MULTI-PHOTON TOLERANT QUANTUM KEY DISTRIBUTION PROTOCOLS FOR SECURED GLOBAL COMMUNICATION

This dissertation investigates the potential of multi-photon tolerant protocols for satellite-aided global quantum key distribution (QKD). Recent investigations like braided single-stage protocol and the implementation of the three-stage protocol in fiber have indicated that multi-photon tolerant protocols have wide-ranging capabilities for increasing the distance and speed of quantum-secure communication. This dissertation proposes satellite-based network multicasting and its operation that can profitably use multi-photon tolerant protocols for quantum-secure global communication. With a growingly interconnected world and an increasing need for security in communication, communication satellites at Lower Earth Orbits (LEO), Medium Earth Orbit (MEO) and Geostationary Earth Orbit (GEO) have a potential role in serving as a means to distribute secure keys for encryption among distant endpoints. This dissertation systematically evaluates such a role. The dissertation proposes a layered framework using satellites and fiber optic links that can form a composite system for carrying the information payload and distributing quantum-secure keys for encrypting information in transit. Quantum communications links are currently point-to-point. Considering the concept of global QKD network, there is need for multicast quantum links. Multi casting can be achieved in quantum networks by (a) using multiple wavelengths, or (b) using use specific set of bases. In efforts to develop a composite quantum secure global communication system; this dissertation also introduces the concept of multi-photon tolerant quantum threshold cryptography. The motivation for development of threshold cryptography is that a secret can be encrypted with multiple users and requires multiple users to decrypt. The quantum threshold cryptography is proposed by using idea of multiple bases. This can be considered as step forward towards multiparty quantum communication. This dissertation also proposed layered architecture for key distribution. Concisely, this dissertation proposes the techniques like multicasting in quantum scenario, quantum threshold cryptography to achieve the goal of secured global communication

Semi-Quantum Conference Key Agreement (SQCKA)

A need in the development of secure quantum communications is the scalable extension of key distribution protocols. The greatest advantage of these protocols is the fact that its security does not rely on mathematical assumptions and can achieve perfect secrecy. In order to make these protocols scalable, has been developed the concept of Conference Key Agreements, among multiple users. In this thesis we propose a key distribution protocol among several users using a semi-quantum approach. We assume that only one of the users is equipped with quantum devices and generates quantum states, while the other users are classical, i.e., they are only equipped with a device capable of measuring or reflecting the information. This approach has the advantage of simplicity and reduced costs. We prove our proposal is secure and we present some numerical results on the lower bounds for the key rate. The security proof applies new techniques derived from some already well established work. From the practical point of view, we developed a toolkit called Qis|krypt⟩ that is able to simulate not only our protocol but also some well-known quantum key distribution protocols. The source-code is available on the following link: - https://github.com/qiskrypt/qiskrypt/.Uma das necessidades no desenvolvimento de comunicações quânticas seguras é a extensão escalável de protocolos de distribuição de chaves. A grande vantagem destes protocolos é o facto da sua segurança não depender de suposições matemáticas e poder atingir segurança perfeita. Para tornar estes protocolos escaláveis, desenvolveu-se o conceito de Acordo de Chaves de Conferência, entre múltiplos utilizadores. Nesta tese propomos um protocolo para distribuição de chaves entre vários utilizadores usando uma abordagem semi-quântica. Assumimos que apenas um dos utilizadores está equipado com dispositivos quânticos e é capaz de gerar estados quânticos, enquanto que os outros utilizadores são clássicos, isto é, estão apenas equipados com dispositivos capazes de efectuar uma medição ou refletir a informação. Esta abordagem tem a vantagem de ser mais simples e de reduzir custos. Provamos que a nossa proposta é segura e apresentamos alguns resultados numéricos sobre limites inferiores para o rácio de geração de chaves. A prova de segurança aplica novas técnicas derivadas de alguns resultados já bem estabelecidos. Do ponto de vista prático, desenvolvemos uma ferramenta chamada Qis|krypt⟩ que é capaz de simular não só o nosso protocolo como também outros protocolos distribuição de chaves bem conhecidos. O código fonte encontra-se disponível no seguinte link: - https://github.com/qiskrypt/qiskrypt/

Analysis of BCNS and Newhope Key-exchange Protocols

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. Following increasing interest from both companies and government agencies in building quantum computers, a number of works have proposed instantiations of practical post-quantum key-exchange protocols based on hard problems in lattices, mainly based on the Ring Learning With Errors (R-LWE) problem. In this work we present an analysis of Ring-LWE based key-exchange mechanisms and compare two implementations of Ring-LWE based key-exchange protocol: BCNS and NewHope. This is important as NewHope protocol implementation outperforms state-of-the art elliptic curve based Diffie-Hellman key-exchange X25519, thus showing that using quantum safe key-exchange is not only a viable option but also a faster one. Specifically, this thesis compares different reconciliation methods, parameter choices, noise sampling algorithms and performance

