2,069 research outputs found
A note on Tensor Simple Matrix Encryption Scheme
The simple matrix encryption scheme (Tao-Diene-Tang-Ding, PQCrypto 2013) has a problem of decryption failures. Quite recently, Petzoldt-Ding-Wang (http://eprint.iacr.org/2016/010) proposed a new version of this scheme called the tensor simple matrix encryption scheme to remove decryption failures by using
a tensor product of two small matrices as its secret key. However, it is much weaker than the original scheme. In this note, we show that the tensor simple matrix encryption scheme is equivalent to a weak version of the original simple matrix encryption scheme
Approximate Randomization of Quantum States With Fewer Bits of Key
Randomization of quantum states is the quantum analogue of the classical
one-time pad. We present an improved, efficient construction of an
approximately randomizing map that uses O(d/epsilon^2) Pauli operators to map
any d-dimensional state to a state that is within trace distance epsilon of the
completely mixed state. Our bound is a log d factor smaller than that of
Hayden, Leung, Shor, and Winter (2004), and Ambainis and Smith (2004).
Then, we show that a random sequence of essentially the same number of
unitary operators, chosen from an appropriate set, with high probability form
an approximately randomizing map for d-dimensional states. Finally, we discuss
the optimality of these schemes via connections to different notions of
pseudorandomness, and give a new lower bound for small epsilon.Comment: 18 pages, Quantum Computing Back Action, IIT Kanpur, March 2006,
volume 864 of AIP Conference Proceedings, pages 18--36. Springer, New Yor
Small Pseudo-Random Families of Matrices: Derandomizing Approximate Quantum Encryption
A quantum encryption scheme (also called private quantum channel, or state
randomization protocol) is a one-time pad for quantum messages. If two parties
share a classical random string, one of them can transmit a quantum state to
the other so that an eavesdropper gets little or no information about the state
being transmitted. Perfect encryption schemes leak no information at all about
the message. Approximate encryption schemes leak a non-zero (though small)
amount of information but require a shorter shared random key. Approximate
schemes with short keys have been shown to have a number of applications in
quantum cryptography and information theory.
This paper provides the first deterministic, polynomial-time constructions of
quantum approximate encryption schemes with short keys. Previous constructions
(quant-ph/0307104) are probabilistic--that is, they show that if the operators
used for encryption are chosen at random, then with high probability the
resulting protocol will be a secure encryption scheme. Moreover, the resulting
protocol descriptions are exponentially long. Our protocols use keys of the
same length as (or better length than) the probabilistic constructions; to
encrypt qubits approximately, one needs bits of shared key.
An additional contribution of this paper is a connection between classical
combinatorial derandomization and constructions of pseudo-random matrix
families in a continuous space.Comment: 11 pages, no figures. In Proceedings of RANDOM 2004, Cambridge, MA,
August 200
Authentication of Quantum Messages
Authentication is a well-studied area of classical cryptography: a sender S
and a receiver R sharing a classical private key want to exchange a classical
message with the guarantee that the message has not been modified by any third
party with control of the communication line. In this paper we define and
investigate the authentication of messages composed of quantum states. Assuming
S and R have access to an insecure quantum channel and share a private,
classical random key, we provide a non-interactive scheme that enables S both
to encrypt and to authenticate (with unconditional security) an m qubit message
by encoding it into m+s qubits, where the failure probability decreases
exponentially in the security parameter s. The classical private key is 2m+O(s)
bits. To achieve this, we give a highly efficient protocol for testing the
purity of shared EPR pairs. We also show that any scheme to authenticate
quantum messages must also encrypt them. (In contrast, one can authenticate a
classical message while leaving it publicly readable.) This has two important
consequences: On one hand, it allows us to give a lower bound of 2m key bits
for authenticating m qubits, which makes our protocol asymptotically optimal.
On the other hand, we use it to show that digitally signing quantum states is
impossible, even with only computational security.Comment: 22 pages, LaTeX, uses amssymb, latexsym, time
On the Optimality of Quantum Encryption Schemes
It is well known that n bits of entropy are necessary and sufficient to
perfectly encrypt n bits (one-time pad). Even if we allow the encryption to be
approximate, the amount of entropy needed doesn't asymptotically change.
