1,422 research outputs found

    Computational Collapse of Quantum State with Application to Oblivious Transfer

    Get PDF
    Quantum 2-party cryptography differs from its classical counterpart in at least one important way: Given black-box access to a perfect commitment scheme there exists a secure 1-2 quantum oblivious transfer. This reduction proposed by Crépeau and Kilian was proved secure against any receiver by Yao, in the case where perfect commitments are used. However, quantum commitments would normally be based on computational assumptions. A natural question therefore arises: What happens to the security of the above reduction when computationally secure commitments are used instead of perfect ones? In this paper, we address the security of 1-2 QOT when computationally binding string commitments are available. In particular, we analyse the security of a primitive called Quantum Measurement Commitment when it is constructed from unconditionally concealing but computationally binding commitments. As measuring a quantum state induces an irreversible collapse, we describe a QMC as an instance of ``computational collapse of a quantum state''. In a QMC a state appears to be collapsed to a polynomial time observer who cannot extract full information about the state without breaking a computational assumption. We reduce the security of QMC to a weak binding criteria for the string commitment. We also show that secure QMCs implies QOT using a straightforward variant of the reduction above

    How to Convert a Flavor of Quantum Bit Commitment

    Get PDF
    In this paper we show how to convert a statistically bindingbut computationally concealing quantum bit commitment scheme into a computationally binding but statistically concealing scheme. For a security parameter n, the construction of the statistically concealing scheme requires O(n^2) executions of the statistically binding scheme. As a consequence, statistically concealing but computationally binding quantum bit commitments can be based upon any family of quantum one-way functions. Such a construction is not known to exist in the classical world

    Quantum-Secure Coin Toss Protocol Using Collapse-Binding Commitments

    Get PDF
    Kinnitusskeem on laualt kasutatav krüptograafiline primitiiv, mida kasutatakse ulatuslikult erinevates rakendustes, alates teabetust tõestustest turvalise arvutamiseni. Klassikalises krüptograafias on kasutusel kanoonilised definitsioonid, mis on tõestatult arvutuslikult turvalised. Seevastu kvantkrüptograafias ei leidu kanooniliselt kasutatavaid kinnitusskeemide turvadefinitsioone, mis oleksid tõestatavalt turvalised ning lihtsalt kasutatavad. [Dominique Unruh, Computationally Binding Quantum Commitments, EUROCRYPT 2016] esitles definitsiooni, mida kutsutakse „kollaps-siduvaks“, mida saaks kasutada turvadefinitsioonina kvantkinnistusskeemides. Selles töös tutvustatakse nii klassikalise krüptograafia kinnistusskeemides kasutatavaid turvadefinitsioone kui ka kvantkrüptograafia alternatiive. Kollaps-siduvate protokollide eelised eelnevate definitsioonide ees tuuakse välja, illustreerides kollaps-siduvate protokollide kasutusvõimalust kvantturvalises mündiviske protokollis.Commitment schemes are a widely used cryptographic primitive that is used in a number of important applications, from zero-knowledge proofs to secure computation. In a classical setting, there are canonical security definitions that are proven to provide security against computationally bounded adversaries. Yet, there are no canonical security definitions that are provably secure and easy to use in the quantum case. One such definition for the quan-tum setting was proposed in [Dominique Unruh, Computationally Binding Quantum Commitments, EUROCRYPT 2016]. This paper presents the classical security definitions of commitment schemes, as well as the alternatives in the quantum setting. The advantages of the proposed security definition, called “collapse-binding” are presented, with an exam-ple use case in a quantum-secure coin toss protocol

    Lattice-Based proof of a shuffle

    Get PDF
    In this paper we present the first fully post-quantum proof of a shuffle for RLWE encryption schemes. Shuffles are commonly used to construct mixing networks (mix-nets), a key element to ensure anonymity in many applications such as electronic voting systems. They should preserve anonymity even against an attack using quantum computers in order to guarantee long-term privacy. The proof presented in this paper is built over RLWE commitments which are perfectly binding and computationally hiding under the RLWE assumption, thus achieving security in a post-quantum scenario. Furthermore we provide a new definition for a secure mixing node (mix-node) and prove that our construction satisfies this definition.Peer ReviewedPostprint (author's final draft

