168 research outputs found
Block encryption of quantum messages
In modern cryptography, block encryption is a fundamental cryptographic
primitive. However, it is impossible for block encryption to achieve the same
security as one-time pad. Quantum mechanics has changed the modern
cryptography, and lots of researches have shown that quantum cryptography can
outperform the limitation of traditional cryptography.
This article proposes a new constructive mode for private quantum encryption,
named , which is a very simple method to construct quantum
encryption from classical primitive. Based on mode, we
construct a quantum block encryption (QBE) scheme from pseudorandom functions.
If the pseudorandom functions are standard secure, our scheme is
indistinguishable encryption under chosen plaintext attack. If the pseudorandom
functions are permutation on the key space, our scheme can achieve perfect
security. In our scheme, the key can be reused and the randomness cannot, so a
-bit key can be used in an exponential number of encryptions, where the
randomness will be refreshed in each time of encryption. Thus -bit key can
perfectly encrypt qubits, and the perfect secrecy would not be broken
if the -bit key is reused for only exponential times.
Comparing with quantum one-time pad (QOTP), our scheme can be the same secure
as QOTP, and the secret key can be reused (no matter whether the eavesdropping
exists or not). Thus, the limitation of perfectly secure encryption (Shannon's
theory) is broken in the quantum setting. Moreover, our scheme can be viewed as
a positive answer to the open problem in quantum cryptography "how to
unconditionally reuse or recycle the whole key of private-key quantum
encryption". In order to physically implement the QBE scheme, we only need to
implement two kinds of single-qubit gates (Pauli gate and Hadamard gate),
so it is within reach of current quantum technology.Comment: 13 pages, 1 figure. Prior version appears in
eprint.iacr.org(iacr/2017/1247). This version adds some analysis about
multiple-message encryption, and modifies lots of contents. There are no
changes about the fundamental result
Deep Random based Key Exchange protocol resisting unlimited MITM
We present a protocol enabling two legitimate partners sharing an initial
secret to mutually authenticate and to exchange an encryption session key. The
opponent is an active Man In The Middle (MITM) with unlimited computation and
storage capacities. The resistance to unlimited MITM is obtained through the
combined use of Deep Random secrecy, formerly introduced and proved as
unconditionally secure against passive opponent for key exchange, and universal
hashing techniques. We prove the resistance to MITM interception attacks, and
show that (i) upon successful completion, the protocol leaks no residual
information about the current value of the shared secret to the opponent, and
(ii) that any unsuccessful completion is detectable by the legitimate partners.
We also discuss implementation techniques.Comment: 14 pages. V2: Updated reminder in the formalism of Deep Random
assumption. arXiv admin note: text overlap with arXiv:1611.01683,
arXiv:1507.0825
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Quantum key distribution with post-processing driven by physical unclonable functions
Quantum key-distribution protocols allow two honest distant parties to
establish a common truly random secret key in the presence of powerful
adversaries, provided that the two users share beforehand a short secret key.
This pre-shared secret key is used mainly for authentication purposes in the
post-processing of classical data that have been obtained during the quantum
communication stage, and it prevents a man-in-the-middle attack. The necessity
of a pre-shared key is usually considered as the main drawback of quantum
key-distribution protocols, which becomes even stronger for large networks
involving more that two users. Here we discuss the conditions under which
physical unclonable function can be integrated in currently available quantum
key-distribution systems, in order to facilitate the generation and the
distribution of the necessary pre-shared key, with the smallest possible cost
in the security of the systems. Moreover, the integration of physical
unclonable functions in quantum key-distribution networks allows for real-time
authentication of the devices that are connected to the network
Leftover Hashing Against Quantum Side Information
The Leftover Hash Lemma states that the output of a two-universal hash
function applied to an input with sufficiently high entropy is almost uniformly
random. In its standard formulation, the lemma refers to a notion of randomness
that is (usually implicitly) defined with respect to classical side
information. Here, we prove a (strictly) more general version of the Leftover
Hash Lemma that is valid even if side information is represented by the state
of a quantum system. Furthermore, our result applies to arbitrary delta-almost
two-universal families of hash functions. The generalized Leftover Hash Lemma
has applications in cryptography, e.g., for key agreement in the presence of an
adversary who is not restricted to classical information processing
The Security of Practical Quantum Key Distribution
Quantum key distribution (QKD) is the first quantum information task to reach
the level of mature technology, already fit for commercialization. It aims at
the creation of a secret key between authorized partners connected by a quantum
channel and a classical authenticated channel. The security of the key can in
principle be guaranteed without putting any restriction on the eavesdropper's
power.
The first two sections provide a concise up-to-date review of QKD, biased
toward the practical side. The rest of the paper presents the essential
theoretical tools that have been developed to assess the security of the main
experimental platforms (discrete variables, continuous variables and
distributed-phase-reference protocols).Comment: Identical to the published version, up to cosmetic editorial change
- …