[{"date_updated":"2019-08-02T12:37:57Z","date_published":"2013-01-29T00:00:00Z","language":[{"iso":"eng"}],"volume":7785,"oa_version":"Submitted Version","page":"23 - 39","editor":[{"full_name":"Sahai, Amit","first_name":"Amit","last_name":"Sahai"}],"month":"01","author":[{"last_name":"Krenn","id":"329FCCF0-F248-11E8-B48F-1D18A9856A87","full_name":"Krenn, Stephan","first_name":"Stephan"},{"last_name":"Pietrzak","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","full_name":"Pietrzak, Krzysztof Z","first_name":"Krzysztof Z"},{"last_name":"Wadia","first_name":"Akshay","full_name":"Wadia, Akshay"}],"project":[{"_id":"258C570E-B435-11E9-9278-68D0E5697425","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"oa":1,"intvolume":" 7785","type":"conference","title":"A counterexample to the chain rule for conditional HILL entropy, and what deniable encryption has to do with it","_id":"2940","year":"2013","doi":"10.1007/978-3-642-36594-2_2","conference":{"location":"Tokyo, Japan","end_date":"2013-03-06","start_date":"2013-03-03","name":"TCC: Theory of Cryptography Conference"},"related_material":{"record":[{"id":"1479","relation":"later_version","status":"public"}]},"ddc":["000"],"file_date_updated":"2019-01-22T14:11:11Z","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","department":[{"_id":"KrPi"}],"citation":{"chicago":"Krenn, Stephan, Krzysztof Z Pietrzak, and Akshay Wadia. “A Counterexample to the Chain Rule for Conditional HILL Entropy, and What Deniable Encryption Has to Do with It.” edited by Amit Sahai, 7785:23–39. Springer, 2013. https://doi.org/10.1007/978-3-642-36594-2_2.","apa":"Krenn, S., Pietrzak, K. Z., & Wadia, A. (2013). A counterexample to the chain rule for conditional HILL entropy, and what deniable encryption has to do with it. In A. Sahai (Ed.) (Vol. 7785, pp. 23–39). Presented at the TCC: Theory of Cryptography Conference, Tokyo, Japan: Springer. https://doi.org/10.1007/978-3-642-36594-2_2","ama":"Krenn S, Pietrzak KZ, Wadia A. A counterexample to the chain rule for conditional HILL entropy, and what deniable encryption has to do with it. In: Sahai A, ed. Vol 7785. Springer; 2013:23-39. doi:10.1007/978-3-642-36594-2_2","mla":"Krenn, Stephan, et al. *A Counterexample to the Chain Rule for Conditional HILL Entropy, and What Deniable Encryption Has to Do with It*. Edited by Amit Sahai, vol. 7785, Springer, 2013, pp. 23–39, doi:10.1007/978-3-642-36594-2_2.","short":"S. Krenn, K.Z. Pietrzak, A. Wadia, in:, A. Sahai (Ed.), Springer, 2013, pp. 23–39.","ieee":"S. Krenn, K. Z. Pietrzak, and A. Wadia, “A counterexample to the chain rule for conditional HILL entropy, and what deniable encryption has to do with it,” presented at the TCC: Theory of Cryptography Conference, Tokyo, Japan, 2013, vol. 7785, pp. 23–39.","ista":"Krenn S, Pietrzak KZ, Wadia A. 2013. A counterexample to the chain rule for conditional HILL entropy, and what deniable encryption has to do with it. TCC: Theory of Cryptography Conference, LNCS, vol. 7785. 23–39."},"publisher":"Springer","abstract":[{"text":"A chain rule for an entropy notion H(.) states that the entropy H(X) of a variable X decreases by at most l if conditioned on an l-bit string A, i.e., H(X|A)>= H(X)-l. More generally, it satisfies a chain rule for conditional entropy if H(X|Y,A)>= H(X|Y)-l.\r\n\r\nAll natural information theoretic entropy notions we are aware of (like Shannon or min-entropy) satisfy some kind of chain rule for conditional entropy. Moreover, many computational entropy notions (like Yao entropy, unpredictability entropy and several variants of HILL entropy) satisfy the chain rule for conditional entropy, though here not only the quantity decreases by l, but also the quality of the entropy decreases exponentially in l. However, for \r\nthe standard notion of conditional HILL entropy (the computational equivalent of min-entropy) the existence of such a rule was unknown so far.\r\n\r\nIn this paper, we prove that for conditional HILL entropy no meaningful chain rule exists, assuming the existence of one-way permutations: there exist distributions X,Y,A, where A is a distribution over a single bit, but $H(X|Y)>>H(X|Y,A)$, even if we simultaneously allow for a massive degradation in the quality of the entropy.\r\n\r\nThe idea underlying our construction is based on a surprising connection between the chain rule for HILL entropy and deniable encryption. ","lang":"eng"}],"status":"public","publication_status":"published","accept":"1","publist_id":"3795","date_created":"2018-12-11T12:00:27Z","quality_controlled":"1","file":[{"relation":"main_file","content_type":"application/pdf","file_id":"5875","file_size":414823,"creator":"dernst","open_access":1,"file_name":"2013_LNCS_Krenn.pdf","date_created":"2019-01-22T14:11:11Z","success":1,"date_updated":"2019-01-22T14:11:11Z","access_level":"open_access"}],"alternative_title":["LNCS"],"day":"29"}]