1,422 research outputs found
Computational Collapse of Quantum State with Application to Oblivious Transfer
Quantum 2-party cryptography differs from its classical counterpart in at least one important way: Given black-box access to a perfect commitment scheme there exists a secure 1-2 quantum oblivious transfer. This reduction proposed by Crépeau and Kilian was proved secure against any receiver by Yao, in the case where perfect commitments are used. However, quantum commitments would normally be based on computational assumptions. A natural question therefore arises: What happens to the security of the above reduction when computationally secure commitments are used instead of perfect ones? In this paper, we address the security of 1-2 QOT when computationally binding string commitments are available. In particular, we analyse the security of a primitive called Quantum Measurement Commitment when it is constructed from unconditionally concealing but computationally binding commitments. As measuring a quantum state induces an irreversible collapse, we describe a QMC as an instance of ``computational collapse of a quantum state''. In a QMC a state appears to be collapsed to a polynomial time observer who cannot extract full information about the state without breaking a computational assumption. We reduce the security of QMC to a weak binding criteria for the string commitment. We also show that secure QMCs implies QOT using a straightforward variant of the reduction above
How to Convert a Flavor of Quantum Bit Commitment
In this paper we show how to convert a statistically bindingbut computationally concealing quantum bit commitment scheme into a computationally binding but statistically concealing scheme. For a security parameter n, the construction of the statistically concealing scheme requires O(n^2) executions of the statistically binding scheme. As a consequence, statistically concealing but computationally binding quantum bit commitments can be based upon any family of quantum one-way functions. Such a construction is not known to exist in the classical world
Quantum-Secure Coin Toss Protocol Using Collapse-Binding Commitments
Kinnitusskeem on laualt kasutatav krüptograafiline primitiiv, mida kasutatakse ulatuslikult erinevates rakendustes, alates teabetust tõestustest turvalise arvutamiseni. Klassikalises krüptograafias on kasutusel kanoonilised definitsioonid, mis on tõestatult arvutuslikult turvalised. Seevastu kvantkrüptograafias ei leidu kanooniliselt kasutatavaid kinnitusskeemide turvadefinitsioone, mis oleksid tõestatavalt turvalised ning lihtsalt kasutatavad. [Dominique Unruh, Computationally Binding Quantum Commitments, EUROCRYPT 2016] esitles definitsiooni, mida kutsutakse „kollaps-siduvaks“, mida saaks kasutada turvadefinitsioonina kvantkinnistusskeemides. Selles töös tutvustatakse nii klassikalise krüptograafia kinnistusskeemides kasutatavaid turvadefinitsioone kui ka kvantkrüptograafia alternatiive. Kollaps-siduvate protokollide eelised eelnevate definitsioonide ees tuuakse välja, illustreerides kollaps-siduvate protokollide kasutusvõimalust kvantturvalises mündiviske protokollis.Commitment schemes are a widely used cryptographic primitive that is used in a number of important applications, from zero-knowledge proofs to secure computation. In a classical setting, there are canonical security definitions that are proven to provide security against computationally bounded adversaries. Yet, there are no canonical security definitions that are provably secure and easy to use in the quantum case. One such definition for the quan-tum setting was proposed in [Dominique Unruh, Computationally Binding Quantum Commitments, EUROCRYPT 2016]. This paper presents the classical security definitions of commitment schemes, as well as the alternatives in the quantum setting. The advantages of the proposed security definition, called “collapse-binding” are presented, with an exam-ple use case in a quantum-secure coin toss protocol
Lattice-Based proof of a shuffle
In this paper we present the first fully post-quantum proof of a shuffle for RLWE encryption schemes. Shuffles are commonly used to construct mixing networks (mix-nets), a key element to ensure anonymity in many applications such as electronic voting systems. They should preserve anonymity even against an attack using quantum computers in order to guarantee long-term privacy. The proof presented in this paper is built over RLWE commitments which are perfectly binding and computationally hiding under the RLWE assumption, thus achieving security in a post-quantum scenario. Furthermore we provide a new definition for a secure mixing node (mix-node) and prove that our construction satisfies this definition.Peer ReviewedPostprint (author's final draft
Universally Composable Quantum Multi-Party Computation
The Universal Composability model (UC) by Canetti (FOCS 2001) allows for
secure composition of arbitrary protocols. We present a quantum version of the
UC model which enjoys the same compositionality guarantees. We prove that in
this model statistically secure oblivious transfer protocols can be constructed
from commitments. Furthermore, we show that every statistically classically UC
secure protocol is also statistically quantum UC secure. Such implications are
not known for other quantum security definitions. As a corollary, we get that
quantum UC secure protocols for general multi-party computation can be
constructed from commitments
On the Necessity of Collapsing for Post-Quantum and Quantum Commitments
Collapse binding and collapsing were proposed by Unruh (Eurocrypt \u2716) as post-quantum strengthenings of computational binding and collision resistance, respectively. These notions have been very successful in facilitating the "lifting" of classical security proofs to the quantum setting. A basic and natural question remains unanswered, however: are they the weakest notions that suffice for such lifting?
