2,037 research outputs found
Quantum-enhanced Secure Delegated Classical Computing
We present a quantumly-enhanced protocol to achieve unconditionally secure
delegated classical computation where the client and the server have both
limited classical and quantum computing capacity. We prove the same task cannot
be achieved using only classical protocols. This extends the work of Anders and
Browne on the computational power of correlations to a security setting.
Concretely, we present how a client with access to a non-universal classical
gate such as a parity gate could achieve unconditionally secure delegated
universal classical computation by exploiting minimal quantum gadgets. In
particular, unlike the universal blind quantum computing protocols, the
restriction of the task to classical computing removes the need for a full
universal quantum machine on the side of the server and makes these new
protocols readily implementable with the currently available quantum technology
in the lab
Quantum computing on encrypted data
The ability to perform computations on encrypted data is a powerful tool for
protecting privacy. Recently, protocols to achieve this on classical computing
systems have been found. Here we present an efficient solution to the quantum
analogue of this problem that enables arbitrary quantum computations to be
carried out on encrypted quantum data. We prove that an untrusted server can
implement a universal set of quantum gates on encrypted quantum bits (qubits)
without learning any information about the inputs, while the client, knowing
the decryption key, can easily decrypt the results of the computation. We
experimentally demonstrate, using single photons and linear optics, the
encryption and decryption scheme on a set of gates sufficient for arbitrary
quantum computations. Because our protocol requires few extra resources
compared to other schemes it can be easily incorporated into the design of
future quantum servers. These results will play a key role in enabling the
development of secure distributed quantum systems
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
Public-Key Encryption with Delegated Search
In public-key setting, Alice encrypts email with public key of Bob, so that only Bob will be able to learn contents of email. Consider scenario when computer of Alice is infected and unbeknown to Alice it also embeds malware into message. Bob's company, Carol, cannot scan his email for malicious content as it is encrypted so burden is on Bob to do scan. This is not efficient. We construct mechanism that enables Bob to provide trapdoors to Carol such that Carol, given encrypted data and malware signature, is able to check whether encrypted data contains malware signature, without decrypting it. We refer to this mechanism as Public-Key Encryption with Delegated Search SPKE.\ud
\ud
We formalize SPKE and give construction based on ElGamal public-key encryption (PKE). proposed scheme has ciphertexts which are both searchable and decryptable. This property of scheme is crucial since entity can search entire content of message, in contrast to existing searchable public-key encryption schemes where search is done only in metadata part. We prove in standard model that scheme is ciphertext indistinguishable and trapdoor indistinguishable under Symmetric External Diffie-Hellman (sxdh) assumption. We prove also ciphertext one-wayness of scheme under modified Computational Diffie-Hellman (mcdh) assumption. We show that our PKEDS scheme can be used in different applications such as detecting encrypted malwares and forwarding encrypted emails
Experimental Demonstration of Quantum Fully Homomorphic Encryption with Application in a Two-Party Secure Protocol
A fully homomorphic encryption system hides data from unauthorized parties,
while still allowing them to perform computations on the encrypted data. Aside
from the straightforward benefit of allowing users to delegate computations to
a more powerful server without revealing their inputs, a fully homomorphic
cryptosystem can be used as a building block in the construction of a number of
cryptographic functionalities. Designing such a scheme remained an open problem
until 2009, decades after the idea was first conceived, and the past few years
have seen the generalization of this functionality to the world of quantum
machines. Quantum schemes prior to the one implemented here were able to
replicate some features in particular use-cases often associated with
homomorphic encryption but lacked other crucial properties, for example,
relying on continual interaction to perform a computation or leaking
information about the encrypted data. We present the first experimental
realisation of a quantum fully homomorphic encryption scheme. We further
present a toy two-party secure computation task enabled by our scheme. Finally,
as part of our implementation, we also demonstrate a post-selective two-qubit
linear optical controlled-phase gate with a much higher post-selection success
probability (1/2) when compared to alternate implementations, e.g. with
post-selective controlled- or controlled- gates (1/9).Comment: 11 pages, 16 figures, 2 table
- …