106 research outputs found
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
Quantum Cryptography Based Solely on Bell's Theorem
Information-theoretic key agreement is impossible to achieve from scratch and
must be based on some - ultimately physical - premise. In 2005, Barrett, Hardy,
and Kent showed that unconditional security can be obtained in principle based
on the impossibility of faster-than-light signaling; however, their protocol is
inefficient and cannot tolerate any noise. While their key-distribution scheme
uses quantum entanglement, its security only relies on the impossibility of
superluminal signaling, rather than the correctness and completeness of quantum
theory. In particular, the resulting security is device independent. Here we
introduce a new protocol which is efficient in terms of both classical and
quantum communication, and that can tolerate noise in the quantum channel. We
prove that it offers device-independent security under the sole assumption that
certain non-signaling conditions are satisfied. Our main insight is that the
XOR of a number of bits that are partially secret according to the
non-signaling conditions turns out to be highly secret. Note that similar
statements have been well-known in classical contexts. Earlier results had
indicated that amplification of such non-signaling-based privacy is impossible
to achieve if the non-signaling condition only holds between events on Alice's
and Bob's sides. Here, we show that the situation changes completely if such a
separation is given within each of the laboratories.Comment: 32 pages, v2: changed introduction, added reference
Extended Generalized Feistel Networks using Matrix Representation
International audienceWhile Generalized Feistel Networks have been widely studied in the literature as a building block of a block cipher, we propose in this paper a unified vision to easily represent them through a matrix representation. We then propose a new class of such schemes called Extended Generalized Feistel Networks well suited for cryptographic applications. We instantiate those proposals into two particular constructions and we finally analyze their security
A Closer Look at HMAC
Bellare, Canetti and Krawczyk~\cite{FOCS:BelCanKra96} show that cascading an \eps-secure (fixed input length) PRF gives an O(\eps n q)-secure (variable input length) PRF when making at most prefix-free queries of length blocks. We observe that this translates to the same bound for NMAC (which is the cascade without the prefix-free requirement but an additional application of the PRF at the end), and give a matching attack, showing this bound is tight. This contradicts the O(\eps n) bound claimed by Koblitz and Menezes~\cite{KobMen12}
Composable security of delegated quantum computation
Delegating difficult computations to remote large computation facilities,
with appropriate security guarantees, is a possible solution for the
ever-growing needs of personal computing power. For delegated computation
protocols to be usable in a larger context---or simply to securely run two
protocols in parallel---the security definitions need to be composable. Here,
we define composable security for delegated quantum computation. We distinguish
between protocols which provide only blindness---the computation is hidden from
the server---and those that are also verifiable---the client can check that it
has received the correct result. We show that the composable security
definition capturing both these notions can be reduced to a combination of
several distinct "trace-distance-type" criteria---which are, individually,
non-composable security definitions.
Additionally, we study the security of some known delegated quantum
computation protocols, including Broadbent, Fitzsimons and Kashefi's Universal
Blind Quantum Computation protocol. Even though these protocols were originally
proposed with insufficient security criteria, they turn out to still be secure
given the stronger composable definitions.Comment: 37+9 pages, 13 figures. v3: minor changes, new references. v2:
extended the reduction between composable and local security to include
entangled inputs, substantially rewritten the introduction to the Abstract
Cryptography (AC) framewor
Causal Boxes: Quantum Information-Processing Systems Closed under Composition
Complex information-processing systems, for example quantum circuits,
cryptographic protocols, or multi-player games, are naturally described as
networks composed of more basic information-processing systems. A modular
analysis of such systems requires a mathematical model of systems that is
closed under composition, i.e., a network of these objects is again an object
of the same type. We propose such a model and call the corresponding systems
causal boxes.
Causal boxes capture superpositions of causal structures, e.g., messages sent
by a causal box A can be in a superposition of different orders or in a
superposition of being sent to box B and box C. Furthermore, causal boxes can
model systems whose behavior depends on time. By instantiating the Abstract
Cryptography framework with causal boxes, we obtain the first composable
security framework that can handle arbitrary quantum protocols and relativistic
protocols.Comment: 44+24 pages, 16 figures. v3: minor edits based on referee comments,
matches published version up to layout. v2: definition of causality weakened,
new reference
- …