However, this is not the case when we are encrypting quantum bits. For the
perfect encryption of n quantum bits, 2n bits of entropy are necessary and
sufficient (quantum one-time pad), but for approximate encryption one
asymptotically needs only n bits of entropy. In this paper, we provide the
optimal trade-off between the approximation measure epsilon and the amount of
classical entropy used in the encryption of single quantum bits. Then, we
consider n-qubit encryption schemes which are a composition of independent
single-qubit ones and provide the optimal schemes both in the 2- and the
operator-norm. Moreover, we provide a counterexample to show that the
encryption scheme of Ambainis-Smith based on small-bias sets does not work in
the operator-norm.Comment: 15 page
XONN: XNOR-based Oblivious Deep Neural Network Inference
Advancements in deep learning enable cloud servers to provide
inference-as-a-service for clients. In this scenario, clients send their raw
data to the server to run the deep learning model and send back the results.
One standing challenge in this setting is to ensure the privacy of the clients'
sensitive data. Oblivious inference is the task of running the neural network
on the client's input without disclosing the input or the result to the server.
This paper introduces XONN, a novel end-to-end framework based on Yao's Garbled
Circuits (GC) protocol, that provides a paradigm shift in the conceptual and
practical realization of oblivious inference. In XONN, the costly
matrix-multiplication operations of the deep learning model are replaced with
XNOR operations that are essentially free in GC. We further provide a novel
algorithm that customizes the neural network such that the runtime of the GC
protocol is minimized without sacrificing the inference accuracy.
We design a user-friendly high-level API for XONN, allowing expression of the
deep learning model architecture in an unprecedented level of abstraction.
Extensive proof-of-concept evaluation on various neural network architectures
demonstrates that XONN outperforms prior art such as Gazelle (USENIX
Security'18) by up to 7x, MiniONN (ACM CCS'17) by 93x, and SecureML (IEEE
S&P'17) by 37x. State-of-the-art frameworks require one round of interaction
between the client and the server for each layer of the neural network,
whereas, XONN requires a constant round of interactions for any number of
layers in the model. XONN is first to perform oblivious inference on Fitnet
architectures with up to 21 layers, suggesting a new level of scalability
compared with state-of-the-art. Moreover, we evaluate XONN on four datasets to
perform privacy-preserving medical diagnosis.Comment: To appear in USENIX Security 201
Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation
We revisit the notion of deniability in quantum key exchange (QKE), a topic
that remains largely unexplored. In the only work on this subject by Donald
Beaver, it is argued that QKE is not necessarily deniable due to an
eavesdropping attack that limits key equivocation. We provide more insight into
the nature of this attack and how it extends to other constructions such as QKE
obtained from uncloneable encryption. We then adopt the framework for quantum
authenticated key exchange, developed by Mosca et al., and extend it to
introduce the notion of coercer-deniable QKE, formalized in terms of the
indistinguishability of real and fake coercer views. Next, we apply results
from a recent work by Arrazola and Scarani on covert quantum communication to
establish a connection between covert QKE and deniability. We propose DC-QKE, a
simple deniable covert QKE protocol, and prove its deniability via a reduction
to the security of covert QKE. Finally, we consider how entanglement
distillation can be used to enable information-theoretically deniable protocols
for QKE and tasks beyond key exchange.Comment: 16 pages, published in the proceedings of NordSec 201
Quantum computing on encrypted data
The ability to perform computations on encrypted data is a powerful tool for
protecting privacy. Recently, protocols to achieve this on classical computing
systems have been found. Here we present an efficient solution to the quantum
analogue of this problem that enables arbitrary quantum computations to be
carried out on encrypted quantum data. We prove that an untrusted server can
implement a universal set of quantum gates on encrypted quantum bits (qubits)
without learning any information about the inputs, while the client, knowing
the decryption key, can easily decrypt the results of the computation. We
experimentally demonstrate, using single photons and linear optics, the
encryption and decryption scheme on a set of gates sufficient for arbitrary
quantum computations. Because our protocol requires few extra resources
compared to other schemes it can be easily incorporated into the design of
future quantum servers. These results will play a key role in enabling the
development of secure distributed quantum systems
Recommended from our members
Affine Determinant Programs: A Framework for Obfuscation and Witness Encryption
An affine determinant program ADP: {0,1}^n → {0,1} is specified by a tuple (A,B_1,...,B_n) of square matrices over F_q and a function Eval: F_q → {0,1}, and evaluated on x \in {0,1}^n by computing Eval(det(A + sum_{i \in [n]} x_i B_i)).
In this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation.
As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation
- …