Quantum Position Verification in the Random Oracle Model

Juhul kui kasutaja õigsuse kontrollimiseks on võimalik kasutada ainult tema asukohta, nimetatakse seda positsiooni verifitseerimiseks. Lihtsaim viis positsiooni verifitseerimisest on kasutaja kauguse mõõtmine keskpunktist (distance bounding). Verifitseerija paikneb kontrollitava ala keskel, saadab informatsiooni tõestajale ning kontrollib vastuse aega. Kuna selline ülesehitus ei ole alati soovitud, on võimalik kasutada ka teistsugust verifitseerijate asetust. Verifitseerijaid saab seada ümber tõestatava piirkonna, teatud liiki triangulatsioonis. Antud lõputöö muudab artiklis [Dominique Unruh, Quantum position verification in the random oracle model, CRYPTO 2014] esitatud positsiooni verifitseerimise protokolli, esitades uue versiooni protokollist, mis on turvaline väiksemal tõestataval piirkonnal. Algse protokolli\n\rturvalisuse tõestus kasutab kahe mängijaga põimunud kvantsüsteemide monogaamsuse mängu teoreemi. Lisades juurde ühe verifitseerija, defineerime uue kolme mängijaga põimunud kvantsüsteemide monogaamsuse mängu.\n\rTõestame et muudetud protokolli turvalisus sõltub uue kolme mängijaga mängu võidu tõenäosusest. Selgitame probleeme ja edusamme antud\n\rmonogaamsuse mängu tõestamisel. Võrdleme erinevaid kolme mängijaga monogaamsuse mänge ning tõestame mõned võidu tõenäosuste tulemused.Consider a situation where we wish to verify an entity solely by its location. This is called position verification. The simplest form of position verification is distance bounding where the verifier is located in the middle of the provers region, he sends information to the prover and checks how long it takes for the prover to respond. Since this is not always desirable one can place verifiers around the provers region forming a kind of triangulation. This thesis improves on the precision of the quantum position verification protocol form [Dominique Unruh, Quantum position verification in the random oracle model, CRYPTO 2014] i.e. presents a modification of the protocol that is sound for a smaller region. This is done by adding an additional receiving verifier. The previous result uses a two-player monogamy game. We define the three player monogamy game needed for the proof of the new protocol and explain our progress on the proof of this monogamy game. We also compare different three-player monogamy games and prove some results on their winning probabilities

Practically secure quantum position verification

We discuss quantum position verification (QPV) protocols in which the verifiers create and send single-qubit states to the prover. QPV protocols using single-qubit states are known to be insecure against adversaries that share a small number of entangled qubits. We introduce QPV protocols that are practically secure: they only require single-qubit states from each of the verifiers, yet their security is broken if the adversaries share an impractically large number of shared entangled qubits. These protocols are a modification of known QPV protocols in which we include a classical random oracle without altering the amount of quantum resources needed by the verifiers. We present a cheating strategy that requires a number of entangled qubits shared among the adversaries that grows exponentially with the size of the classical input of the random oracle.Comment: v2: corrected errors, more detailed discussio

Quantum Cryptography Beyond Quantum Key Distribution

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries---including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference

Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model

Strongly unforgeable signature schemes provide a more stringent security guarantee than the standard existential unforgeability. It requires that not only forging a signature on a new message is hard, it is infeasible as well to produce a new signature on a message for which the adversary has seen valid signatures before. Strongly unforgeable signatures are useful both in practice and as a building block in many cryptographic constructions. This work investigates a generic transformation that compiles any existential-unforgeable scheme into a strongly unforgeable one, which was proposed by Teranishi et al. and was proven in the classical random-oracle model. Our main contribution is showing that the transformation also works against quantum adversaries in the quantum random-oracle model. We develop proof techniques such as adaptively programming a quantum random-oracle in a new setting, which could be of independent interest. Applying the transformation to an existential-unforgeable signature scheme due to Cash et al., which can be shown to be quantum-secure assuming certain lattice problems are hard for quantum computers, we get an efficient quantum-secure strongly unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201

The Quantum Query Complexity of Algebraic Properties

We present quantum query complexity bounds for testing algebraic properties. For a set S and a binary operation on S, we consider the decision problem whether $S$ is a semigroup or has an identity element. If S is a monoid, we want to decide whether S is a group. We present quantum algorithms for these problems that improve the best known classical complexity bounds. In particular, we give the first application of the new quantum random walk technique by Magniez, Nayak, Roland, and Santha that improves the previous bounds by Ambainis and Szegedy. We also present several lower bounds for testing algebraic properties.Comment: 13 pages, 0 figure

Quantum Lightning Never Strikes the Same State Twice

Public key quantum money can be seen as a version of the quantum no-cloning theorem that holds even when the quantum states can be verified by the adversary. In this work, investigate quantum lightning, a formalization of "collision-free quantum money" defined by Lutomirski et al. [ICS'10], where no-cloning holds even when the adversary herself generates the quantum state to be cloned. We then study quantum money and quantum lightning, showing the following results: - We demonstrate the usefulness of quantum lightning by showing several potential applications, such as generating random strings with a proof of entropy, to completely decentralized cryptocurrency without a block-chain, where transactions is instant and local. - We give win-win results for quantum money/lightning, showing that either signatures/hash functions/commitment schemes meet very strong recently proposed notions of security, or they yield quantum money or lightning. - We construct quantum lightning under the assumed multi-collision resistance of random degree-2 systems of polynomials. - We show that instantiating the quantum money scheme of Aaronson and Christiano [STOC'12] with indistinguishability obfuscation that is secure against quantum computers yields a secure quantum money schem

Quantum-secure message authentication via blind-unforgeability

Formulating and designing unforgeable authentication of classical messages in the presence of quantum adversaries has been a challenge, as the familiar classical notions of unforgeability do not directly translate into meaningful notions in the quantum setting. A particular difficulty is how to fairly capture the notion of "predicting an unqueried value" when the adversary can query in quantum superposition. In this work, we uncover serious shortcomings in existing approaches, and propose a new definition. We then support its viability by a number of constructions and characterizations. Specifically, we demonstrate a function which is secure according to the existing definition by Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack, whereby a query supported only on inputs that start with 0 divulges the value of the function on an input that starts with 1. We then propose a new definition, which we call "blind-unforgeability" (or BU.) This notion matches "intuitive unpredictability" in all examples studied thus far. It defines a function to be predictable if there exists an adversary which can use "partially blinded" oracle access to predict values in the blinded region. Our definition (BU) coincides with standard unpredictability (EUF-CMA) in the classical-query setting. We show that quantum-secure pseudorandom functions are BU-secure MACs. In addition, we show that BU satisfies a composition property (Hash-and-MAC) using "Bernoulli-preserving" hash functions, a new notion which may be of independent interest. Finally, we show that BU is amenable to security reductions by giving a precise bound on the extent to which quantum algorithms can deviate from their usual behavior due to the blinding in the BU security experiment.Comment: 23+9 pages, v3: published version, with one theorem statement in the summary of results correcte