On the power of two-party quantum cryptography

We study quantum protocols among two distrustful parties. Under the sole assumption of correctness - guaranteeing that honest players obtain their correct outcomes - we show that every protocol implementing a non-trivial primitive necessarily leaks information to a dishonest player. This extends known impossibility results to all non-trivial primitives. We provide a framework for quantifying this leakage and argue that leakage is a good measure for the privacy provided to the players by a given protocol. Our framework also covers the case where the two players are helped by a trusted third party. We show that despite the help of a trusted third party, the players cannot amplify the cryptographic power of any primitive. All our results hold even against quantum honest-but-curious adversaries who honestly follow the protocol but purify their actions and apply a different measurement at the end of the protocol. As concrete examples, we establish lower bounds on the leakage of standard universal two-party primitives such as oblivious transfer

Brief History of Quantum Cryptography: A Personal Perspective

Quantum cryptography is the only approach to privacy ever proposed that allows two parties (who do not share a long secret key ahead of time) to communicate with provably perfect secrecy under the nose of an eavesdropper endowed with unlimited computational power and whose technology is limited by nothing but the fundamental laws of nature. This essay provides a personal historical perspective on the field. For the sake of liveliness, the style is purposely that of a spontaneous after-dinner speech.Comment: 14 pages, no figure

Quantum Cryptography Beyond Quantum Key Distribution

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries---including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference

Insecurity of Quantum Secure Computations

It had been widely claimed that quantum mechanics can protect private information during public decision in for example the so-called two-party secure computation. If this were the case, quantum smart-cards could prevent fake teller machines from learning the PIN (Personal Identification Number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all ``one-sided'' two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any ``two-sided'' two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.Comment: The discussion on the insecurity of even non-ideal protocols has been greatly extended. Other technical points are also clarified. Version accepted for publication in Phys. Rev.

The relationship between two flavors of oblivious transfer at the quantum level

Though all-or-nothing oblivious transfer and one-out-of-two oblivious transfer are equivalent in classical cryptography, we here show that due to the nature of quantum cryptography, a protocol built upon secure quantum all-or-nothing oblivious transfer cannot satisfy the rigorous definition of quantum one-out-of-two oblivious transfer.Comment: 4 pages, no figur

Analysis of the Security of BB84 by Model Checking

Quantum Cryptography or Quantum key distribution (QKD) is a technique that allows the secure distribution of a bit string, used as key in cryptographic protocols. When it was noted that quantum computers could break public key cryptosystems based on number theory extensive studies have been undertaken on QKD. Based on quantum mechanics, QKD offers unconditionally secure communication. Now, the progress of research in this field allows the anticipation of QKD to be available outside of laboratories within the next few years. Efforts are made to improve the performance and reliability of the implemented technologies. But several challenges remain despite this big progress. The task of how to test the apparatuses of QKD For example did not yet receive enough attention. These devises become complex and demand a big verification effort. In this paper we are interested in an approach based on the technique of probabilistic model checking for studying quantum information. Precisely, we use the PRISM tool to analyze the security of BB84 protocol and we are focused on the specific security property of eavesdropping detection. We show that this property is affected by the parameters of quantum channel and the power of eavesdropper.Comment: 12 Pages, IJNS

Continuous variable controlled quantum dialogue and secure multiparty quantum computation

A continuous variable controlled quantum dialogue scheme is proposed. The scheme is further modified to obtain two other protocols of continuous variable secure multiparty computation. The first one of these protocols provides a solution of two party socialist millionaire problem, while the second protocol provides a solution for a special type of multi-party socialist millionaire problem which can be viewed as a protocol for multiparty quantum private comparison. It is shown that the proposed scheme of continuous variable controlled quantum dialogue can be performed using bipartite entanglement and can be reduced to obtain several other two and three party cryptographic schemes in the limiting cases. The security of the proposed scheme and its advantage over corresponding discrete variable counterpart are also discussed. Specifically, the ignorance of an eavesdropper in the proposed scheme is shown to be very high compared with corresponding discrete variable scheme and thus the present scheme is less prone to information leakage inherent with the discrete variable quantum dialogue based schemes.It is further established that the proposed scheme can be viewed as a continuous variable counterpart of quantum cryptographic switch which allows a supervisor to control the information transferred between the two legitimate parties to a continuously varying degree.Comment: Quantum dialogue and its application in the continuous variable scenario is studied in detai

Quantum Private Comparison: A Review

As an important branch of quantum secure multiparty computation, quantum private comparison (QPC) has attracted more and more attention recently. In this paper, according to the quantum implementation mechanism that these protocols used, we divide these protocols into three categories: The quantum cryptography QPC, the superdense coding QPC, and the entanglement swapping QPC. And then, a more in-depth analysis on the research progress, design idea, and substantive characteristics of corresponding QPC categories is carried out, respectively. Finally, the applications of QPC and quantum secure multi-party computation issues are discussed and, in addition, three possible research mainstream directions are pointed out