1,402 research outputs found
Approximate Quantum Error-Correcting Codes and Secret Sharing Schemes
It is a standard result in the theory of quantum error-correcting codes that
no code of length n can fix more than n/4 arbitrary errors, regardless of the
dimension of the coding and encoded Hilbert spaces. However, this bound only
applies to codes which recover the message exactly. Naively, one might expect
that correcting errors to very high fidelity would only allow small violations
of this bound. This intuition is incorrect: in this paper we describe quantum
error-correcting codes capable of correcting up to (n-1)/2 arbitrary errors
with fidelity exponentially close to 1, at the price of increasing the size of
the registers (i.e., the coding alphabet). This demonstrates a sharp
distinction between exact and approximate quantum error correction. The codes
have the property that any components reveal no information about the
message, and so they can also be viewed as error-tolerant secret sharing
schemes.
The construction has several interesting implications for cryptography and
quantum information theory. First, it suggests that secret sharing is a better
classical analogue to quantum error correction than is classical error
correction. Second, it highlights an error in a purported proof that verifiable
quantum secret sharing (VQSS) is impossible when the number of cheaters t is
n/4. More generally, the construction illustrates a difference between exact
and approximate requirements in quantum cryptography and (yet again) the
delicacy of security proofs and impossibility results in the quantum model.Comment: 14 pages, no figure
Network Codes Resilient to Jamming and Eavesdropping
We consider the problem of communicating information over a network secretly
and reliably in the presence of a hidden adversary who can eavesdrop and inject
malicious errors. We provide polynomial-time, rate-optimal distributed network
codes for this scenario, improving on the rates achievable in previous work.
Our main contribution shows that as long as the sum of the adversary's jamming
rate Zo and his eavesdropping rate Zi is less than the network capacity C,
(i.e., Zo+Zi<C), our codes can communicate (with vanishingly small error
probability) a single bit correctly and without leaking any information to the
adversary. We then use this to design codes that allow communication at the
optimal source rate of C-Zo-Zi, while keeping the communicated message secret
from the adversary. Interior nodes are oblivious to the presence of adversaries
and perform random linear network coding; only the source and destination need
to be tweaked. In proving our results we correct an error in prior work by a
subset of the authors in this work.Comment: 6 pages, to appear at IEEE NetCod 201
Computational Quantum Secret Sharing
Quantum secret sharing (QSS) allows a dealer to distribute a secret quantum state among a set of parties in such a way that certain authorized subsets can reconstruct the secret, while unauthorized subsets obtain no information about it. Previous works on QSS for general access structures focused solely on the existence of perfectly secure schemes, and the share size of the known schemes is necessarily exponential even in cases where the access structure is computed by polynomial size monotone circuits. This stands in stark contrast to the classical setting, where polynomial-time computationally-secure secret sharing schemes have been long known for all access structures computed by polynomial-size monotone circuits under standard hardness assumptions, and one can even obtain shares which are much shorter than the secret (which is impossible with perfect security).
While QSS was introduced over twenty years ago, previous works only considered information-theoretic privacy. In this work, we initiate the study of computationally-secure QSS and show that computational assumptions help significantly in building QSS schemes, just as in the classical case. We present a simple compiler and use it to obtain a large variety results: We construct polynomial-time computationally-secure QSS schemes under standard hardness assumptions for a rich class of access structures. This includes many access structures for which previous results in QSS necessarily required exponential share size. In fact, we can go even further: We construct QSS schemes for which the size of the quantum shares is significantly smaller than the size of the secret. As in the classical setting, this is impossible with perfect security.
We also apply our compiler to obtain results beyond computational QSS. In the information-theoretic setting, we improve the share size of perfect QSS schemes for a large class of n-party access structures to 1.5^{n+o(n)}, improving upon best known schemes and matching the best known result for general access structures in the classical setting. Finally, among other things, we study the class of access structures which can be efficiently implemented when the quantum secret sharing scheme has access to a given number of copies of the secret, including all such functions in ? and NP
Nearly optimal robust secret sharing
Abstract: We prove that a known approach to improve Shamir's celebrated secret sharing scheme; i.e., adding an information-theoretic authentication tag to the secret, can make it robust for n parties against any collusion of size δn, for any constant δ ∈ (0; 1/2). This result holds in the so-called “nonrushing” model in which the n shares are submitted simultaneously for reconstruction. We thus finally obtain a simple, fully explicit, and robust secret sharing scheme in this model that is essentially optimal in all parameters including the share size which is k(1+o(1))+O(κ), where k is the secret length and κ is the security parameter. Like Shamir's scheme, in this modified scheme any set of more than δn honest parties can efficiently recover the secret. Using algebraic geometry codes instead of Reed-Solomon codes, the share length can be decreased to a constant (only depending on δ) while the number of shares n can grow independently. In this case, when n is large enough, the scheme satisfies the “threshold” requirement in an approximate sense; i.e., any set of δn(1 + ρ) honest parties, for arbitrarily small ρ > 0, can efficiently reconstruct the secret
Information-theoretic Physical Layer Security for Satellite Channels
Shannon introduced the classic model of a cryptosystem in 1949, where Eve has
access to an identical copy of the cyphertext that Alice sends to Bob. Shannon
defined perfect secrecy to be the case when the mutual information between the
plaintext and the cyphertext is zero. Perfect secrecy is motivated by
error-free transmission and requires that Bob and Alice share a secret key.
Wyner in 1975 and later I.~Csisz\'ar and J.~K\"orner in 1978 modified the
Shannon model assuming that the channels are noisy and proved that secrecy can
be achieved without sharing a secret key. This model is called wiretap channel
model and secrecy capacity is known when Eve's channel is noisier than Bob's
channel.
In this paper we review the concept of wiretap coding from the satellite
channel viewpoint. We also review subsequently introduced stronger secrecy
levels which can be numerically quantified and are keyless unconditionally
secure under certain assumptions. We introduce the general construction of
wiretap coding and analyse its applicability for a typical satellite channel.
From our analysis we discuss the potential of keyless information theoretic
physical layer security for satellite channels based on wiretap coding. We also
identify system design implications for enabling simultaneous operation with
additional information theoretic security protocols
An Epitome of Multi Secret Sharing Schemes for General Access Structure
Secret sharing schemes are widely used now a days in various applications,
which need more security, trust and reliability. In secret sharing scheme, the
secret is divided among the participants and only authorized set of
participants can recover the secret by combining their shares. The authorized
set of participants are called access structure of the scheme. In Multi-Secret
Sharing Scheme (MSSS), k different secrets are distributed among the
participants, each one according to an access structure. Multi-secret sharing
schemes have been studied extensively by the cryptographic community. Number of
schemes are proposed for the threshold multi-secret sharing and multi-secret
sharing according to generalized access structure with various features. In
this survey we explore the important constructions of multi-secret sharing for
the generalized access structure with their merits and demerits. The features
like whether shares can be reused, participants can be enrolled or dis-enrolled
efficiently, whether shares have to modified in the renewal phase etc., are
considered for the evaluation
- …