1,491 research outputs found
Commitment and Oblivious Transfer in the Bounded Storage Model with Errors
The bounded storage model restricts the memory of an adversary in a
cryptographic protocol, rather than restricting its computational power, making
information theoretically secure protocols feasible. We present the first
protocols for commitment and oblivious transfer in the bounded storage model
with errors, i.e., the model where the public random sources available to the
two parties are not exactly the same, but instead are only required to have a
small Hamming distance between themselves. Commitment and oblivious transfer
protocols were known previously only for the error-free variant of the bounded
storage model, which is harder to realize
Unconditional security from noisy quantum storage
We consider the implementation of two-party cryptographic primitives based on
the sole assumption that no large-scale reliable quantum storage is available
to the cheating party. We construct novel protocols for oblivious transfer and
bit commitment, and prove that realistic noise levels provide security even
against the most general attack. Such unconditional results were previously
only known in the so-called bounded-storage model which is a special case of
our setting. Our protocols can be implemented with present-day hardware used
for quantum key distribution. In particular, no quantum storage is required for
the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to
appear in IEEE Transactions on Information Theory), including bit wise
min-entropy sampling. however, for experimental purposes block sampling can
be much more convenient, please see v3 arxiv version if needed. See
arXiv:0911.2302 for a companion paper addressing aspects of a practical
implementation using block samplin
Robust Cryptography in the Noisy-Quantum-Storage Model
It was shown in [WST08] that cryptographic primitives can be implemented
based on the assumption that quantum storage of qubits is noisy. In this work
we analyze a protocol for the universal task of oblivious transfer that can be
implemented using quantum-key-distribution (QKD) hardware in the practical
setting where honest participants are unable to perform noise-free operations.
We derive trade-offs between the amount of storage noise, the amount of noise
in the operations performed by the honest participants and the security of
oblivious transfer which are greatly improved compared to the results in
[WST08]. As an example, we show that for the case of depolarizing noise in
storage we can obtain secure oblivious transfer as long as the quantum
bit-error rate of the channel does not exceed 11% and the noise on the channel
is strictly less than the quantum storage noise. This is optimal for the
protocol considered. Finally, we show that our analysis easily carries over to
quantum protocols for secure identification.Comment: 34 pages, 2 figures. v2: clarified novelty of results, improved
security analysis using fidelity-based smooth min-entropy, v3: typos and
additivity proof in appendix correcte
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
Experimental implementation of bit commitment in the noisy-storage model
Fundamental primitives such as bit commitment and oblivious transfer serve as
building blocks for many other two-party protocols. Hence, the secure
implementation of such primitives are important in modern cryptography. In this
work, we present a bit commitment protocol which is secure as long as the
attacker's quantum memory device is imperfect. The latter assumption is known
as the noisy-storage model. We experimentally executed this protocol by
performing measurements on polarization-entangled photon pairs. Our work
includes a full security analysis, accounting for all experimental error rates
and finite size effects. This demonstrates the feasibility of two-party
protocols in this model using real-world quantum devices. Finally, we provide a
general analysis of our bit commitment protocol for a range of experimental
parameters.Comment: 21 pages (7 main text +14 appendix), 6+3 figures. New version changed
author's name from Huei Ying Nelly Ng to Nelly Huei Ying Ng, for consistency
with other publication
Secure bit commitment from relativistic constraints
We investigate two-party cryptographic protocols that are secure under
assumptions motivated by physics, namely relativistic assumptions
(no-signalling) and quantum mechanics. In particular, we discuss the security
of bit commitment in so-called split models, i.e. models in which at least some
of the parties are not allowed to communicate during certain phases of the
protocol. We find the minimal splits that are necessary to evade the
Mayers-Lo-Chau no-go argument and present protocols that achieve security in
these split models. Furthermore, we introduce the notion of local versus global
command, a subtle issue that arises when the split committer is required to
delegate non-communicating agents to open the commitment. We argue that
classical protocols are insecure under global command in the split model we
consider. On the other hand, we provide a rigorous security proof in the global
command model for Kent's quantum protocol [Kent 2011, Unconditionally Secure
Bit Commitment by Transmitting Measurement Outcomes]. The proof employs two
fundamental principles of modern physics, the no-signalling property of
relativity and the uncertainty principle of quantum mechanics.Comment: published version, IEEE format, 18 pages, 8 figure
Implementation of two-party protocols in the noisy-storage model
The noisy-storage model allows the implementation of secure two-party
protocols under the sole assumption that no large-scale reliable quantum
storage is available to the cheating party. No quantum storage is thereby
required for the honest parties. Examples of such protocols include bit
commitment, oblivious transfer and secure identification. Here, we provide a
guideline for the practical implementation of such protocols. In particular, we
analyze security in a practical setting where the honest parties themselves are
unable to perform perfect operations and need to deal with practical problems
such as errors during transmission and detector inefficiencies. We provide
explicit security parameters for two different experimental setups using weak
coherent, and parametric down conversion sources. In addition, we analyze a
modification of the protocols based on decoy states.Comment: 41 pages, 33 figures, this is a companion paper to arXiv:0906.1030
considering practical aspects, v2: published version, title changed in
accordance with PRA guideline
- …