International Association
for Cryptologic Research

In this paper, we revisit formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols. In general, we can formalize information-theoretic security in various ways: some of them can be formalized as stand-alone security by extending (or relaxing) Shannon\'s perfect secrecy; some of them can be done based on composable security. Then, a natural question about this is: what is the gap between the formalizations? To answer the question, we investigate relationships between several formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols. Specifically, for symmetric-key encryption protocols which may have decryption-errors, we deal with the following formalizations of security: formalizations extended (or relaxed) from Shannon\'s perfect secrecy by using mutual information and statistical distance; information-theoretic analogue of indistinguishability by Goldwasser and Micali; and the ones of composable security by Maurer et al. and Canetti. Then, we show that those formalizations are essentially equivalent under both one-time and multiple-use models. Under the both models, we also derive lower bounds of the adversary\'s (or distinguisher\'s) advantage and secret-key size required under all of the above formalizations. Although some of them are already known, we can derive them all at once through our relationships between the formalizations. In addition, we briefly observe impossibility results which easily follow from the lower bounds. The similar results are also shown for key agreement protocols which may have agreement-errors.