7 research outputs found
On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-way Quantum Transmission
We consider the scenario where Alice wants to send a secret (classical)
-bit message to Bob using a classical key, and where only one-way
transmission from Alice to Bob is possible. In this case, quantum communication
cannot help to obtain perfect secrecy with key length smaller then . We
study the question of whether there might still be fundamental differences
between the case where quantum as opposed to classical communication is used.
In this direction, we show that there exist ciphers with perfect security
producing quantum ciphertext where, even if an adversary knows the plaintext
and applies an optimal measurement on the ciphertext, his Shannon uncertainty
about the key used is almost maximal. This is in contrast to the classical case
where the adversary always learns bits of information on the key in a known
plaintext attack. We also show that there is a limit to how different the
classical and quantum cases can be: the most probable key, given matching
plain- and ciphertexts, has the same probability in both the quantum and the
classical cases. We suggest an application of our results in the case where
only a short secret key is available and the message is much longer.Comment: 19 pages, 2 figures. This is a revised version of an earlier version
that appeared in the proc. of Eucrocrypt'04:LNCS3027, 200
Brief History of Quantum Cryptography: A Personal Perspective
Quantum cryptography is the only approach to privacy ever proposed that
allows two parties (who do not share a long secret key ahead of time) to
communicate with provably perfect secrecy under the nose of an eavesdropper
endowed with unlimited computational power and whose technology is limited by
nothing but the fundamental laws of nature. This essay provides a personal
historical perspective on the field. For the sake of liveliness, the style is
purposely that of a spontaneous after-dinner speech.Comment: 14 pages, no figure
From Low-Distortion Norm Embeddings to Explicit Uncertainty Relations and Efficient Information Locking
The existence of quantum uncertainty relations is the essential reason that
some classically impossible cryptographic primitives become possible when
quantum communication is allowed. One direct operational manifestation of these
uncertainty relations is a purely quantum effect referred to as information
locking. A locking scheme can be viewed as a cryptographic protocol in which a
uniformly random n-bit message is encoded in a quantum system using a classical
key of size much smaller than n. Without the key, no measurement of this
quantum state can extract more than a negligible amount of information about
the message, in which case the message is said to be "locked". Furthermore,
knowing the key, it is possible to recover, that is "unlock", the message. In
this paper, we make the following contributions by exploiting a connection
between uncertainty relations and low-distortion embeddings of L2 into L1. We
introduce the notion of metric uncertainty relations and connect it to
low-distortion embeddings of L2 into L1. A metric uncertainty relation also
implies an entropic uncertainty relation. We prove that random bases satisfy
uncertainty relations with a stronger definition and better parameters than
previously known. Our proof is also considerably simpler than earlier proofs.
We apply this result to show the existence of locking schemes with key size
independent of the message length. We give efficient constructions of metric
uncertainty relations. The bases defining these metric uncertainty relations
are computable by quantum circuits of almost linear size. This leads to the
first explicit construction of a strong information locking scheme. Moreover,
we present a locking scheme that is close to being implementable with current
technology. We apply our metric uncertainty relations to exhibit communication
protocols that perform quantum equality testing.Comment: 60 pages, 5 figures. v4: published versio
On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-Way Quantum Transmission
Abstract. We consider the scenario where Alice wants to send a secret (classical) n-bit message to Bob using a classical key, and where only one-way transmission from Alice to Bob is possible. In this case, quantum communication cannot help to obtain perfect secrecy with key length smaller then n. We study the question of whether there might still be fundamental differences between the case where quantum as opposed to classical communication is used. In this direction, we show that there exist ciphers with perfect security producing quantum ciphertext where, even if an adversary knows the plaintext and applies an optimal measurement on the ciphertext, his Shannon uncertainty about the key used is almost maximal. This is in contrast to the classical case where the adversary always learns n bits of information on the key in a known plaintext attack. We also show that there is a limit to how different the classical and quantum cases can be: the most probable key, given matching plain- and ciphertexts, has the same probability in both the quantum and the classical cases. We suggest an application of our results in the case where only a short secret key is available and the message is much longer. Namely, one can use a pseudorandom generator to produce from the short key a stream of keys for a quantum cipher, using each of them to encrypt an n-bit block of the message. Our results suggest that an adversary with bounded resources in a known plaintext attack may potentially be in a much harder situation against quantum stream-ciphers than against any classical stream-cipher with the same parameters.
On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-way Quantum Transmission
1 Introduction In this paper, we consider the scenario where Alice wants to send a secret (clas-sical) n-bit message to Bob using an m-bit classical shared key, and where onlyone-way transmission from Alice to Bob is possible (or at least where interactio
Uncertainty relations for multiple measurements with applications
Uncertainty relations express the fundamental incompatibility of certain
observables in quantum mechanics. Far from just being puzzling constraints on
our ability to know the state of a quantum system, uncertainty relations are at
the heart of why some classically impossible cryptographic primitives become
possible when quantum communication is allowed. This thesis is concerned with
strong notions of uncertainty relations and their applications in quantum
information theory.
One operational manifestation of such uncertainty relations is a purely
quantum effect referred to as information locking. A locking scheme can be
viewed as a cryptographic protocol in which a uniformly random n-bit message is
encoded in a quantum system using a classical key of size much smaller than n.
Without the key, no measurement of this quantum state can extract more than a
negligible amount of information about the message, in which case the message
is said to be "locked". Furthermore, knowing the key, it is possible to
recover, that is "unlock", the message. We give new efficient constructions of
bases satisfying strong uncertainty relations leading to the first explicit
construction of an information locking scheme. We also give several other
applications of our uncertainty relations both to cryptographic and
communication tasks.
In addition, we define objects called QC-extractors, that can be seen as
strong uncertainty relations that hold against quantum adversaries. We provide
several constructions of QC-extractors, and use them to prove the security of
cryptographic protocols for two-party computations based on the sole assumption
that the parties' storage device is limited in transmitting quantum
information. In doing so, we resolve a central question in the so-called
noisy-storage model by relating security to the quantum capacity of storage
devices.Comment: PhD Thesis, McGill University, School of Computer Science, 158 pages.
Contains arXiv:1010.3007 and arXiv:1111.2026 with some small addition