Scalable Multiterminal Key Agreement via Error-Correcting Codes

TL;DR

The paper presents a scalable multiterminal secret key agreement scheme based on Reed-Solomon MDS codes, encoding a secret with an (n,k) code so that any k shares reconstruct the key while fewer shares leak nothing. It derives the secret-key capacity for the no-helper case as C_S = (n-k)/(n-1) log q and links this capacity to multivariate mutual information bounds, further extending results to helper scenarios. The work also analyzes MMI properties of full-rank MDS codes and discusses security considerations, parameter choices, and practical applications such as key refreshment and robustness to noisy channels. Overall, it provides a novel duality between secret sharing and SKA and a concrete, code-based protocol with theoretical performance guarantees.

Abstract

We explore connections between secret sharing and secret key agreement, which yield a simple and scalable multiterminal key agreement protocol. In our construction, we use error-correcting codes, specifically Reed-Solomon codes with threshold reconstruction, to ensure no information is leaked to an eavesdropper. We then derive novel bounds for both full-rank maximum distance separable codes and our scheme's secret key capacity, using key capacity's duality with multivariate mutual information.

Figures (1)

• Figure 1: Multiple terminals $\{Z_1, Z_2, Z_3, Z_4 \}$ communicating with one another in public discussion. An eavesdropper listens in to their communication. In this work, their goal is to establish the same secret key without giving any information about the key to the eavesdropper.

Theorems & Definitions (13)

• Definition 1: Multiterminal communication
• Definition 2: Operational SKA
• Definition 3: Secret key capacity
• Definition 4: MDS codes
• Definition 5: Reed-Solomon codes
• Definition 6: Multivariate mutual information
• Definition 7: Probabilistic polynomial-time adversary
• Definition 8: IND-CPA Security (e.g., see KL14)
• Theorem 1
• Lemma 1