Small Pseudo-Random Families of Matrices: Derandomizing Approximate Quantum Encryption

A quantum encryption scheme (also called private quantum channel, or state randomization protocol) is a one-time pad for quantum messages. If two parties share a classical random string, one of them can transmit a quantum state to the other so that an eavesdropper gets little or no information about the state being transmitted. Perfect encryption schemes leak no information at all about the message. Approximate encryption schemes leak a non-zero (though small) amount of information but require a shorter shared random key. Approximate schemes with short keys have been shown to have a number of applications in quantum cryptography and information theory. This paper provides the first deterministic, polynomial-time constructions of quantum approximate encryption schemes with short keys. Previous constructions (quant-ph/0307104) are probabilistic--that is, they show that if the operators used for encryption are chosen at random, then with high probability the resulting protocol will be a secure encryption scheme. Moreover, the resulting protocol descriptions are exponentially long. Our protocols use keys of the same length as (or better length than) the probabilistic constructions; to encrypt $n$ qubits approximately, one needs $n+o(n)$ bits of shared key. An additional contribution of this paper is a connection between classical combinatorial derandomization and constructions of pseudo-random matrix families in a continuous space.Comment: 11 pages, no figures. In Proceedings of RANDOM 2004, Cambridge, MA, August 200

Ad Hoc Multi-Input Functional Encryption

Consider sources that supply sensitive data to an aggregator. Standard encryption only hides the data from eavesdroppers, but using specialized encryption one can hope to hide the data (to the extent possible) from the aggregator itself. For flexibility and security, we envision schemes that allow sources to supply encrypted data, such that at any point a dynamically-chosen subset of sources can allow an agreed-upon joint function of their data to be computed by the aggregator. A primitive called multi-input functional encryption (MIFE), due to Goldwasser et al. (EUROCRYPT 2014), comes close, but has two main limitations: - it requires trust in a third party, who is able to decrypt all the data, and - it requires function arity to be fixed at setup time and to be equal to the number of parties. To drop these limitations, we introduce a new notion of ad hoc MIFE. In our setting, each source generates its own public key and issues individual, function-specific secret keys to an aggregator. For successful decryption, an aggregator must obtain a separate key from each source whose ciphertext is being computed upon. The aggregator could obtain multiple such secret-keys from a user corresponding to functions of varying arity. For this primitive, we obtain the following results: - We show that standard MIFE for general functions can be bootstrapped to ad hoc MIFE for free, i.e. without making any additional assumption. - We provide a direct construction of ad hoc MIFE for the inner product functionality based on the Learning with Errors (LWE) assumption. This yields the first construction of this natural primitive based on a standard assumption. At a technical level, our results are obtained by combining standard MIFE schemes and two-round secure multiparty computation (MPC) protocols in novel ways highlighting an interesting interplay between MIFE and two-round MPC

Approximate Randomization of Quantum States With Fewer Bits of Key

Randomization of quantum states is the quantum analogue of the classical one-time pad. We present an improved, efficient construction of an approximately randomizing map that uses O(d/epsilon^2) Pauli operators to map any d-dimensional state to a state that is within trace distance epsilon of the completely mixed state. Our bound is a log d factor smaller than that of Hayden, Leung, Shor, and Winter (2004), and Ambainis and Smith (2004). Then, we show that a random sequence of essentially the same number of unitary operators, chosen from an appropriate set, with high probability form an approximately randomizing map for d-dimensional states. Finally, we discuss the optimality of these schemes via connections to different notions of pseudorandomness, and give a new lower bound for small epsilon.Comment: 18 pages, Quantum Computing Back Action, IIT Kanpur, March 2006, volume 864 of AIP Conference Proceedings, pages 18--36. Springer, New Yor

Multi-Client Functional Encryption with Repetition for Inner Product

Recently, Chotard et al. proposed a variant of functional encryption for Inner Product, where several parties can independently encrypt inputs, for a specific time-period or label, such that functional decryption keys exactly reveal the aggregations for the specific functions they are associated with. This was introduced as Multi-Client Functional Encryption (MCFE). In addition, they formalized a Decentralized version (DMCFE), where all the clients must agree and contribute to generate the functional decryption keys: there is no need of central authority anymore, and the key generation process is non-interactive between the clients. Eventually, they designed concrete constructions, for both the centralized and decentralized settings, for the inner-product function family. Unfortunately, there were a few limitations for practical use, in the security model: (1) the clients were assumed not to encrypt two messages under the same label. Then, nothing was known about the security when this restriction was not satisfied; (2) more dramatically, the adversary was assumed to ask for the ciphertexts coming from all the clients or none, for a given label. In case of partial ciphertexts, nothing was known about the security either. In this paper, our contributions are three-fold: we describe two conversions that enhance any MCFE or DMCFE for Inner Product secure in their security model to (1) handle repetitions under the same label and (2) deal with partial ciphertexts. In addition, these conversions can be applied sequentially in any order. The latter conversion exploits a new tool, which we call Secret Sharing Layer (SSL). Eventually, we propose a new efficient technique to generate the functional decryption keys in a decentralized way, in the case of Inner Product, solely relying on plain DDH, as opposed to prior work of Chotard et al. which relies on pairings. As a consequence, from the weak MCFE for Inner Product proposed by Chotard et al., one can obtain an efficient Decentralized MCFE for Inner Product that handles repetitions and partial ciphertexts. Keywords. Functional Encryption, Inner Product, Multi-Client, Decentralized