Quantum Anonymous Transmissions

We consider the problem of hiding sender and receiver of classical and quantum bits (qubits), even if all physical transmissions can be monitored. We present a quantum protocol for sending and receiving classical bits anonymously, which is completely traceless: it successfully prevents later reconstruction of the sender. We show that this is not possible classically. It appears that entangled quantum states are uniquely suited for traceless anonymous transmissions. We then extend this protocol to send and receive qubits anonymously. In the process we introduce a new primitive called anonymous entanglement, which may be useful in other contexts as well.Comment: 18 pages, LaTeX. Substantially updated version. To appear at ASIACRYPT '0

On the Computational Power of Radio Channels

Radio networks can be a challenging platform for which to develop distributed algorithms, because the network nodes must contend for a shared channel. In some cases, though, the shared medium is an advantage rather than a disadvantage: for example, many radio network algorithms cleverly use the shared channel to approximate the degree of a node, or estimate the contention. In this paper we ask how far the inherent power of a shared radio channel goes, and whether it can efficiently compute "classicaly hard" functions such as Majority, Approximate Sum, and Parity. Using techniques from circuit complexity, we show that in many cases, the answer is "no". We show that simple radio channels, such as the beeping model or the channel with collision-detection, can be approximated by a low-degree polynomial, which makes them subject to known lower bounds on functions such as Parity and Majority; we obtain round lower bounds of the form Omega(n^{delta}) on these functions, for delta in (0,1). Next, we use the technique of random restrictions, used to prove AC^0 lower bounds, to prove a tight lower bound of Omega(1/epsilon^2) on computing a (1 +/- epsilon)-approximation to the sum of the nodes\u27 inputs. Our techniques are general, and apply to many types of radio channels studied in the literature

Source-Channel Secrecy with Causal Disclosure

Imperfect secrecy in communication systems is investigated. Instead of using equivocation as a measure of secrecy, the distortion that an eavesdropper incurs in producing an estimate of the source sequence is examined. The communication system consists of a source and a broadcast (wiretap) channel, and lossless reproduction of the source sequence at the legitimate receiver is required. A key aspect of this model is that the eavesdropper's actions are allowed to depend on the past behavior of the system. Achievability results are obtained by studying the performance of source and channel coding operations separately, and then linking them together digitally. Although the problem addressed here has been solved when the secrecy resource is shared secret key, it is found that substituting secret key for a wiretap channel brings new insights and challenges: the notion of weak secrecy provides just as much distortion at the eavesdropper as strong secrecy, and revealing public messages freely is detrimental.Comment: Allerton 2012, 6 pages. Updated version includes acknowledgement

Energy Complexity of Distance Computation in Multi-hop Networks

Energy efficiency is a critical issue for wireless devices operated under stringent power constraint (e.g., battery). Following prior works, we measure the energy cost of a device by its transceiver usage, and define the energy complexity of an algorithm as the maximum number of time slots a device transmits or listens, over all devices. In a recent paper of Chang et al. (PODC 2018), it was shown that broadcasting in a multi-hop network of unknown topology can be done in $\text{poly} \log n$ energy. In this paper, we continue this line of research, and investigate the energy complexity of other fundamental graph problems in multi-hop networks. Our results are summarized as follows. 1. To avoid spending $\Omega(D)$ energy, the broadcasting protocols of Chang et al. (PODC 2018) do not send the message along a BFS tree, and it is open whether BFS could be computed in $o(D)$ energy, for sufficiently large $D$. In this paper we devise an algorithm that attains $\tilde{O}(\sqrt{n})$ energy cost. 2. We show that the framework of the ${\Omega}(n)$ round lower bound proof for computing diameter in CONGEST of Abboud et al. (DISC 2017) can be adapted to give an $\tilde{\Omega}(n)$ energy lower bound in the wireless network model (with no message size constraint), and this lower bound applies to $O(\log n)$-arboricity graphs. From the upper bound side, we show that the energy complexity of $\tilde{O}(\sqrt{n})$ can be attained for bounded-genus graphs (which includes planar graphs). 3. Our upper bounds for computing diameter can be extended to other graph problems. We show that exact global minimum cut or approximate $s$--$t$ minimum cut can be computed in $\tilde{O}(\sqrt{n})$ energy for bounded-genus graphs

Quantum computation and privacy

Quantum mechanics is one of the most intriguing subjects to study. The world works inherently differently on very small scales and can no longer be described by means of classical physics corresponding to our everyday intuition. Contrary to classical computing, quantum computation is based on the rules of quantum mechanics. It not only allows for more efficient local computations, but also has far-reaching effects on multi-party protocols. In this thesis, we investigate two cryptographic primitives for privacy protection using quantum computing: private information retrieval and anonymous transmissions

