660 research outputs found
Computational Collapse of Quantum State with Application to Oblivious Transfer
Quantum 2-party cryptography differs from its classical counterpart in at least one important way: Given black-box access to a perfect commitment scheme there exists a secure 1-2 quantum oblivious transfer. This reduction proposed by Crépeau and Kilian was proved secure against any receiver by Yao, in the case where perfect commitments are used. However, quantum commitments would normally be based on computational assumptions. A natural question therefore arises: What happens to the security of the above reduction when computationally secure commitments are used instead of perfect ones? In this paper, we address the security of 1-2 QOT when computationally binding string commitments are available. In particular, we analyse the security of a primitive called Quantum Measurement Commitment when it is constructed from unconditionally concealing but computationally binding commitments. As measuring a quantum state induces an irreversible collapse, we describe a QMC as an instance of ``computational collapse of a quantum state''. In a QMC a state appears to be collapsed to a polynomial time observer who cannot extract full information about the state without breaking a computational assumption. We reduce the security of QMC to a weak binding criteria for the string commitment. We also show that secure QMCs implies QOT using a straightforward variant of the reduction above
How to Base Security on the Perfect/Statistical Binding Property of Quantum Bit Commitment?
The concept of quantum bit commitment was introduced in the early 1980s for the purpose of basing bit commitments solely on principles of quantum theory. Unfortunately, such unconditional quantum bit commitments still turn out to be impossible. As a compromise like in classical cryptography, Dumais et al. [Paul Dumais et al., 2000] introduce the conditional quantum bit commitments that additionally rely on complexity assumptions. However, in contrast to classical bit commitments which are widely used in classical cryptography, up until now there is relatively little work towards studying the application of quantum bit commitments in quantum cryptography. This may be partly due to the well-known weakness of the general quantum binding that comes from the possible superposition attack of the sender of quantum commitments, making it unclear whether quantum commitments could be useful in quantum cryptography.
In this work, following Yan et al. [Jun Yan et al., 2015] we continue studying using (canonical non-interactive) perfectly/statistically-binding quantum bit commitments as the drop-in replacement of classical bit commitments in some well-known constructions. Specifically, we show that the (quantum) security can still be established for zero-knowledge proof, oblivious transfer, and proof-of-knowledge. In spite of this, we stress that the corresponding security analyses are by no means trivial extensions of their classical analyses; new techniques are needed to handle possible superposition attacks by the cheating sender of quantum bit commitments.
Since (canonical non-interactive) statistically-binding quantum bit commitments can be constructed from quantum-secure one-way functions, we hope using them (as opposed to classical commitments) in cryptographic constructions can reduce the round complexity and weaken the complexity assumption simultaneously
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
Unconditional security from noisy quantum storage
We consider the implementation of two-party cryptographic primitives based on
the sole assumption that no large-scale reliable quantum storage is available
to the cheating party. We construct novel protocols for oblivious transfer and
bit commitment, and prove that realistic noise levels provide security even
against the most general attack. Such unconditional results were previously
only known in the so-called bounded-storage model which is a special case of
our setting. Our protocols can be implemented with present-day hardware used
for quantum key distribution. In particular, no quantum storage is required for
the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to
appear in IEEE Transactions on Information Theory), including bit wise
min-entropy sampling. however, for experimental purposes block sampling can
be much more convenient, please see v3 arxiv version if needed. See
arXiv:0911.2302 for a companion paper addressing aspects of a practical
implementation using block samplin
Insecurity of Quantum Secure Computations
It had been widely claimed that quantum mechanics can protect private
information during public decision in for example the so-called two-party
secure computation. If this were the case, quantum smart-cards could prevent
fake teller machines from learning the PIN (Personal Identification Number)
from the customers' input. Although such optimism has been challenged by the
recent surprising discovery of the insecurity of the so-called quantum bit
commitment, the security of quantum two-party computation itself remains
unaddressed. Here I answer this question directly by showing that all
``one-sided'' two-party computations (which allow only one of the two parties
to learn the result) are necessarily insecure. As corollaries to my results,
quantum one-way oblivious password identification and the so-called quantum
one-out-of-two oblivious transfer are impossible. I also construct a class of
functions that cannot be computed securely in any ``two-sided'' two-party
computation. Nevertheless, quantum cryptography remains useful in key
distribution and can still provide partial security in ``quantum money''
proposed by Wiesner.Comment: The discussion on the insecurity of even non-ideal protocols has been
greatly extended. Other technical points are also clarified. Version accepted
for publication in Phys. Rev.
