8,629 research outputs found
Quantum authentication of classical messages
Although key distribution is arguably the most studied context on which to
apply quantum cryptographic techniques, message authentication, i.e.,
certifying the identity of the message originator and the integrity of the
message sent, can also benefit from the use of quantum resources. Classically,
message authentication can be performed by techniques based on hash functions.
However, the security of the resulting protocols depends on the selection of
appropriate hash functions, and on the use of long authentication keys. In this
paper we propose a quantum authentication procedure that, making use of just
one qubit as the authentication key, allows the authentication of binary
classical messages in a secure manner.Comment: LaTeX, 6 page
New security notions and feasibility results for authentication of quantum data
We give a new class of security definitions for authentication in the quantum
setting. These definitions capture and strengthen existing definitions of
security against quantum adversaries for both classical message authentication
codes (MACs) and well as full quantum state authentication schemes. The main
feature of our definitions is that they precisely characterize the effective
behavior of any adversary when the authentication protocol accepts, including
correlations with the key. Our definitions readily yield a host of desirable
properties and interesting consequences; for example, our security definition
for full quantum state authentication implies that the entire secret key can be
re-used if the authentication protocol succeeds.
Next, we present several protocols satisfying our security definitions. We
show that the classical Wegman-Carter authentication scheme with 3-universal
hashing is secure against superposition attacks, as well as adversaries with
quantum side information. We then present conceptually simple constructions of
full quantum state authentication.
Finally, we prove a lifting theorem which shows that, as long as a protocol
can securely authenticate the maximally entangled state, it can securely
authenticate any state, even those that are entangled with the adversary. Thus,
this shows that protocols satisfying a fairly weak form of authentication
security automatically satisfy a stronger notion of security (in particular,
the definition of Dupuis, et al (2012)).Comment: 50 pages, QCrypt 2016 - 6th International Conference on Quantum
Cryptography, added a new lifting theorem that shows equivalence between a
weak form of authentication security and a stronger notion that considers
side informatio
Attacks on quantum key distribution protocols that employ non-ITS authentication
We demonstrate how adversaries with unbounded computing resources can break
Quantum Key Distribution (QKD) protocols which employ a particular message
authentication code suggested previously. This authentication code, featuring
low key consumption, is not Information-Theoretically Secure (ITS) since for
each message the eavesdropper has intercepted she is able to send a different
message from a set of messages that she can calculate by finding collisions of
a cryptographic hash function. However, when this authentication code was
introduced it was shown to prevent straightforward Man-In-The-Middle (MITM)
attacks against QKD protocols.
In this paper, we prove that the set of messages that collide with any given
message under this authentication code contains with high probability a message
that has small Hamming distance to any other given message. Based on this fact
we present extended MITM attacks against different versions of BB84 QKD
protocols using the addressed authentication code; for three protocols we
describe every single action taken by the adversary. For all protocols the
adversary can obtain complete knowledge of the key, and for most protocols her
success probability in doing so approaches unity.
Since the attacks work against all authentication methods which allow to
calculate colliding messages, the underlying building blocks of the presented
attacks expose the potential pitfalls arising as a consequence of non-ITS
authentication in QKD-postprocessing. We propose countermeasures, increasing
the eavesdroppers demand for computational power, and also prove necessary and
sufficient conditions for upgrading the discussed authentication code to the
ITS level.Comment: 34 page
Symbolic Abstractions for Quantum Protocol Verification
Quantum protocols such as the BB84 Quantum Key Distribution protocol exchange
qubits to achieve information-theoretic security guarantees. Many variants
thereof were proposed, some of them being already deployed. Existing security
proofs in that field are mostly tedious, error-prone pen-and-paper proofs of
the core protocol only that rarely account for other crucial components such as
authentication. This calls for formal and automated verification techniques
that exhaustively explore all possible intruder behaviors and that scale well.
The symbolic approach offers rigorous, mathematical frameworks and automated
tools to analyze security protocols. Based on well-designed abstractions, it
has allowed for large-scale formal analyses of real-life protocols such as TLS
1.3 and mobile telephony protocols. Hence a natural question is: Can we use
this successful line of work to analyze quantum protocols? This paper proposes
a first positive answer and motivates further research on this unexplored path
- …