Secure Anonymous Conferencing in Quantum Networks

Users of quantum networks can securely communicate via so-called (quantum) conference key agreement—making their identities publicly known. In certain circumstances, however, communicating users demand anonymity. Here, we introduce a security framework for anonymous conference key agreement with different levels of anonymity, which is inspired by the ε-security of quantum key distribution. We present efficient and noise-tolerant protocols exploiting multipartite Greenberger-Horne-Zeilinger (GHZ) states and prove their security in the finite-key regime. We analyze the performance of our protocols in noisy and lossy quantum networks and compare with protocols that only use bipartite entanglement to achieve the same functionalities. Our simulations show that GHZ-based protocols can outperform protocols based on bipartite entanglement and that the advantage increases for protocols with stronger anonymity requirements. Our results strongly advocate the use of multipartite entanglement for cryptographic tasks involving several users

Secure Anonymous Conferencing in Quantum Networks

Users of quantum networks can securely communicate via so-called (quantum) conference key agreement—making their identities publicly known. In certain circumstances, however, communicating users demand anonymity. Here, we introduce a security framework for anonymous conference key agreement with different levels of anonymity, which is inspired by the ε-security of quantum key distribution. We present efficient and noise-tolerant protocols exploiting multipartite Greenberger-Horne-Zeilinger (GHZ) states and prove their security in the finite-key regime. We analyze the performance of our protocols in noisy and lossy quantum networks and compare with protocols that only use bipartite entanglement to achieve the same functionalities. Our simulations show that GHZ-based protocols can outperform protocols based on bipartite entanglement and that the advantage increases for protocols with stronger anonymity requirements. Our results strongly advocate the use of multipartite entanglement for cryptographic tasks involving several users

Fundamental Limits on the Capacities of Bipartite Quantum Interactions

Bipartite quantum interactions have applications in a number of different areas of quantum physics, reaching from fundamental areas such as quantum thermodynamics and the theory of quantum measurements to other applications such as quantum computers, quantum key distribution, and other information processing protocols. A particular aspect of the study of bipartite interactions is concerned with the entanglement that can be created from such interactions. In this Letter, we present our work on two basic building blocks of bipartite quantum protocols, namely, the generation of maximally entangled states and secret key via bipartite quantum interactions. In particular, we provide a nontrivial, efficiently computable upper bound on the positive-partial-transpose-assisted quantum capacity of a bipartite quantum interaction. In addition, we provide an upper bound on the secret-key-agreement capacity of a bipartite quantum interaction assisted by local operations and classical communication. As an application, we introduce a cryptographic protocol for the readout of a digital memory device that is secure against a passive eavesdropper

Limitations on device independent secure key via squashed non-locality

We initiate a systematic study to provide upper bounds on device-independent key, secure against a non-signaling adversary (NSDI), distilled by a wide class of operations, currently used in both quantum and non-signaling device-independent protocols. These operations consist of a direct measurements on the devices followed by Local Operations and Public Communication (MDLOPC). We employ the idea of "squashing" on the secrecy monotones, which provide upper bounds on the key rate in secret key agreement (SKA) scenario, and show that squashed secrecy monotones are the upper bounds on NSDI key. As an important instance, an upper bound on NSDI key rate called "squashed non-locality", has been constructed. It exhibits several important properties, including convexity, monotonicity, additivity on tensor products, and asymptotic continuity. Using this bound, we identify numerically a domain of two binary inputs and two binary outputs non-local devices for which the squashed non-locality is zero, and therefore one can not distil key from them via MDLOPC operations. These are mixtures of Popescu-Rohrlich (PR) and anti-PR box with the weight of PR box less than $80\%$. This example confirms the intuition that non-locality need not imply secrecy in the non-signaling scenario. The approach is general, describing how to construct other tighter yet possibly less computable upper bounds. Our technique for obtaining upper bounds is based on the non-signaling analog of quantum purification: the complete extension, which yields equivalent security conditions as previously known in the literature.Comment: 12 pages and 2 figures + supplemental materia

An Operational Characterization of Mutual Information in Algorithmic Information Theory

We show that the mutual information, in the sense of Kolmogorov complexity, of any pair of strings x and y is equal, up to logarithmic precision, to the length of the longest shared secret key that two parties, one having x and the complexity profile of the pair and the other one having y and the complexity profile of the pair, can establish via a probabilistic protocol with interaction on a public channel. For l > 2, the longest shared secret that can be established from a tuple of strings (x_1, . . .x_l) by l parties, each one having one component of the tuple and the complexity profile of the tuple, is equal, up to logarithmic precision, to the complexity of the tuple minus the minimum communication necessary for distributing the tuple to all parties. We establish the communication complexity of secret key agreement protocols that produce a secret key of maximal length, for protocols with public randomness. We also show that if the communication complexity drops below the established threshold then only very short secret keys can be obtained

Fundamental limits on the capacities of bipartite quantum interactions

Bipartite quantum interactions have applications in a number of different areas of quantum physics, reaching from fundamental areas such as quantum thermodynamics and the theory of quantum measurements to other applications such as quantum computers, quantum key distribution, and other information processing protocols. A particular aspect of the study of bipartite interactions is concerned with the entanglement that can be created from such interactions. In this Letter, we present our work on two basic building blocks of bipartite quantum protocols, namely, the generation of maximally entangled states and secret key via bipartite quantum interactions. In particular, we provide a nontrivial, efficiently computable upper bound on the positive-partial-transpose-assisted quantum capacity of a bipartite quantum interaction. In addition, we provide an upper bound on the secret-key-agreement capacity of a bipartite quantum interaction assisted by local operations and classical communication. As an application, we introduce a cryptographic protocol for the readout of a digital memory device that is secure against a passive eavesdropper.Comment: see companion paper at arXiv:1712.0082

Secrecy-Oriented First-Order Logical Analysis of Cryptographic Protocols

We present a computationally sound first-order system for security analysis of protocols that places secrecy of nonces and keys in its center. Even trace properties such as agreement and authentication are proven via proving a non-trace property, namely, secrecy first. This results a very powerful system, the working of which we illustrate on the agreement and authenti- cation proofs for the Needham-Schroeder-Lowe public-key and the amended Needham-Schroeder shared-key protocols in case of unlimited sessions. Unlike other available formal verification techniques, computational soundness of our approach does not require any idealizations about parsing of bitstrings or unnecessary tagging. In particular, we have total control over detecting or eliminating the possibility of type-flaw attacks