6,509 research outputs found
Key recycling in authentication
In their seminal work on authentication, Wegman and Carter propose that to
authenticate multiple messages, it is sufficient to reuse the same hash
function as long as each tag is encrypted with a one-time pad. They argue that
because the one-time pad is perfectly hiding, the hash function used remains
completely unknown to the adversary.
Since their proof is not composable, we revisit it using a composable
security framework. It turns out that the above argument is insufficient: if
the adversary learns whether a corrupted message was accepted or rejected,
information about the hash function is leaked, and after a bounded finite
amount of rounds it is completely known. We show however that this leak is very
small: Wegman and Carter's protocol is still -secure, if
-almost strongly universal hash functions are used. This implies
that the secret key corresponding to the choice of hash function can be reused
in the next round of authentication without any additional error than this
.
We also show that if the players have a mild form of synchronization, namely
that the receiver knows when a message should be received, the key can be
recycled for any arbitrary task, not only new rounds of authentication.Comment: 17+3 pages. 11 figures. v3: Rewritten with AC instead of UC. Extended
the main result to both synchronous and asynchronous networks. Matches
published version up to layout and updated references. v2: updated
introduction and reference
Key recycling in authentication
In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a one-time pad. They argue that because the one-time pad is perfectly hiding, the hash function used remains completely unknown to the adversary.
Since their proof is not composable, we revisit it using a universally composable framework. It turns out that the above argument is insufficient: information about the hash function is in fact leaked in every round to the adversary, and after a bounded finite amount of rounds it is completely known. We show however that this leak is very small, and Wegman and Carter\u27s protocol is still -secure, if -almost strongly universal hash functions are used. This implies that the secret key corresponding to the choice of hash function can be recycled for any task without any additional error than this .
We illustrate this by applying it to quantum key distribution (QKD): if the same hash function is recycled to authenticate the classical communication in every round of a QKD protocol, and used times per round, the total error after rounds is upper bounded by , where is the error of one round of QKD given an authentic channel
How to reuse a one-time pad and other notes on authentication, encryption and protection of quantum information
Quantum information is a valuable resource which can be encrypted in order to
protect it. We consider the size of the one-time pad that is needed to protect
quantum information in a number of cases. The situation is dramatically
different from the classical case: we prove that one can recycle the one-time
pad without compromising security. The protocol for recycling relies on
detecting whether eavesdropping has occurred, and further relies on the fact
that information contained in the encrypted quantum state cannot be fully
accessed. We prove the security of recycling rates when authentication of
quantum states is accepted, and when it is rejected. We note that recycling
schemes respect a general law of cryptography which we prove relating the size
of private keys, sent qubits, and encrypted messages. We discuss applications
for encryption of quantum information in light of the resources needed for
teleportation. Potential uses include the protection of resources such as
entanglement and the memory of quantum computers. We also introduce another
application: encrypted secret sharing and find that one can even reuse the
private key that is used to encrypt a classical message. In a number of cases,
one finds that the amount of private key needed for authentication or
protection is smaller than in the general case.Comment: 13 pages, improved rate of recycling proved in the case of rejection
of authenticatio
Quantum authentication with key recycling
We show that a family of quantum authentication protocols introduced in
[Barnum et al., FOCS 2002] can be used to construct a secure quantum channel
and additionally recycle all of the secret key if the message is successfully
authenticated, and recycle part of the key if tampering is detected. We give a
full security proof that constructs the secure channel given only insecure
noisy channels and a shared secret key. We also prove that the number of
recycled key bits is optimal for this family of protocols, i.e., there exists
an adversarial strategy to obtain all non-recycled bits. Previous works
recycled less key and only gave partial security proofs, since they did not
consider all possible distinguishers (environments) that may be used to
distinguish the real setting from the ideal secure quantum channel and secret
key resource.Comment: 38+17 pages, 13 figures. v2: constructed ideal secure channel and
secret key resource have been slightly redefined; also added a proof in the
appendix for quantum authentication without key recycling that has better
parameters and only requires weak purity testing code
Block encryption of quantum messages
In modern cryptography, block encryption is a fundamental cryptographic
primitive. However, it is impossible for block encryption to achieve the same
security as one-time pad. Quantum mechanics has changed the modern
cryptography, and lots of researches have shown that quantum cryptography can
outperform the limitation of traditional cryptography.
This article proposes a new constructive mode for private quantum encryption,
named , which is a very simple method to construct quantum
encryption from classical primitive. Based on mode, we
construct a quantum block encryption (QBE) scheme from pseudorandom functions.
