Multi-User Guesswork and Brute Force Security

Christiansen, Mark M.; Duffy, Ken R.; du Pin Calmon, Flavio; Medard, Muriel

Author(s)

Christiansen, Mark M.; Duffy, Ken R.; Medard, Muriel; Calmon, Flavio du Pin

DownloadMedard_Multi-user.pdf (568.9Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

The guesswork problem was originally motivated by a desire to quantify computational security for single user systems. Leveraging recent results from its analysis, we extend the remit and utility of the framework to the quantification of the computational security of multi-user systems. In particular, assume that V users independently select strings stochastically from a finite, but potentially large, list. An inquisitor who does not know which strings have been selected wishes to identify U of them. The inquisitor knows the selection probabilities of each user and is equipped with a method that enables the testing of each (user, string) pair, one at a time, for whether that string had been selected by that user. Here, we establish that, unless U=V, there is no general strategy that minimizes the distribution of the number of guesses, but in the asymptote as the strings become long we prove the following: by construction, there is an asymptotically optimal class of strategies; the number of guesses required in an asymptotically optimal strategy satisfies a large deviation principle with a rate function, which is not necessarily convex, that can be determined from the rate functions of optimally guessing individual users' strings; if all users' selection statistics are identical, the exponential growth rate of the average guesswork as the string-length increases is determined by the specific Rényi entropy of the string-source with parameter (V-U+1)/(V-U+2), generalizing the known V=U=1 case; and that the Shannon entropy of the source is a lower bound on the average guesswork growth rate for all U and V, thus providing a bound on computational security for multi-user systems. Examples are presented to illustrate these results and their ramifications for systems design.

Date issued

2015-10

URI

http://hdl.handle.net/1721.1/113425

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

IEEE Transactions on Information Theory

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

Christiansen, Mark M., et al. “Multi-User Guesswork and Brute Force Security.” IEEE Transactions on Information Theory, vol. 61, no. 12, Dec. 2015, pp. 6876–86.

Version: Author's final manuscript

ISSN

0018-9448

1557-9654

Collections

MIT Open Access Articles

DSpace@MIT