    Universally Composable Quantum Multi-Party Computation

    Full text link
    The Universal Composability model (UC) by Canetti (FOCS 2001) allows for secure composition of arbitrary protocols. We present a quantum version of the UC model which enjoys the same compositionality guarantees. We prove that in this model statistically secure oblivious transfer protocols can be constructed from commitments. Furthermore, we show that every statistically classically UC secure protocol is also statistically quantum UC secure. Such implications are not known for other quantum security definitions. As a corollary, we get that quantum UC secure protocols for general multi-party computation can be constructed from commitments

    On the Necessity of Collapsing for Post-Quantum and Quantum Commitments

    Get PDF
    Collapse binding and collapsing were proposed by Unruh (Eurocrypt \u2716) as post-quantum strengthenings of computational binding and collision resistance, respectively. These notions have been very successful in facilitating the "lifting" of classical security proofs to the quantum setting. A basic and natural question remains unanswered, however: are they the weakest notions that suffice for such lifting? In this work we answer this question in the affirmative by giving a classical commit-and-open protocol which is post-quantum secure if and only if the commitment scheme (resp. hash function) used is collapse binding (resp. collapsing). We also generalise the definition of collapse binding to quantum commitment schemes, and prove that the equivalence carries over when the sender in this commit-and-open protocol communicates quantum information. As a consequence, we establish that a variety of "weak" binding notions (sum binding, CDMS binding and unequivocality) are in fact equivalent to collapse binding, both for post-quantum and quantum commitments. Finally, we prove a "win-win" result, showing that a post-quantum computationally binding commitment scheme that is not collapse binding can be used to build an equivocal commitment scheme (which can, in turn, be used to build one-shot signatures and other useful quantum primitives). This strengthens a result due to Zhandry (Eurocrypt \u2719) showing that the same object yields quantum lightning

    Quantum Lightning Never Strikes the Same State Twice

    Get PDF
    Public key quantum money can be seen as a version of the quantum no-cloning theorem that holds even when the quantum states can be verified by the adversary. In this work, investigate quantum lightning, a formalization of "collision-free quantum money" defined by Lutomirski et al. [ICS'10], where no-cloning holds even when the adversary herself generates the quantum state to be cloned. We then study quantum money and quantum lightning, showing the following results: - We demonstrate the usefulness of quantum lightning by showing several potential applications, such as generating random strings with a proof of entropy, to completely decentralized cryptocurrency without a block-chain, where transactions is instant and local. - We give win-win results for quantum money/lightning, showing that either signatures/hash functions/commitment schemes meet very strong recently proposed notions of security, or they yield quantum money or lightning. - We construct quantum lightning under the assumed multi-collision resistance of random degree-2 systems of polynomials. - We show that instantiating the quantum money scheme of Aaronson and Christiano [STOC'12] with indistinguishability obfuscation that is secure against quantum computers yields a secure quantum money schem

    PROPYLA: Privacy Preserving Long-Term Secure Storage

    Full text link
    An increasing amount of sensitive information today is stored electronically and a substantial part of this information (e.g., health records, tax data, legal documents) must be retained over long time periods (e.g., several decades or even centuries). When sensitive data is stored, then integrity and confidentiality must be protected to ensure reliability and privacy. Commonly used cryptographic schemes, however, are not designed for protecting data over such long time periods. Recently, the first storage architecture combining long-term integrity with long-term confidentiality protection was proposed (AsiaCCS'17). However, the architecture only deals with a simplified storage scenario where parts of the stored data cannot be accessed and verified individually. If this is allowed, however, not only the data content itself, but also the access pattern to the data (i.e., the information which data items are accessed at which times) may be sensitive information. Here we present the first long-term secure storage architecture that provides long-term access pattern hiding security in addition to long-term integrity and long-term confidentiality protection. To achieve this, we combine information-theoretic secret sharing, renewable timestamps, and renewable commitments with an information-theoretic oblivious random access machine. Our performance analysis of the proposed architecture shows that achieving long-term integrity, confidentiality, and access pattern hiding security is feasible.Comment: Few changes have been made compared to proceedings versio

    Defeating classical bit commitments with a quantum computer

    Full text link
    It has been recently shown by Mayers that no bit commitment scheme is secure if the participants have unlimited computational power and technology. However it was noticed that a secure protocol could be obtained by forcing the cheater to perform a measurement. Similar situations had been encountered previously in the design of Quantum Oblivious Transfer. The question is whether a classical bit commitment could be used for this specific purpose. We demonstrate that, surprisingly, classical unconditionally concealing bit commitments do not help.Comment: 13 pages. Supersedes quant-ph/971202
    corecore