Robust Cryptography in the Noisy-Quantum-Storage Model

It was shown in [WST08] that cryptographic primitives can be implemented based on the assumption that quantum storage of qubits is noisy. In this work we analyze a protocol for the universal task of oblivious transfer that can be implemented using quantum-key-distribution (QKD) hardware in the practical setting where honest participants are unable to perform noise-free operations. We derive trade-offs between the amount of storage noise, the amount of noise in the operations performed by the honest participants and the security of oblivious transfer which are greatly improved compared to the results in [WST08]. As an example, we show that for the case of depolarizing noise in storage we can obtain secure oblivious transfer as long as the quantum bit-error rate of the channel does not exceed 11% and the noise on the channel is strictly less than the quantum storage noise. This is optimal for the protocol considered. Finally, we show that our analysis easily carries over to quantum protocols for secure identification.Comment: 34 pages, 2 figures. v2: clarified novelty of results, improved security analysis using fidelity-based smooth min-entropy, v3: typos and additivity proof in appendix correcte

Generation and Distribution of Quantum Oblivious Keys for Secure Multiparty Computation

The oblivious transfer primitive is sufficient to implement secure multiparty computation. However, secure multiparty computation based only on classical cryptography is severely limited by the security and efficiency of the oblivious transfer implementation. We present a method to efficiently and securely generate and distribute oblivious keys by exchanging qubits and by performing commitments using classical hash functions. With the presented hybrid approach, quantum and classical, we obtain a practical and high-speed oblivious transfer protocol, secure even against quantum computer attacks. The oblivious distributed keys allow implementing a fast and secure oblivious transfer protocol, which can pave the way for the widespread of applications based on secure multiparty computation.Comment: 11 pages, 5 figure

Practical and unconditionally secure spacetime-constrained oblivious transfer

Spacetime-constrained oblivious transfer (SCOT) extends the fundamental primitive of oblivious transfer to Minkowski space. SCOT and location oblivious data transfer (LODT) are the only known cryptographic tasks with classical inputs and outputs for which unconditional security needs both quantum theory and relativity. We give an unconditionally secure SCOT protocol that, contrasting previous SCOT and LODT protocols, is practical to implement with current technology, where distant agents need only communicate classical information, while quantum communication occurs at a single location. We also show that our SCOT protocol can be used to implement unconditionally secure quantum relativistic bit commitment.Comment: Accepted manuscrip

Cryptography in the Bounded-Quantum-Storage Model

This thesis initiates the study of cryptographic protocols in the bounded-quantum-storage model. On the practical side, simple protocols for Rabin Oblivious Transfer, 1-2 Oblivious Transfer and Bit Commitment are presented. No quantum memory is required for honest players, whereas the protocols can only be broken by an adversary controlling a large amount of quantum memory. The protocols are efficient, non-interactive and can be implemented with today's technology. On the theoretical side, new entropic uncertainty relations involving min-entropy are established and used to prove the security of protocols according to new strong security definitions. For instance, in the realistic setting of Quantum Key Distribution (QKD) against quantum-memory-bounded eavesdroppers, the uncertainty relation allows to prove the security of QKD protocols while tolerating considerably higher error rates compared to the standard model with unbounded adversaries.Comment: PhD Thesis, BRICS, University of Aarhus, Denmark, 128 page

Implementation of two-party protocols in the noisy-storage model

The noisy-storage model allows the implementation of secure two-party protocols under the sole assumption that no large-scale reliable quantum storage is available to the cheating party. No quantum storage is thereby required for the honest parties. Examples of such protocols include bit commitment, oblivious transfer and secure identification. Here, we provide a guideline for the practical implementation of such protocols. In particular, we analyze security in a practical setting where the honest parties themselves are unable to perform perfect operations and need to deal with practical problems such as errors during transmission and detector inefficiencies. We provide explicit security parameters for two different experimental setups using weak coherent, and parametric down conversion sources. In addition, we analyze a modification of the protocols based on decoy states.Comment: 41 pages, 33 figures, this is a companion paper to arXiv:0906.1030 considering practical aspects, v2: published version, title changed in accordance with PRA guideline

Device-Independent Oblivious Transfer from the Bounded-Quantum-Storage-Model and Computational Assumptions

We present a device-independent protocol for oblivious transfer (DIOT) in the bounded-quantum-storage-model, and analyze its security. Our protocol is everlastingly secure and aims to be more practical than previous DIOT protocols, since it does not require non-communication assumptions that are typical from protocols that use Bell inequality violations; instead, the device-independence comes from a recent self-testing protocol which makes use of a post-quantum computational assumption.Comment: 24 page

Unconditional security from noisy quantum storage

We consider the implementation of two-party cryptographic primitives based on the sole assumption that no large-scale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide security even against the most general attack. Such unconditional results were previously only known in the so-called bounded-storage model which is a special case of our setting. Our protocols can be implemented with present-day hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to appear in IEEE Transactions on Information Theory), including bit wise min-entropy sampling. however, for experimental purposes block sampling can be much more convenient, please see v3 arxiv version if needed. See arXiv:0911.2302 for a companion paper addressing aspects of a practical implementation using block samplin