If the pseudorandom functions are standard secure, our scheme is
indistinguishable encryption under chosen plaintext attack. If the pseudorandom
functions are permutation on the key space, our scheme can achieve perfect
security. In our scheme, the key can be reused and the randomness cannot, so a
-bit key can be used in an exponential number of encryptions, where the
randomness will be refreshed in each time of encryption. Thus -bit key can
perfectly encrypt qubits, and the perfect secrecy would not be broken
if the -bit key is reused for only exponential times.
Comparing with quantum one-time pad (QOTP), our scheme can be the same secure
as QOTP, and the secret key can be reused (no matter whether the eavesdropping
exists or not). Thus, the limitation of perfectly secure encryption (Shannon's
theory) is broken in the quantum setting. Moreover, our scheme can be viewed as
a positive answer to the open problem in quantum cryptography "how to
unconditionally reuse or recycle the whole key of private-key quantum
encryption". In order to physically implement the QBE scheme, we only need to
implement two kinds of single-qubit gates (Pauli gate and Hadamard gate),
so it is within reach of current quantum technology.Comment: 13 pages, 1 figure. Prior version appears in
eprint.iacr.org(iacr/2017/1247). This version adds some analysis about
multiple-message encryption, and modifies lots of contents. There are no
changes about the fundamental result
Unforgeable Quantum Encryption
We study the problem of encrypting and authenticating quantum data in the
presence of adversaries making adaptive chosen plaintext and chosen ciphertext
queries. Classically, security games use string copying and comparison to
detect adversarial cheating in such scenarios. Quantumly, this approach would
violate no-cloning. We develop new techniques to overcome this problem: we use
entanglement to detect cheating, and rely on recent results for characterizing
quantum encryption schemes. We give definitions for (i.) ciphertext
unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext
attack, and (iii.) authenticated encryption. The restriction of each definition
to the classical setting is at least as strong as the corresponding classical
notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All
of our new notions also imply QIND-CPA privacy. Combining one-time
authentication and classical pseudorandomness, we construct schemes for each of
these new quantum security notions, and provide several separation examples.
Along the way, we also give a new definition of one-time quantum authentication
which, unlike all previous approaches, authenticates ciphertexts rather than
plaintexts.Comment: 22+2 pages, 1 figure. v3: error in the definition of QIND-CCA2 fixed,
some proofs related to QIND-CCA2 clarifie
Enhancing pharmaceutical packaging through a technology ecosystem to facilitate the reuse of medicines and reduce medicinal waste
The idea of reusing dispensed medicines is appealing to the general public provided its benefits are illustrated, its risks minimized, and the logistics resolved. For example, medicine reuse could help reduce medicinal waste, protect the environment and improve public health. However, the associated technologies and legislation facilitating medicine reuse are generally not available. The availability of suitable technologies could arguably help shape stakeholdersā beliefs and in turn, uptake of a future medicine reuse scheme by tackling the risks and facilitating the practicalities. A literature survey is undertaken to lay down the groundwork for implementing technologies on and around pharmaceutical packaging in order to meet stakeholdersā previously expressed misgivings about medicine reuse (āstakeholder requirementsā), and propose a novel ecosystem for, in effect, reusing returned medicines. Methods: A structured literature search examining the application of existing technologies on pharmaceutical packaging to enable medicine reuse was conducted and presented as a narrative review. Results: Reviewed technologies are classified according to different stakeholdersā requirements, and a novel ecosystem from a technology perspective is suggested as a solution to reusing medicines. Conclusion: Active sensing technologies applying to pharmaceutical packaging using printed electronics enlist medicines to be part of the Internet of Things network. Validating the quality and safety of returned medicines through this network seems to be the most effective way for reusing medicines and the correct application of technologies may be the key enabler
Quantum authentication of classical messages
Although key distribution is arguably the most studied context on which to
apply quantum cryptographic techniques, message authentication, i.e.,
certifying the identity of the message originator and the integrity of the
message sent, can also benefit from the use of quantum resources. Classically,
message authentication can be performed by techniques based on hash functions.
However, the security of the resulting protocols depends on the selection of
appropriate hash functions, and on the use of long authentication keys. In this
paper we propose a quantum authentication procedure that, making use of just
one qubit as the authentication key, allows the authentication of binary
classical messages in a secure manner.Comment: LaTeX, 6 page
- ā¦