Generalized Remote Preparation of Arbitrary -qubit Entangled States via Genuine Entanglements
Herein, we present a feasible, general protocol for quantum communication
within a network via generalized remote preparation of an arbitrary -qubit
entangled state designed with genuine tripartite
Greenberger--Horne--Zeilinger-type entangled resources. During the
implementations, we construct novel collective unitary operations; these
operations are tasked with performing the necessary phase transfers during
remote state preparations. We have distilled our implementation methods into a
five-step procedure, which can be used to faithfully recover the desired state
during transfer. Compared to previous existing schemes, our methodology
features a greatly increased success probability. After the consumption of
auxiliary qubits and the performance of collective unitary operations, the
probability of successful state transfer is increased four-fold and eight-fold
for arbitrary two- and three-qubit entanglements when compared to other methods
within the literature, respectively. We conclude this paper with a discussion
of the presented scheme for state preparation, including: success
probabilities, reducibility and generalizability.Comment: 16 pages, 3 figures, 3 tables, Accepted to Entrop
Classical Cryptographic Protocols in a Quantum World
Cryptographic protocols, such as protocols for secure function evaluation
(SFE), have played a crucial role in the development of modern cryptography.
The extensive theory of these protocols, however, deals almost exclusively with
classical attackers. If we accept that quantum information processing is the
most realistic model of physically feasible computation, then we must ask: what
classical protocols remain secure against quantum attackers?
Our main contribution is showing the existence of classical two-party
protocols for the secure evaluation of any polynomial-time function under
reasonable computational assumptions (for example, it suffices that the
learning with errors problem be hard for quantum polynomial time). Our result
shows that the basic two-party feasibility picture from classical cryptography
remains unchanged in a quantum world.Comment: Full version of an old paper in Crypto'11. Invited to IJQI. This is
authors' copy with different formattin
On the Computational Hardness Needed for Quantum Cryptography
In the classical model of computation, it is well established that one-way functions (OWF) are minimal for computational cryptography: They are essential for almost any cryptographic application that cannot be realized with respect to computationally unbounded adversaries. In the quantum setting, however, OWFs appear not to be essential (Kretschmer 2021; Ananth et al., Morimae and Yamakawa 2022), and the question of whether such a minimal primitive exists remains open.
We consider EFI pairs - efficiently samplable, statistically far but computationally indistinguishable pairs of (mixed) quantum states. Building on the work of Yan (2022), which shows equivalence between EFI pairs and statistical commitment schemes, we show that EFI pairs are necessary for a large class of quantum-cryptographic applications. Specifically, we construct EFI pairs from minimalistic versions of commitments schemes, oblivious transfer, and general secure multiparty computation, as well as from QCZK proofs from essentially any non-trivial language. We also construct quantum computational zero knowledge (QCZK) proofs for all of QIP from any EFI pair.
This suggests that, for much of quantum cryptography, EFI pairs play a similar role to that played by OWFs in the classical setting: they are simple to describe, essential, and also serve as a linchpin for demonstrating equivalence between primitives
Complete Insecurity of Quantum Protocols for Classical Two-Party Computation
A fundamental task in modern cryptography is the joint computation of a
function which has two inputs, one from Alice and one from Bob, such that
neither of the two can learn more about the other's input than what is implied
by the value of the function. In this Letter, we show that any quantum protocol
for the computation of a classical deterministic function that outputs the
result to both parties (two-sided computation) and that is secure against a
cheating Bob can be completely broken by a cheating Alice. Whereas it is known
that quantum protocols for this task cannot be completely secure, our result
implies that security for one party implies complete insecurity for the other.
Our findings stand in stark contrast to recent protocols for weak coin tossing,
and highlight the limits of cryptography within quantum mechanics. We remark
that our conclusions remain valid, even if security is only required to be
approximate and if the function that is computed for Bob is different from that
of Alice.Comment: v2: 6 pages, 1 figure, text identical to PRL-version (but reasonably
formatted
- …