In this work we answer this question in the affirmative by giving a classical commit-and-open protocol which is post-quantum secure if and only if the commitment scheme (resp. hash function) used is collapse binding (resp. collapsing). We also generalise the definition of collapse binding to quantum commitment schemes, and prove that the equivalence carries over when the sender in this commit-and-open protocol communicates quantum information.
As a consequence, we establish that a variety of "weak" binding notions (sum binding, CDMS binding and unequivocality) are in fact equivalent to collapse binding, both for post-quantum and quantum commitments.
Finally, we prove a "win-win" result, showing that a post-quantum computationally binding commitment scheme that is not collapse binding can be used to build an equivocal commitment scheme (which can, in turn, be used to build one-shot signatures and other useful quantum primitives). This strengthens a result due to Zhandry (Eurocrypt \u2719) showing that the same object yields quantum lightning
Quantum Lightning Never Strikes the Same State Twice
Public key quantum money can be seen as a version of the quantum no-cloning
theorem that holds even when the quantum states can be verified by the
adversary. In this work, investigate quantum lightning, a formalization of
"collision-free quantum money" defined by Lutomirski et al. [ICS'10], where
no-cloning holds even when the adversary herself generates the quantum state to
be cloned. We then study quantum money and quantum lightning, showing the
following results:
- We demonstrate the usefulness of quantum lightning by showing several
potential applications, such as generating random strings with a proof of
entropy, to completely decentralized cryptocurrency without a block-chain,
where transactions is instant and local.
- We give win-win results for quantum money/lightning, showing that either
signatures/hash functions/commitment schemes meet very strong recently proposed
notions of security, or they yield quantum money or lightning.
- We construct quantum lightning under the assumed multi-collision resistance
of random degree-2 systems of polynomials.
- We show that instantiating the quantum money scheme of Aaronson and
Christiano [STOC'12] with indistinguishability obfuscation that is secure
against quantum computers yields a secure quantum money schem
PROPYLA: Privacy Preserving Long-Term Secure Storage
An increasing amount of sensitive information today is stored electronically
and a substantial part of this information (e.g., health records, tax data,
legal documents) must be retained over long time periods (e.g., several decades
or even centuries). When sensitive data is stored, then integrity and
confidentiality must be protected to ensure reliability and privacy. Commonly
used cryptographic schemes, however, are not designed for protecting data over
such long time periods. Recently, the first storage architecture combining
long-term integrity with long-term confidentiality protection was proposed
(AsiaCCS'17). However, the architecture only deals with a simplified storage
scenario where parts of the stored data cannot be accessed and verified
individually. If this is allowed, however, not only the data content itself,
but also the access pattern to the data (i.e., the information which data items
are accessed at which times) may be sensitive information. Here we present the
first long-term secure storage architecture that provides long-term access
pattern hiding security in addition to long-term integrity and long-term
confidentiality protection. To achieve this, we combine information-theoretic
secret sharing, renewable timestamps, and renewable commitments with an
information-theoretic oblivious random access machine. Our performance analysis
of the proposed architecture shows that achieving long-term integrity,
confidentiality, and access pattern hiding security is feasible.Comment: Few changes have been made compared to proceedings versio
Defeating classical bit commitments with a quantum computer
It has been recently shown by Mayers that no bit commitment scheme is secure
if the participants have unlimited computational power and technology. However
it was noticed that a secure protocol could be obtained by forcing the cheater
to perform a measurement. Similar situations had been encountered previously in
the design of Quantum Oblivious Transfer. The question is whether a classical
bit commitment could be used for this specific purpose. We demonstrate that,
surprisingly, classical unconditionally concealing bit commitments do not help.Comment: 13 pages. Supersedes quant-ph/971202
- …