124 research outputs found
An All-But-One Entropic Uncertainty Relation, and Application to Password-based Identification
Entropic uncertainty relations are quantitative characterizations of
Heisenberg's uncertainty principle, which make use of an entropy measure to
quantify uncertainty. In quantum cryptography, they are often used as
convenient tools in security proofs. We propose a new entropic uncertainty
relation. It is the first such uncertainty relation that lower bounds the
uncertainty in the measurement outcome for all but one choice for the
measurement from an arbitrarily large (but specifically chosen) set of possible
measurements, and, at the same time, uses the min-entropy as entropy measure,
rather than the Shannon entropy. This makes it especially suited for quantum
cryptography. As application, we propose a new quantum identification scheme in
the bounded quantum storage model. It makes use of our new uncertainty relation
at the core of its security proof. In contrast to the original quantum
identification scheme proposed by Damg{\aa}rd et al., our new scheme also
offers some security in case the bounded quantum storage assumption fails hold.
Specifically, our scheme remains secure against an adversary that has unbounded
storage capabilities but is restricted to non-adaptive single-qubit operations.
The scheme by Damg{\aa}rd et al., on the other hand, completely breaks down
under such an attack.Comment: 33 pages, v
Unconditional security from noisy quantum storage
We consider the implementation of two-party cryptographic primitives based on
the sole assumption that no large-scale reliable quantum storage is available
to the cheating party. We construct novel protocols for oblivious transfer and
bit commitment, and prove that realistic noise levels provide security even
against the most general attack. Such unconditional results were previously
only known in the so-called bounded-storage model which is a special case of
our setting. Our protocols can be implemented with present-day hardware used
for quantum key distribution. In particular, no quantum storage is required for
the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to
appear in IEEE Transactions on Information Theory), including bit wise
min-entropy sampling. however, for experimental purposes block sampling can
be much more convenient, please see v3 arxiv version if needed. See
arXiv:0911.2302 for a companion paper addressing aspects of a practical
implementation using block samplin
Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model
Experimental implementation of bit commitment in the noisy-storage model
Fundamental primitives such as bit commitment and oblivious transfer serve as
building blocks for many other two-party protocols. Hence, the secure
implementation of such primitives are important in modern cryptography. In this
work, we present a bit commitment protocol which is secure as long as the
attacker's quantum memory device is imperfect. The latter assumption is known
as the noisy-storage model. We experimentally executed this protocol by
performing measurements on polarization-entangled photon pairs. Our work
includes a full security analysis, accounting for all experimental error rates
and finite size effects. This demonstrates the feasibility of two-party
protocols in this model using real-world quantum devices. Finally, we provide a
general analysis of our bit commitment protocol for a range of experimental
parameters.Comment: 21 pages (7 main text +14 appendix), 6+3 figures. New version changed
author's name from Huei Ying Nelly Ng to Nelly Huei Ying Ng, for consistency
with other publication
Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model
Maintaining secrecy when information leakage is unavoidable
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 109-115).(cont.) We apply the framework to get new results, creating (a) encryption schemes with very short keys, and (b) hash functions that leak no information about their input, yet-paradoxically-allow testing if a candidate vector is close to the input. One of the technical contributions of this research is to provide new, cryptographic uses of mathematical tools from complexity theory known as randomness extractors.Sharing and maintaining long, random keys is one of the central problems in cryptography. This thesis provides about ensuring the security of a cryptographic key when partial information about it has been, or must be, leaked to an adversary. We consider two basic approaches: 1. Extracting a new, shorter, secret key from one that has been partially compromised. Specifically, we study the use of noisy data, such as biometrics and personal information, as cryptographic keys. Such data can vary drastically from one measurement to the next. We would like to store enough information to handle these variations, without having to rely on any secure storage-in particular, without storing the key itself in the clear. We solve the problem by casting it in terms of key extraction. We give a precise definition of what "security" should mean in this setting, and design practical, general solutions with rigorous analyses. Prior to this work, no solutions were known with satisfactory provable security guarantees. 2. Ensuring that whatever is revealed is not actually useful. This is most relevant when the key itself is sensitive-for example when it is based on a person's iris scan or Social Security Number. This second approach requires the user to have some control over exactly what information is revealed, but this is often the case: for example, if the user must reveal enough information to allow another user to correct errors in a corrupted key. How can the user ensure that whatever information the adversary learns is not useful to her? We answer by developing a theoretical framework for separating leaked information from useful information. Our definition strengthens the notion of entropic security, considered before in a few different contexts.by Adam Davison Smith.Ph.D
- …