A Framework for Unconditionally Secure Public-Key Encryption (with Possible Decryption Errors)

Abstract

We offer a public-key encryption protocol where decryption of a single bit by a legitimate party is correct with probability p that is greater than 1/2 but less than 1. At the same time, a computationally unbounded (passive) adversary correctly recovers the transmitted bit with probability exactly 1/2.

Research of Mariya Bessonov was partially supported by the NSF grant DMS-1515800. Research of Vladimir Shpilrain was partially supported by the ONR (Office of Naval Research) grant N000141512164. Research of Dima Grigoriev was partially supported by the RSF grant 16-11-10075.

Appendix

1.1 How \(P(b<a | A< B < a)\) Depends on the Number of Steps

Let \(\alpha >0\) and \(n^{\alpha }\) be the number of steps in Alice’s walk and suppose initially that this number is odd (to avoid parity issues, although the conclusion that \(P(b<a | A< B < a)\) depends on \(\alpha \) still holds when the number of steps is even). Let \(n^\beta \) be the fixed number of steps in Bob’s walk with \(0<\beta < 2\). Then \(P(b<a | A< B < a)\) depends on \(\alpha \) as follows:

• When \(\alpha \) is very small, \(P(b<a | A< B < a)\) is very close to 1/2.

• As \(\alpha \) increases, \(P(b<a | A< B < a)\) tends to \(P(b<a | B<a)\), which tends to 1 as \(n\rightarrow \infty \).

Suppose that \(n^{\alpha } = 1\). Then \(P(b<a | A< B < a)\) is the probability that \(b<a\), given that Alice’s one step was to the left and Bob’s final location happens to be between A and a, for which there is only one possibility \(B = a - 0.5\) and \(A = a - 1\). In this case,

$$ P(b<a | A< B< a) = P(b<B) = \frac{1}{2} - O\left( n^{-\beta /2}\right) , $$

or, if we remove the possibility that \(B = b\), by shifting Bob’s end point by adding or subtracting 0.5 with equal probability, then

$$ P(b<a | A< B< a) = P(b<B) \xrightarrow {n\rightarrow \infty } \frac{1}{2} $$

The probability is not exactly equal to 1/2 due to the restriction that \(0\le b \le n-1\) and \(B<n-1\). However, as \(n\xrightarrow \infty \), the probability that b is close to 1 or n goes to zero. As \(\alpha \) increases, given that \(B<a\), B is more likely to be farther from a, and when B is farther from and to the left of a, b is more likely to be less than a. This is because the number of steps in Bob’s walk remains fixed, and Bob is (almost) equally likely have started to be to the left or to the right of B. If \(b<B\), certainly \(b<a\). If \(B>b\), the fact that \(A-a\) can be larger, increases the probability that \(B<b<a\). “Almost” because of the restriction on b and B mentioned above.

Now, as \(\alpha \) increases, the condition \(A<B<a\) implies that A will be farther from a. Eventually, for \(\alpha \) large enough, A will be outside of the interval \(\{0,1,\ldots ,n-1\}\) with probability close to 1. The probability of A being in the interval will be exponentially small in \(\alpha \). If A is outside of this interval, then \(P(b<a | A< B< a) = P(b<a | B<a,\) Alice’s walk ends to the left of her starting point\() = P(b<a | B<a)\).

Lemma 1

 \(P(b< a | B < a) \rightarrow 1\) as \(n \rightarrow \infty \).

To see that this is true, consider

$$\begin{aligned} P(b<a | B<a)&= P(b<B<a | B<a) + P(B<b<a | B<a) \end{aligned}$$

(1)

The first term, \(P(b<B<a | B<a) = P(b < B) \rightarrow 1/2\) as \(n\rightarrow \infty \). If B is distance \(O(n^{\beta /2 + \epsilon })\) for small \(\epsilon > 0\), \(P(b < B)\) goes to 1/2 as \(n\rightarrow \infty \), as it is just the probability that the endpoint of the walk is to the right of the starting point. If B is close to 0, the probability is under 1/2 since Bob’s starting point b is restricted to \(\{0,1,\ldots ,n-1\}\). As \(n\rightarrow \infty \), the probability that B is close to 0 goes to zero. If B is close to \(n-1\), \(P(b < B)\) is actually close to 1, but the probability that B is close to \(n-1\) also goes to zero.

The second term, \(P(B<b<a | B<a) \xrightarrow {\, n\rightarrow \infty \,} 1/2\) as well. Here, we consider two possibilities:

• \(P(B<b<a | B<a, a-B \ge n^{\beta /2 + \epsilon }) \xrightarrow {\, n\rightarrow \infty \,}1/2\), since the probability of the displacement being greater than \(O(n^{\beta /2})\) is exponentially small.

• \(P(B<b<a | B<a, a-B < n^{\beta /2 + \epsilon })\) is not close to 1, however,

  $$P\left( a-B < n^{\beta /2 + \epsilon }\right) \xrightarrow {\, n\rightarrow \infty \,} 0$$

From this,

$$P(B<b<a | B<a) \xrightarrow {\, n\rightarrow \infty \,} P(B<b<a | B<a, a-B \ge n^{\beta /2 + \epsilon }) \xrightarrow {\, n\rightarrow \infty \,} 1/2.$$

1.2 Why \(P(b<a | B<A<a \text { or } B<a<A)\) does not depend greatly on the number of steps

Consider the two events in the condition separately and note that they are disjoint.

• If \(B<a<A\), then the probability that \(b<a\) does not depend on Alice’s walk, and thus on \(\alpha \), at all, since the condition is that Alice ended to the right of her starting point a (the probability of which is the same as Alice ending to the left of a) and B is always to the left of a in our setup. Note also that in the sample space consisting of the events \(\{B<a<A\}\cup \{B<A<a\}\), the event \(\{B<a<A\}\) has probability greater than 1/2 since Alice is more likely to end to the right of A with no other restriction than to the left of a but to the right of B.

• If \(B<A<a\), the probability that \(b<a\) does depend on the number of steps in both walks, however, if \(\beta < \alpha \) are fixed, the probability will approach 1 as \(n\rightarrow \infty \). Thus, the dependence on \(\alpha \) is weak, so long as \(\beta < \alpha \). We have here that under this condition, Alice ended her walk to the left of where she started, and Bob ended to the left of Alice’s endpoint. If Alice performed a greater number of steps than Bob, to not have \(b<a\), Bob’s displacement would have to be greater than Alice’s.