Public-Key Cryptography through the Lens of Monoid Actions

We show that key exchange and two-party computation are exactly equivalent to monoid actions with certain structural and hardness properties. To the best of our knowledge, this is the first natural characterization of the mathematical structure inherent to any key exchange or two-party computation protocol, and the first explicit proof of the necessity of mathematical structure for public-key cryptography. We then utilize these characterizations to show a new black-box separation result, while also achieving a simpler and more general version of an existing black-box separation result. Concretely, we obtain the following results: - Two-Party Key Exchange. We show that that any two-party noninteractive key exchange protocol is equivalent to the existence of an abelian monoid equipped with a natural hardness property, namely (distributional) unpredictability. More generally, we show that any $k$-round (two-party) key exchange protocol is essentially equivalent to the existence of a (distributional) unpredictable monoid with certain commutator-like properties. We then use a generic version of this primitive to show a simpler and more general version of Rudich\u27s (Crypto \u2791) black-box separation of $k$-round and $(k+1)$-round key exchange. - Two-Party Computation. We show that any maliciously secure two-party computation protocol is also equivalent to a monoid action with commutator-like properties and certain hardness guarantees. We then use a generic version of this primitive to show a black-box separation between $k$-round semi-honest secure two-party computation and $(k+1)$-round maliciously secure two-party computation. This yields the first black-box separation (to our knowledge) between $k$-round and $(k+1)$-round maliciously secure two-party computation protocols. We believe that modeling cryptographic primitives as mathematical objects (and our approach of using such modeling for black-box separations) may have many other potential applications and uses in understanding what sort of assumptions and mathematical structure are necessary for certain cryptoprimitives

Private Set Operations from Multi-Query Reverse Private Membership Test

Private set operations allow two parties to perform secure computation on their private sets, including intersection, union and functions of intersection/union. In this paper, we put forth a framework to perform private set operations. The technical core of our framework is the multi-query reverse private membership test (mqRPMT) protocol (Zhang et al., USENIX Security 2023), in which a client with a vector $X = (x_1, \dots, x_n)$ interacts with a server holding a set $Y$, and eventually the server learns only a bit vector $(e_1, \dots, e_n)$ indicating whether $x_i \in Y$ without learning the value of $x_i$, while the client learns nothing. We present two constructions of mqRPMT from newly introduced cryptographic notions, one is based on commutative weak pseudorandom function (cwPRF), and the other is based on permuted oblivious pseudorandom function (pOPRF). Both cwPRF and pOPRF can be realized from the decisional Diffie-Hellman (DDH)-like assumptions in the random oracle model. We also introduce a slightly weaker version of mqRPMT dubbed mqRPMT$^*$, in which the client also learns the cardinality of $X \cap Y$. We show that mqRPMT$^*$ can be built from a category of multi-query private membership test (mqPMT) called Sigma-mqPMT, which in turn can be realized from DDH-like assumptions or oblivious polynomial evaluation. This makes the first step towards establishing the relation between mqPMT and mqRPMT. We demonstrate the practicality of our framework with implementations. By plugging our cwPRF-based mqRPMT into the framework, we obtain various PSO protocols that are superior or competitive to the state-of-the-art protocols. For intersection functionality, our protocol is faster than the most efficient one for small sets. For cardinality functionality, our protocol achieves a $2.4-10.5\times$ speedup and a $10.9-14.8\times$ shrink in communication cost. For cardinality-with-sum functionality, our protocol achieves a $28.5-76.3\times$ speedup and $7.4\times$ shrink in communication cost. For union functionality, our protocol is the first one that attains strict linear complexity, and requires the lowest concrete computation and communication costs in all settings, achieving a $2.7-17\times$ speedup and about $2\times$ shrink in communication cost. Specifically, for input sets of size $2^{20}$, our PSU protocol requires roughly 100 MB of communication and 16 seconds using 4 threads on a laptop in the LAN setting. Our improvement on PSU also translates to related functionality, yielding the most efficient private-ID protocol to date. Moreover, by plugging our FHE-based mqRPMT$^*$ to the general framework, we obtain a PSU$^*$ protocol (the sender additionally learns the intersection size) suitable for unbalanced setting, whose communication complexity is linear in the size of the smaller set and logarithmic in the larger set

Topology-Hiding Computation on all Graphs

A distributed computation in which nodes are connected by a partial communication graph is called topology-hiding if it does not reveal information about the graph beyond what is revealed by the output of the function. Previous results have shown that topology-hiding computation protocols exist for graphs of constant degree and logarithmic diameter in the number of nodes [Moran-Orlov-Richelson, TCC\u2715; Hirt \etal, Crypto\u2716] as well as for other graph families, such as cycles, trees, and low circumference graphs [Akavia-Moran, Eurocrypt\u2717], but the feasibility question for general graphs was open. In this work we positively resolve the above open problem: we prove that topology-hiding computation is feasible for all graphs under either the Decisional Diffie-Hellman or Quadratic-Residuosity assumption. Our techniques employ random-walks to generate paths covering the graph, upon which we apply the Akavia-Moran topology-hiding broadcast for chain-graphs (paths). To prevent topology information revealed by the random-walk, we design multiple random-walks that, together, are locally identical to receiving at each round a message from each neighbors and sending back processed messages in a randomly permuted order