Linking Classical and Quantum Key Agreement: Is There "Bound Information"?

After carrying out a protocol for quantum key agreement over a noisy quantum channel, the parties Alice and Bob must process the raw key in order to end up with identical keys about which the adversary has virtually no information. In principle, both classical and quantum protocols can be used for this processing. It is a natural question which type of protocols is more powerful. We prove for general states but under the assumption of incoherent eavesdropping that Alice and Bob share some so-called intrinsic information in their classical random variables, resulting from optimal measurements, if and only if the parties' quantum systems are entangled. In addition, we provide evidence that the potentials of classical and of quantum protocols are equal in every situation. Consequently, many techniques and results from quantum information theory directly apply to problems in classical information theory, and vice versa. For instance, it was previously believed that two parties can carry out unconditionally secure key agreement as long as they share some intrinsic information in the adversary's view. The analysis of this purely classical problem from the quantum information-theoretic viewpoint shows that this is true in the binary case, but false in general. More explicitly, bound entanglement, i.e., entanglement that cannot be purified by any quantum protocol, has a classical counterpart. This "bound intrinsic information" cannot be distilled to a secret key by any classical protocol. As another application we propose a measure for entanglement based on classical information-theoretic quantities.Comment: Accepted for Crypto 2000. 17 page

Secure Two-Party Computation over a Z-Channel

In secure two-party computation, two mutually distrusting parties are interested in jointly computing a function, while preserving the privacy of their respective inputs. However, when communicating over a clear channel, security against computationally unbounded adversaries is impossible. Thus is the importance of noisy channels, over which we can build Oblivious Transfer (OT), a fundamental primitive in cryptography and the basic building block for any secure multi-party computation. The noisy channels commonly used in current constructions are mostly derived from the Binary Symmetric Channel (BSC), which is modified to extend the capabilities of an attacker. Still, these constructions are based on very strong assumptions, in particular on the error probability, which makes them hard to implement. In this paper, we provide a protocol achieving oblivious transfer over a Z-channel, a natural channel model in various contexts, ranging from optical to covert communication. The protocol proves to be particularly efficient for a large range of error probabilities p (e.g., for 0.17 ≤ p ≤ 0.29 when a security parameter ε = 10− 9 is chosen), where it requires a limited amount of data to be sent through the channel. Our construction also proves to offer security against unfair adversaries, who are able to select the channel probability within a fixed range. We provide coding schemes that can further increase the efficiency of the protocol for probabilities distant from the range mentioned above, and also allow the use of a Z-channel with an error probability greater than 0.5. The flexibility and the efficiency of the construction make an actual implementation of oblivious transfer a more realistic prospect

Building Oblivious Transfer on Channel Delays

In the information-theoretic setting, where adversaries have unlimited computational power, the fundamental cryptographic primitive Oblivious Transfer (OT) cannot be securely achieved if the parties are communicating over a clear channel. To preserve secrecy and security, the players have to rely on noise in the communication. Noisy channels are therefore a useful tool to model noise behavior and build protocols implementing OT. This paper explores a source of errors that is inherently present in practically any transmission medium, but has been scarcely studied in this context: delays in the communication. In order to have a model for the delays that is both general and comparable to the channels usually used for OT – such as the Binary Symmetric Channel (BSC) – we introduce a new noisy channel, the Binary Discrete-time Delaying Channel (BDDC). We show that such a channel realistically reproduces real-life communication scenarios where delays are hard to predict and we propose a protocol for achieving oblivious transfer over the BDDC. We analyze the security of our construction in the semi-honest setting, showing that our realization of OT substantially decreases the protocol sensitivity to the user’s knowledge of the channel compared to solutions relying on other channel properties, and is very efficient for wide ranges of delay probabilities. The flexibility and generality of the model opens the way for future implementation in media where delays are a fundamental characteristic

General paradigm for distilling classical key from quantum states

We develop a formalism for distilling a classical key from a quantum state in a systematic way, expanding on our previous work on secure key from bound entanglement [K. Horodecki et. al., Phys. Rev. Lett. 94 (2005)]. More detailed proofs, discussion and examples are provided of the main results. Namely, we demonstrate that all quantum cryptographic protocols can be recast in a way which looks like entanglement theory, with the only change being that instead of distilling EPR pairs, the parties distill private states. The form of these general private states are given, and we show that there are a number of useful ways of expressing them. Some of the private states can be approximated by certain states which are bound entangled. Thus distillable entanglement is not a requirement for a private key. We find that such bound entangled states are useful for a cryptographic primitive we call a controlled private quantum channel. We also find a general class of states which have negative partial transpose (are NPT), but which appear to be bound entangled. The relative entropy distance is shown to be an upper bound on the rate of key. This allows us to compute the exact value of distillable key for a certain class of private states.Comment: 41 pages, ReVTeX4, improved version, resubmitted to IEE

Quantum Cryptography

Quantum cryptography could well be the first application of quantum mechanics at the individual quanta level. The very fast progress in both theory and experiments over the recent years are reviewed, with emphasis on open questions and technological issues.Comment: 55 pages, 32 figures; to appear in Reviews of Modern Physic

Exploiting Turbulence to increase Quantum Key Distribution feasibility over free-space channels

La principale problematica quando si ha a che fare con le comunicazioni free-space -ed in particolare con quelle a grande distanza- è la turbolenza atmosferica. Si propone un approccio innovativo per sfruttare questa criticità anzichè contrastarla, in modo da migliorare le prestazioni del sistemaopenEmbargo per motivi di segretezza e/o di proprietà dei risultati e/o informazioni sensibil