We show that the mutual information, in the sense of Kolmogorov complexity, of any pair of strings x and y is equal, up to logarithmic precision, to the length of the longest shared secret key that two parties, one having x and the complexity profile of the pair and the other one having y and the complexity profile of the pair, can establish via a probabilistic protocol with interaction on a public channel. For ℓ > 2, the longest shared secret that can be established from a tuple of strings (x1, ..., x ℓ ) by ℓ parties, each one having one component of the tuple and the complexity profile of the tuple, is equal, up to logarithmic precision, to the complexity of the tuple minus the minimum communication necessary for distributing the tuple to all parties. We establish the communication complexity of secret key agreement protocols that produce a secret key of maximal length, for protocols with public randomness. We also show that if the communication complexity drops below the established threshold, then only very short secret keys can be obtained. supported in part by the National Science Foundation through grant 1811729.
No protocol can produce a longer shared secret key (up to an O(log n) additive term).Secret key agreement for three or more parties. Mutual information is only defined for two strings, but secret key agreement can be explored for the case of more strings. Let us consider again an example. Suppose that each of Alice, Bob, and Charlie have a point in the affine plane over the finite field with 2 n elements, and that the three points, which we call A, B, C, are collinear. Thus, each party has 2n bits of information, but together they have 5n bits of information, because given two points, the third one can be described with n bits. The parties want to establish a common secret key, but they can only communicate by broadcasting messages over a public channel. They can proceed as follows. Alice will broadcast a string p A , Bob a string p B , and Charlie a string p C , such that each party using his/her point and the received information will reconstruct the three collinear points A, B, C. A protocol that achieves this is called an omniscience protocol because it spreads to everyone the information possessed at the beginning individually by each party. In the next step, each party will compress the 5n bits, comprising the three points, to a string that is random given p A , p B , p C . The compressed string is the common secret key. We will see that up to logarithmic precision it has length 5n − (|p A | + |p B | + |p C |). Assuming we know how to do the omniscience protocol and the compression step, this protocol produces a common secret key of length 5n − CO(A, B, C), where CO (A, B, C) is the minimum communication for the omniscience task for the points A, B, C. In our example, it is clear that each one of p A , p B , p C must be at least n bits long, and that any two of these strings must contain together at least 3n bits. Using some recent results from the reference [Zim17], it can be shown that an...