6 research outputs found
On the Efficiency of Classical and Quantum Secure Function Evaluation
We provide bounds on the efficiency of secure one-sided output two-party
computation of arbitrary finite functions from trusted distributed randomness
in the statistical case. From these results we derive bounds on the efficiency
of protocols that use different variants of OT as a black-box. When applied to
implementations of OT, these bounds generalize most known results to the
statistical case. Our results hold in particular for transformations between a
finite number of primitives and for any error. In the second part we study the
efficiency of quantum protocols implementing OT. While most classical lower
bounds for perfectly secure reductions of OT to distributed randomness still
hold in the quantum setting, we present a statistically secure protocol that
violates these bounds by an arbitrarily large factor. We then prove a weaker
lower bound that does hold in the statistical quantum setting and implies that
even quantum protocols cannot extend OT. Finally, we present two lower bounds
for reductions of OT to commitments and a protocol based on string commitments
that is optimal with respect to both of these bounds
Secure certification of mixed quantum states with application to two-party randomness generation
We investigate sampling procedures that certify that an arbitrary quantum
state on subsystems is close to an ideal mixed state
for a given reference state , up to errors on a few positions. This
task makes no sense classically: it would correspond to certifying that a given
bitstring was generated according to some desired probability distribution.
However, in the quantum case, this is possible if one has access to a prover
who can supply a purification of the mixed state.
In this work, we introduce the concept of mixed-state certification, and we
show that a natural sampling protocol offers secure certification in the
presence of a possibly dishonest prover: if the verifier accepts then he can be
almost certain that the state in question has been correctly prepared, up to a
small number of errors.
We then apply this result to two-party quantum coin-tossing. Given that
strong coin tossing is impossible, it is natural to ask "how close can we get".
This question has been well studied and is nowadays well understood from the
perspective of the bias of individual coin tosses. We approach and answer this
question from a different---and somewhat orthogonal---perspective, where we do
not look at individual coin tosses but at the global entropy instead. We show
how two distrusting parties can produce a common high-entropy source, where the
entropy is an arbitrarily small fraction below the maximum (except with
negligible probability)
Converses for Secret Key Agreement and Secure Computing
We consider information theoretic secret key agreement and secure function
computation by multiple parties observing correlated data, with access to an
interactive public communication channel. Our main result is an upper bound on
the secret key length, which is derived using a reduction of binary hypothesis
testing to multiparty secret key agreement. Building on this basic result, we
derive new converses for multiparty secret key agreement. Furthermore, we
derive converse results for the oblivious transfer problem and the bit
commitment problem by relating them to secret key agreement. Finally, we derive
a necessary condition for the feasibility of secure computation by trusted
parties that seek to compute a function of their collective data, using an
interactive public communication that by itself does not give away the value of
the function. In many cases, we strengthen and improve upon previously known
converse bounds. Our results are single-shot and use only the given joint
distribution of the correlated observations. For the case when the correlated
observations consist of independent and identically distributed (in time)
sequences, we derive strong versions of previously known converses
Secure certification of mixed quantum states with application to two-party randomness generation
We investigate sampling procedures that certify that an arbitrary quantum state on n subsystems is close to an ideal mixed state ⊗ for a given reference state , up to errors on a few positions. This task makes no sense classically: it would correspond to certifying that a given bitstring was generated according to some desired probability distribution. However, in the quantum case, this is possible if one has access to a prover who can supply a purification of the mixed state.
In this work, we introduce the concept of mixed-state certification, and we show that a natural sampling protocol offers secure certification in the presence of a possibly dishonest prover: if the verifier accepts then he can be almost certain that the state in question has been correctly prepared, up to a small number of errors.
We then apply this result to two-party quantum coin-tossing. Given that strong coin tossing is impossible, it is natural to ask “how close can we get”. This question has been well studied and is nowadays well understood from the perspective of the bias of individual coin tosses. We approach and answer this question from a different—and somewhat orthogonal—perspective, where we do not look at individual coin tosses but at the global entropy instead. We show how two distrusting parties can produce a common high-entropy source, where the entropy is an arbitrarily small fraction below the maximum
Universal Hashing for Information Theoretic Security
The information theoretic approach to security entails harnessing the
correlated randomness available in nature to establish security. It uses tools
from information theory and coding and yields provable security, even against
an adversary with unbounded computational power. However, the feasibility of
this approach in practice depends on the development of efficiently
implementable schemes. In this article, we review a special class of practical
schemes for information theoretic security that are based on 2-universal hash
families. Specific cases of secret key agreement and wiretap coding are
considered, and general themes are identified. The scheme presented for wiretap
coding is modular and can be implemented easily by including an extra
pre-processing layer over the existing transmission codes.Comment: Corrected an error in the proof of Lemma