Common use of Notation and Definitions Clause in Contracts

Notation and Definitions. A one-way secret-key agreement protocol has three important parameters, which are denoted by the same letters throughout the paper: the length m of the secret key produced, a security parameter k, and the number n of instances of the initial random variables used. It will be convenient in applications to assume that, for given m and k, n can be computed by a function n(k, m). Definition 1 (Protocol). A one-way secret-key agreement (OW-SKA) proto- col on consists of the function n(k, m) : N N N; a function fam- ily, called ▇▇▇▇▇, with parameters k and m, mapping n instances of X to a bit string SA 0, 1 m (the secret key) and a bit string Γ 0, 1 ∗ (the communica- tion); and a function family, called ▇▇▇, with parameters k and m, mapping Γ and n instances of Y to a bit string SB 0, 1 m. The protocol is efficient if n(k, m), ▇▇▇▇▇, and ▇▇▇ can be computed by probabilistic Turing machines in time poly(k, m). The rate of the protocol is limk→∞ limm→∞ n(k,m) . The goal of secret-key agreement is to get a secure key (SA, SB), i.e., two strings which are likely to be equal and look like a uniform random string to Eve. We can define this as follows: Definition 2 (Secure Key). A pair (X, Y ) over 0, 1 m 0, 1 m of random variables is ε-secure with respect to Z if PXY Z − PUU × PZ ≤ ε, where PUU is the probability distribution over {0, 1}m × {0, 1}m given by PUU (x, y)= 2−m if x = y 0 otherwise. We say that a protocol is secure if it generates a 2−k-secure key with respect to the information Eve has after the protocol execution, that is, the initial ran- domness Z1,... , Zn and the communication Γ . In some cases it is desirable to have a protocol which works for a class of distributions rather than for a sin- gle distribution (since one may not know the exact distribution of the random variables).

Notation and Definitions. A one-way secret-key agreement protocol has three important parameters, which are denoted by the same letters throughout the paper: the length m of the secret key produced, a security parameter k, and the number n of instances of the initial random variables used. It will be convenient in applications to assume that, for given m and k, n can be computed by a function n(k, m). Definition 1 (Protocol). A one-way secret-key agreement (OW-SKA) proto- col protocol on consists of the function n(k, m) : N N N; a function fam- ilyfamily, called ▇▇▇▇▇, with parameters k and m, mapping n instances in- stances of X to a bit string SA 0, 1 m (the secret key) and a bit string Γ 0▇ ▇, 1 ▇ ∗ (the communica- tion▇▇▇ ▇▇▇▇▇▇▇▇▇▇▇▇▇); and a function family, called ▇▇▇, with parameters k and m, mapping Γ and n instances of Y to a bit string SB 0, 1 m. The protocol is efficient if n(k, m), ▇▇▇▇▇, and ▇▇▇ can be computed by probabilistic Turing machines in time poly(k, m). The rate of the protocol is limk→∞ limm→∞ n(k,m) . The goal of secret-key agreement is to get a secure key (SA, SB), i.e., two strings which are likely to be equal and look like a uniform random string to Eve. We can define this as follows: Definition 2 (Secure Key). A pair (X, Y ) over 0, 1 m 0, 1 m of random variables is ε-secure with respect to Z if PXY ǁPXY Z − PUU × PZ PZǁ ≤ ε, where PUU is the probability distribution over {0, 1}m × {0, 1}m given by PUU (x, y)= 2−m y) = .2−m if x = y 0 otherwise. We say that a protocol is secure if it generates a 2−k-secure key with respect to the information Eve has after the protocol execution, that is, the initial ran- domness Z1,... randomness ▇▇, Zn . . . , ▇▇ and the communication Γ . In some cases it is desirable to have a protocol which works for a class of distributions distri- butions rather than for a sin- gle single distribution (since one may not know the exact distribution of the random variables).