represents the secret, the output represents the observable, and the correlation between the input and output (mutual information) represents the information leakage.

Information theory depends on the notion of entropy. Most of the proposals in the literature use Shannon entropy, which is the most established measure of uncertainty. From the security point of view, this measure corresponds to a particular model of attack and a particular way of estimating the security threat (vulnerability of the secret). We consider also other notions, in particular the Rényi min-entropy, which seem to be more appropriate for security in common scenarios like the one-try attacks.