288 research outputs found
Multiparty Quantum Coin Flipping
We investigate coin-flipping protocols for multiple parties in a quantum
broadcast setting:
(1) We propose and motivate a definition for quantum broadcast. Our model of
quantum broadcast channel is new.
(2) We discovered that quantum broadcast is essentially a combination of
pairwise quantum channels and a classical broadcast channel. This is a somewhat
surprising conclusion, but helps us in both our lower and upper bounds.
(3) We provide tight upper and lower bounds on the optimal bias epsilon of a
coin which can be flipped by k parties of which exactly g parties are honest:
for any 1 <= g <= k, epsilon = 1/2 - Theta(g/k).
Thus, as long as a constant fraction of the players are honest, they can
prevent the coin from being fixed with at least a constant probability. This
result stands in sharp contrast with the classical setting, where no
non-trivial coin-flipping is possible when g <= k/2.Comment: v2: bounds now tight via new protocol; to appear at IEEE Conference
on Computational Complexity 200
Experimental quantum tossing of a single coin
The cryptographic protocol of coin tossing consists of two parties, Alice and
Bob, that do not trust each other, but want to generate a random bit. If the
parties use a classical communication channel and have unlimited computational
resources, one of them can always cheat perfectly. Here we analyze in detail
how the performance of a quantum coin tossing experiment should be compared to
classical protocols, taking into account the inevitable experimental
imperfections. We then report an all-optical fiber experiment in which a single
coin is tossed whose randomness is higher than achievable by any classical
protocol and present some easily realisable cheating strategies by Alice and
Bob.Comment: 13 page
Classical Cryptographic Protocols in a Quantum World
Cryptographic protocols, such as protocols for secure function evaluation
(SFE), have played a crucial role in the development of modern cryptography.
The extensive theory of these protocols, however, deals almost exclusively with
classical attackers. If we accept that quantum information processing is the
most realistic model of physically feasible computation, then we must ask: what
classical protocols remain secure against quantum attackers?
Our main contribution is showing the existence of classical two-party
protocols for the secure evaluation of any polynomial-time function under
reasonable computational assumptions (for example, it suffices that the
learning with errors problem be hard for quantum polynomial time). Our result
shows that the basic two-party feasibility picture from classical cryptography
remains unchanged in a quantum world.Comment: Full version of an old paper in Crypto'11. Invited to IJQI. This is
authors' copy with different formattin
Serial composition of quantum coin-flipping, and bounds on cheat detection for bit-commitment
Quantum protocols for coin-flipping can be composed in series in such a way
that a cheating party gains no extra advantage from using entanglement between
different rounds. This composition principle applies to coin-flipping protocols
with cheat sensitivity as well, and is used to derive two results: There are no
quantum strong coin-flipping protocols with cheat sensitivity that is linear in
the bias (or bit-commitment protocols with linear cheat detection) because
these can be composed to produce strong coin-flipping with arbitrarily small
bias. On the other hand, it appears that quadratic cheat detection cannot be
composed in series to obtain even weak coin-flipping with arbitrarily small
bias.Comment: 7 pages, REVTeX 4 (minor corrections in v2
Tight bounds for classical and quantum coin flipping
Coin flipping is a cryptographic primitive for which strictly better
protocols exist if the players are not only allowed to exchange classical, but
also quantum messages. During the past few years, several results have appeared
which give a tight bound on the range of implementable unconditionally secure
coin flips, both in the classical as well as in the quantum setting and for
both weak as well as strong coin flipping. But the picture is still incomplete:
in the quantum setting, all results consider only protocols with perfect
correctness, and in the classical setting tight bounds for strong coin flipping
are still missing. We give a general definition of coin flipping which unifies
the notion of strong and weak coin flipping (it contains both of them as
special cases) and allows the honest players to abort with a certain
probability. We give tight bounds on the achievable range of parameters both in
the classical and in the quantum setting.Comment: 18 pages, 2 figures; v2: published versio
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
- …