Secret Communication over Broadcast Erasure Channels with State-feedback

We consider a 1-to-$K$ communication scenario, where a source transmits private messages to $K$ receivers through a broadcast erasure channel, and the receivers feed back strictly causally and publicly their channel states after each transmission. We explore the achievable rate region when we require that the message to each receiver remains secret - in the information theoretical sense - from all the other receivers. We characterize the capacity of secure communication in all the cases where the capacity of the 1-to-$K$ communication scenario without the requirement of security is known. As a special case, we characterize the secret-message capacity of a single receiver point-to-point erasure channel with public state-feedback in the presence of a passive eavesdropper. We find that in all cases where we have an exact characterization, we can achieve the capacity by using linear complexity two-phase schemes: in the first phase we create appropriate secret keys, and in the second phase we use them to encrypt each message. We find that the amount of key we need is smaller than the size of the message, and equal to the amount of encrypted message the potential eavesdroppers jointly collect. Moreover, we prove that a dishonest receiver that provides deceptive feedback cannot diminish the rate experienced by the honest receivers. We also develop a converse proof which reflects the two-phase structure of our achievability scheme. As a side result, our technique leads to a new outer bound proof for the non-secure communication problem

Erasure Correction for Noisy Radio Networks

The radio network model is a well-studied model of wireless, multi-hop networks. However, radio networks make the strong assumption that messages are delivered deterministically. The recently introduced noisy radio network model relaxes this assumption by dropping messages independently at random. In this work we quantify the relative computational power of noisy radio networks and classic radio networks. In particular, given a non-adaptive protocol for a fixed radio network we show how to reliably simulate this protocol if noise is introduced with a multiplicative cost of poly(log Delta, log log n) rounds where n is the number nodes in the network and Delta is the max degree. Moreover, we demonstrate that, even if the simulated protocol is not non-adaptive, it can be simulated with a multiplicative O(Delta log ^2 Delta) cost in the number of rounds. Lastly, we argue that simulations with a multiplicative overhead of o(log Delta) are unlikely to exist by proving that an Omega(log Delta) multiplicative round overhead is necessary under certain natural assumptions

Quantum broadcast channels

We consider quantum channels with one sender and two receivers, used in several different ways for the simultaneous transmission of independent messages. We begin by extending the technique of superposition coding to quantum channels with a classical input to give a general achievable region. We also give outer bounds to the capacity regions for various special cases from the classical literature and prove that superposition coding is optimal for a class of channels. We then consider extensions of superposition coding for channels with a quantum input, where some of the messages transmitted are quantum instead of classical, in the sense that the parties establish bipartite or tripartite GHZ entanglement. We conclude by using state merging to give achievable rates for establishing bipartite entanglement between different pairs of parties with the assistance of free classical communication.Comment: 15 pages; IEEE Trans. Inform. Theory, vol. 57, no. 10, October 201

Protecting privacy of users in brain-computer interface applications

Machine learning (ML) is revolutionizing research and industry. Many ML applications rely on the use of large amounts of personal data for training and inference. Among the most intimate exploited data sources is electroencephalogram (EEG) data, a kind of data that is so rich with information that application developers can easily gain knowledge beyond the professed scope from unprotected EEG signals, including passwords, ATM PINs, and other intimate data. The challenge we address is how to engage in meaningful ML with EEG data while protecting the privacy of users. Hence, we propose cryptographic protocols based on secure multiparty computation (SMC) to perform linear regression over EEG signals from many users in a fully privacy-preserving(PP) fashion, i.e., such that each individual's EEG signals are not revealed to anyone else. To illustrate the potential of our secure framework, we show how it allows estimating the drowsiness of drivers from their EEG signals as would be possible in the unencrypted case, and at a very reasonable computational cost. Our solution is the first application of commodity-based SMC to EEG data, as well as the largest documented experiment of secret sharing-based SMC in general, namely, with 15 players involved in all the computations

Simulation of a Channel with Another Channel

In this paper, we study the problem of simulating a DMC channel from another DMC channel under an average-case and an exact model. We present several achievability and infeasibility results, with tight characterizations in special cases. In particular for the exact model, we fully characterize when a BSC channel can be simulated from a BEC channel when there is no shared randomness. We also provide infeasibility and achievability results for simulation of a binary channel from another binary channel in the case of no shared randomness. To do this, we use properties of R\'enyi capacity of a given order. We also introduce a notion of "channel diameter" which is shown to be additive and satisfy a data processing inequality.Comment: 31 pages, 10 figures, and some parts of this work were published at ITW 201