201,396 research outputs found
Correlated Product Security from Any One-Way Function
It is well-known that the k-wise product of one-way functions remains one-way, but may no longer be when the k inputs are correlated. At TCC 2009, Rosen and Segev introduced a new notion known as Correlated Product secure functions. These functions have the property that a k-wise product of them remains one-way even under correlated inputs. Rosen and Segev gave a construction of injective trapdoor functions which were correlated product secure from the existence of Lossy Trapdoor Functions (introduced by Peikert and Waters in STOC 2008). The first main result of this work shows the surprising fact that a family of correlated prod-uct secure functions can be constructed from any one-way function. Because correlated product secure functions are trivially one-way, this shows an equivalence between the existence of these two cryptographic primitives. In the second main result of this work, we consider a natural decisional variant of correlated product security. Roughly, a family of functions are Decisional Correlated Product (DCP) secure if f1(x1),..., fk(x1) is indistinguishable from f1(x1),..., fk(xk) when x1,..., xk are chosen uniformly at random
Correlated Product Security From Any One-Way Function and the New Notion of Decisional Correlated Product Security
It is well-known that the k-wise product of one-way functions remains one-way, but may no longer be when the k inputs are correlated. At
TCC 2009, Rosen and Segev introduced a new notion known as Correlated Product secure functions. These functions have the property that a
k-wise product of them remains one-way even under correlated inputs. Rosen and Segev gave a construction of injective trapdoor functions
which were correlated product secure from the existence of Lossy Trapdoor Functions (introduced by Peikert and Waters in STOC 2008).
The first main result of this work shows the surprising fact that a family of correlated product secure functions can be constructed from any one-way function. Because correlated product secure functions are trivially one-way, this shows an equivalence between the existence of these two cryptographic primitives.
In the second main result of this work, we consider a natural decisional variant of correlated product security. Roughly, a family of functions are Decisional Correlated Product (DCP) secure if is indistinguishable from when are chosen uniformly at random.
We argue that the notion of Decisional Correlated Product security is a very natural one. To this end, we show a parallel from the Discrete
Log Problem and Decision Diffie-Hellman Problem to Correlated Product security and its decisional variant. This intuition gives very simple
constructions of PRGs and IND-CPA encryption from DCP secure functions. Furthermore, we strengthen our first result by showing that
the existence of DCP secure one-way functions is also equivalent to the existence of any one-way function.
When considering DCP secure functions with trapdoors, we give a construction based on Lossy Trapdoor Functions, and show that any DCP secure function family with trapdoor satisfy the security requirements for Deterministic Encryption as defined by Bellare, Boldyreva and O\u27Neill in CRYPTO 2007. In fact, we also show that definitionally, DCP secure functions with trapdoors are a strict subset of Deterministic Encryption functions by showing an example of a Deterministic Encryption function which according to the definition is not a DCP secure function
A security proof of quantum cryptography based entirely on entanglement purification
We give a proof that entanglement purification, even with noisy apparatus, is
sufficient to disentangle an eavesdropper (Eve) from the communication channel.
In the security regime, the purification process factorises the overall initial
state into a tensor-product state of Alice and Bob, on one side, and Eve on the
other side, thus establishing a completely private, albeit noisy, quantum
communication channel between Alice and Bob. The security regime is found to
coincide for all practical purposes with the purification regime of a two-way
recurrence protocol. This makes two-way entanglement purification protocols,
which constitute an important element in the quantum repeater, an efficient
tool for secure long-distance quantum cryptography.Comment: Follow-up paper to quant-ph/0108060, submitted to PRA; 24 pages,
revex
How to reuse a one-time pad and other notes on authentication, encryption and protection of quantum information
Quantum information is a valuable resource which can be encrypted in order to
protect it. We consider the size of the one-time pad that is needed to protect
quantum information in a number of cases. The situation is dramatically
different from the classical case: we prove that one can recycle the one-time
pad without compromising security. The protocol for recycling relies on
detecting whether eavesdropping has occurred, and further relies on the fact
that information contained in the encrypted quantum state cannot be fully
accessed. We prove the security of recycling rates when authentication of
quantum states is accepted, and when it is rejected. We note that recycling
schemes respect a general law of cryptography which we prove relating the size
of private keys, sent qubits, and encrypted messages. We discuss applications
for encryption of quantum information in light of the resources needed for
teleportation. Potential uses include the protection of resources such as
entanglement and the memory of quantum computers. We also introduce another
application: encrypted secret sharing and find that one can even reuse the
private key that is used to encrypt a classical message. In a number of cases,
one finds that the amount of private key needed for authentication or
protection is smaller than in the general case.Comment: 13 pages, improved rate of recycling proved in the case of rejection
of authenticatio
General paradigm for distilling classical key from quantum states
We develop a formalism for distilling a classical key from a quantum state in
a systematic way, expanding on our previous work on secure key from bound
entanglement [K. Horodecki et. al., Phys. Rev. Lett. 94 (2005)]. More detailed
proofs, discussion and examples are provided of the main results. Namely, we
demonstrate that all quantum cryptographic protocols can be recast in a way
which looks like entanglement theory, with the only change being that instead
of distilling EPR pairs, the parties distill private states. The form of these
general private states are given, and we show that there are a number of useful
ways of expressing them. Some of the private states can be approximated by
