1,628 research outputs found
Practical Unconditionally Secure Two-channel Message Authentication
We investigate unconditional security for message authentication protocols that are designed using two-channel cryptography. We look at both noninteractive message authentication protocols (NIMAPs) and interactive message authentication protocols (IMAPs). We provide a new proof of nonexistence of nontrivial unconditionally secure NIMAPs. This proof consists of a combinatorial counting argument and is much shorter than the previous proof by Wang et al., which was based on probability distribution arguments. Further, we propose a generalization of an unconditionally secure 3-round IMAP due to Naor, Segev and Smith. With a careful choice of parameters, our scheme improves that of Naor et al. Our scheme is very close to optimal for most parameter situations of practical interest.
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Quantum cryptography: a practical information security perspective
Quantum Key Exchange (QKE, also known as Quantum Key Distribution or QKD)
allows communicating parties to securely establish cryptographic keys. It is a
well-established fact that all QKE protocols require that the parties have
access to an authentic channel. Without this authenticated link, QKE is
vulnerable to man-in-the-middle attacks. Overlooking this fact results in
exaggerated claims and/or false expectations about the potential impact of QKE.
In this paper we present a systematic comparison of QKE with traditional key
establishment protocols in realistic secure communication systems.Comment: 5 pages, new title, published version, minor changes onl
A Novel Protocol-Authentication Algorithm Ruling Out a Man-in-the-Middle Attack in Quantum Cryptography
In this work we review the security vulnerability of Quantum Cryptography
with respect to "man-in-the-middle attacks" and the standard authentication
methods applied to counteract these attacks. We further propose a modified
authentication algorithm which features higher efficiency with respect to
consumption of mutual secret bits.Comment: 4 pages, submitted to the International Journal of Quantum
Information, Proceedings of the meeting "Foundations of Quantum Information",
Camerino, April 200
The Case for Quantum Key Distribution
Quantum key distribution (QKD) promises secure key agreement by using quantum
mechanical systems. We argue that QKD will be an important part of future
cryptographic infrastructures. It can provide long-term confidentiality for
encrypted information without reliance on computational assumptions. Although
QKD still requires authentication to prevent man-in-the-middle attacks, it can
make use of either information-theoretically secure symmetric key
authentication or computationally secure public key authentication: even when
using public key authentication, we argue that QKD still offers stronger
security than classical key agreement.Comment: 12 pages, 1 figure; to appear in proceedings of QuantumComm 2009
Workshop on Quantum and Classical Information Security; version 2 minor
content revision
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
Quantum identification system
A secure quantum identification system combining a classical identification
procedure and quantum key distribution is proposed. Each identification
sequence is always used just once and new sequences are ``refuelled'' from a
shared provably secret key transferred through the quantum channel. Two
identification protocols are devised. The first protocol can be applied when
legitimate users have an unjammable public channel at their disposal. The
deception probability is derived for the case of a noisy quantum channel. The
second protocol employs unconditionally secure authentication of information
sent over the public channel, and thus it can be applied even in the case when
an adversary is allowed to modify public communications. An experimental
realization of a quantum identification system is described.Comment: RevTeX, 4 postscript figures, 9 pages, submitted to Physical Review
- …