How to reuse a one-time pad and other notes on authentication, encryption and protection of quantum information

Quantum information is a valuable resource which can be encrypted in order to protect it. We consider the size of the one-time pad that is needed to protect quantum information in a number of cases. The situation is dramatically different from the classical case: we prove that one can recycle the one-time pad without compromising security. The protocol for recycling relies on detecting whether eavesdropping has occurred, and further relies on the fact that information contained in the encrypted quantum state cannot be fully accessed. We prove the security of recycling rates when authentication of quantum states is accepted, and when it is rejected. We note that recycling schemes respect a general law of cryptography which we prove relating the size of private keys, sent qubits, and encrypted messages. We discuss applications for encryption of quantum information in light of the resources needed for teleportation. Potential uses include the protection of resources such as entanglement and the memory of quantum computers. We also introduce another application: encrypted secret sharing and find that one can even reuse the private key that is used to encrypt a classical message. In a number of cases, one finds that the amount of private key needed for authentication or protection is smaller than in the general case.Comment: 13 pages, improved rate of recycling proved in the case of rejection of authenticatio

The quantum one-time pad in the presence of an eavesdropper

A classical one-time pad allows two parties to send private messages over a public classical channel -- an eavesdropper who intercepts the communication learns nothing about the message. A quantum one-time pad is a shared quantum state which allows two parties to send private messages or private quantum states over a public quantum channel. If the eavesdropper intercepts the quantum communication she learns nothing about the message. In the classical case, a one-time pad can be created using shared and partially private correlations. Here we consider the quantum case in the presence of an eavesdropper, and find the single letter formula for the rate at which the two parties can send messages using a quantum one-time pad

Distributed Relay Protocol for Probabilistic Information-Theoretic Security in a Randomly-Compromised Network

We introduce a simple, practical approach with probabilistic information-theoretic security to mitigate one of quantum key distribution's major limitations: the short maximum transmission distance (~200 km) possible with present day technology. Our scheme uses classical secret sharing techniques to allow secure transmission over long distances through a network containing randomly-distributed compromised nodes. The protocol provides arbitrarily high confidence in the security of the protocol, with modest scaling of resource costs with improvement of the security parameter. Although some types of failure are undetectable, users can take preemptive measures to make the probability of such failures arbitrarily small.Comment: 12 pages, 2 figures; added proof of verification sub-protocol, minor correction

Quantum non-malleability and authentication

In encryption, non-malleability is a highly desirable property: it ensures that adversaries cannot manipulate the plaintext by acting on the ciphertext. Ambainis, Bouda and Winter gave a definition of non-malleability for the encryption of quantum data. In this work, we show that this definition is too weak, as it allows adversaries to "inject" plaintexts of their choice into the ciphertext. We give a new definition of quantum non-malleability which resolves this problem. Our definition is expressed in terms of entropic quantities, considers stronger adversaries, and does not assume secrecy. Rather, we prove that quantum non-malleability implies secrecy; this is in stark contrast to the classical setting, where the two properties are completely independent. For unitary schemes, our notion of non-malleability is equivalent to encryption with a two-design (and hence also to the definition of Ambainis et al.). Our techniques also yield new results regarding the closely-related task of quantum authentication. We show that "total authentication" (a notion recently proposed by Garg, Yuen and Zhandry) can be satisfied with two-designs, a significant improvement over the eight-design construction of Garg et al. We also show that, under a mild adaptation of the rejection procedure, both total authentication and our notion of non-malleability yield quantum authentication as defined by Dupuis, Nielsen and Salvail.Comment: 20+13 pages, one figure. v2: published version plus extra material. v3: references added and update