certain states which are bound entangled. Thus distillable entanglement is not
a requirement for a private key. We find that such bound entangled states are
useful for a cryptographic primitive we call a controlled private quantum
channel. We also find a general class of states which have negative partial
transpose (are NPT), but which appear to be bound entangled. The relative
entropy distance is shown to be an upper bound on the rate of key. This allows
us to compute the exact value of distillable key for a certain class of private
states.Comment: 41 pages, ReVTeX4, improved version, resubmitted to IEE
Experimenter's Freedom in Bell's Theorem and Quantum Cryptography
Bell's theorem states that no local realistic explanation of quantum
mechanical predictions is possible, in which the experimenter has a freedom to
choose between different measurement settings. Within a local realistic picture
the violation of Bell's inequalities can only be understood if this freedom is
denied. We determine the minimal degree to which the experimenter's freedom has
to be abandoned, if one wants to keep such a picture and be in agreement with
the experiment. Furthermore, the freedom in choosing experimental arrangements
may be considered as a resource, since its lacking can be used by an
eavesdropper to harm the security of quantum communication. We analyze the
security of quantum key distribution as a function of the (partial) knowledge
the eavesdropper has about the future choices of measurement settings which are
made by the authorized parties (e.g. on the basis of some quasi-random
generator). We show that the equivalence between the violation of Bell's
inequality and the efficient extraction of a secure key - which exists for the
case of complete freedom (no setting knowledge) - is lost unless one adapts the
bound of the inequality according to this lack of freedom.Comment: 7 pages, 2 figures, incorporated referee comment
New bounds on classical and quantum one-way communication complexity
In this paper we provide new bounds on classical and quantum distributional
communication complexity in the two-party, one-way model of communication. In
the classical model, our bound extends the well known upper bound of Kremer,
Nisan and Ron to include non-product distributions. We show that for a boolean
function f:X x Y -> {0,1} and a non-product distribution mu on X x Y and
epsilon in (0,1/2) constant: D_{epsilon}^{1, mu}(f)= O((I(X:Y)+1) vc(f)), where
D_{epsilon}^{1, mu}(f) represents the one-way distributional communication
complexity of f with error at most epsilon under mu; vc(f) represents the
Vapnik-Chervonenkis dimension of f and I(X:Y) represents the mutual
information, under mu, between the random inputs of the two parties. For a
non-boolean function f:X x Y ->[k], we show a similar upper bound on
D_{epsilon}^{1, mu}(f) in terms of k, I(X:Y) and the pseudo-dimension of f' =
f/k. In the quantum one-way model we provide a lower bound on the
distributional communication complexity, under product distributions, of a
function f, in terms the well studied complexity measure of f referred to as
the rectangle bound or the corruption bound of f . We show for a non-boolean
total function f : X x Y -> Z and a product distribution mu on XxY,
Q_{epsilon^3/8}^{1, mu}(f) = Omega(rec_ epsilon^{1, mu}(f)), where
Q_{epsilon^3/8}^{1, mu}(f) represents the quantum one-way distributional
communication complexity of f with error at most epsilon^3/8 under mu and rec_
epsilon^{1, mu}(f) represents the one-way rectangle bound of f with error at
most epsilon under mu . Similarly for a non-boolean partial function f:XxY -> Z
U {*} and a product distribution mu on X x Y, we show, Q_{epsilon^6/(2 x
15^4)}^{1, mu}(f) = Omega(rec_ epsilon^{1, mu}(f)).Comment: ver 1, 19 page
A Quantum-Proof Non-Malleable Extractor, With Application to Privacy Amplification against Active Quantum Adversaries
In privacy amplification, two mutually trusted parties aim to amplify the
secrecy of an initial shared secret in order to establish a shared private
key by exchanging messages over an insecure communication channel. If the
channel is authenticated the task can be solved in a single round of
communication using a strong randomness extractor; choosing a quantum-proof
extractor allows one to establish security against quantum adversaries.
In the case that the channel is not authenticated, Dodis and Wichs (STOC'09)
showed that the problem can be solved in two rounds of communication using a
non-malleable extractor, a stronger pseudo-random construction than a strong
extractor.
We give the first construction of a non-malleable extractor that is secure
against quantum adversaries. The extractor is based on a construction by Li
(FOCS'12), and is able to extract from source of min-entropy rates larger than
. Combining this construction with a quantum-proof variant of the
reduction of Dodis and Wichs, shown by Cohen and Vidick (unpublished), we
obtain the first privacy amplification protocol secure against active quantum
adversaries
Quantum entanglement
All our former experience with application of quantum theory seems to say:
{\it what is predicted by quantum formalism must occur in laboratory}. But the
essence of quantum formalism - entanglement, recognized by Einstein, Podolsky,
Rosen and Schr\"odinger - waited over 70 years to enter to laboratories as a
new resource as real as energy.
This holistic property of compound quantum systems, which involves
nonclassical correlations between subsystems, is a potential for many quantum
processes, including ``canonical'' ones: quantum cryptography, quantum
teleportation and dense coding. However, it appeared that this new resource is
very complex and difficult to detect. Being usually fragile to environment, it
is robust against conceptual and mathematical tools, the task of which is to
decipher its rich structure.
This article reviews basic aspects of entanglement including its
characterization, detection, distillation and quantifying. In particular, the
authors discuss various manifestations of entanglement via Bell inequalities,
entropic inequalities, entanglement witnesses, quantum cryptography and point
out some interrelations. They also discuss a basic role of entanglement in
quantum communication within distant labs paradigm and stress some
peculiarities such as irreversibility of entanglement manipulations including
its extremal form - bound entanglement phenomenon. A basic role of entanglement
witnesses in detection of entanglement is emphasized.Comment: 110 pages, 3 figures, ReVTex4, Improved (slightly extended)
presentation, updated references, minor changes, submitted to Rev. Mod. Phys
- …