385 research outputs found
Semantic Security and Indistinguishability in the Quantum World
At CRYPTO 2013, Boneh and Zhandry initiated the study of quantum-secure
encryption. They proposed first indistinguishability definitions for the
quantum world where the actual indistinguishability only holds for classical
messages, and they provide arguments why it might be hard to achieve a stronger
notion. In this work, we show that stronger notions are achievable, where the
indistinguishability holds for quantum superpositions of messages. We
investigate exhaustively the possibilities and subtle differences in defining
such a quantum indistinguishability notion for symmetric-key encryption
schemes. We justify our stronger definition by showing its equivalence to novel
quantum semantic-security notions that we introduce. Furthermore, we show that
our new security definitions cannot be achieved by a large class of ciphers --
those which are quasi-preserving the message length. On the other hand, we
provide a secure construction based on quantum-resistant pseudorandom
permutations; this construction can be used as a generic transformation for
turning a large class of encryption schemes into quantum indistinguishable and
hence quantum semantically secure ones. Moreover, our construction is the first
completely classical encryption scheme shown to be secure against an even
stronger notion of indistinguishability, which was previously known to be
achievable only by using quantum messages and arbitrary quantum encryption
circuits.Comment: 37 pages, 2 figure
Quantum Fully Homomorphic Encryption With Verification
Fully-homomorphic encryption (FHE) enables computation on encrypted data
while maintaining secrecy. Recent research has shown that such schemes exist
even for quantum computation. Given the numerous applications of classical FHE
(zero-knowledge proofs, secure two-party computation, obfuscation, etc.) it is
reasonable to hope that quantum FHE (or QFHE) will lead to many new results in
the quantum setting. However, a crucial ingredient in almost all applications
of FHE is circuit verification. Classically, verification is performed by
checking a transcript of the homomorphic computation. Quantumly, this strategy
is impossible due to no-cloning. This leads to an important open question: can
quantum computations be delegated and verified in a non-interactive manner? In
this work, we answer this question in the affirmative, by constructing a scheme
for QFHE with verification (vQFHE). Our scheme provides authenticated
encryption, and enables arbitrary polynomial-time quantum computations without
the need of interaction between client and server. Verification is almost
entirely classical; for computations that start and end with classical states,
it is completely classical. As a first application, we show how to construct
quantum one-time programs from classical one-time programs and vQFHE.Comment: 30 page
Block encryption of quantum messages
In modern cryptography, block encryption is a fundamental cryptographic
primitive. However, it is impossible for block encryption to achieve the same
security as one-time pad. Quantum mechanics has changed the modern
cryptography, and lots of researches have shown that quantum cryptography can
outperform the limitation of traditional cryptography.
This article proposes a new constructive mode for private quantum encryption,
named , which is a very simple method to construct quantum
encryption from classical primitive. Based on mode, we
construct a quantum block encryption (QBE) scheme from pseudorandom functions.
If the pseudorandom functions are standard secure, our scheme is
indistinguishable encryption under chosen plaintext attack. If the pseudorandom
functions are permutation on the key space, our scheme can achieve perfect
security. In our scheme, the key can be reused and the randomness cannot, so a
-bit key can be used in an exponential number of encryptions, where the
randomness will be refreshed in each time of encryption. Thus -bit key can
perfectly encrypt qubits, and the perfect secrecy would not be broken
if the -bit key is reused for only exponential times.
Comparing with quantum one-time pad (QOTP), our scheme can be the same secure
as QOTP, and the secret key can be reused (no matter whether the eavesdropping
exists or not). Thus, the limitation of perfectly secure encryption (Shannon's
theory) is broken in the quantum setting. Moreover, our scheme can be viewed as
a positive answer to the open problem in quantum cryptography "how to
unconditionally reuse or recycle the whole key of private-key quantum
encryption". In order to physically implement the QBE scheme, we only need to
implement two kinds of single-qubit gates (Pauli gate and Hadamard gate),
so it is within reach of current quantum technology.Comment: 13 pages, 1 figure. Prior version appears in
eprint.iacr.org(iacr/2017/1247). This version adds some analysis about
multiple-message encryption, and modifies lots of contents. There are no
changes about the fundamental result
Quantum entropic security and approximate quantum encryption
We present full generalisations of entropic security and entropic
indistinguishability to the quantum world where no assumption but a limit on
the knowledge of the adversary is made. This limit is quantified using the
quantum conditional min-entropy as introduced by Renato Renner. A proof of the
equivalence between the two security definitions is presented. We also provide
proofs of security for two different cyphers in this model and a proof for a
lower bound on the key length required by any such cypher. These cyphers
generalise existing schemes for approximate quantum encryption to the entropic
security model.Comment: Corrected mistakes in the proofs of Theorems 3 and 6; results
unchanged. To appear in IEEE Transactions on Information Theory
- …