9,566 research outputs found
Unforgeable Quantum Encryption
We study the problem of encrypting and authenticating quantum data in the
presence of adversaries making adaptive chosen plaintext and chosen ciphertext
queries. Classically, security games use string copying and comparison to
detect adversarial cheating in such scenarios. Quantumly, this approach would
violate no-cloning. We develop new techniques to overcome this problem: we use
entanglement to detect cheating, and rely on recent results for characterizing
quantum encryption schemes. We give definitions for (i.) ciphertext
unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext
attack, and (iii.) authenticated encryption. The restriction of each definition
to the classical setting is at least as strong as the corresponding classical
notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All
of our new notions also imply QIND-CPA privacy. Combining one-time
authentication and classical pseudorandomness, we construct schemes for each of
these new quantum security notions, and provide several separation examples.
Along the way, we also give a new definition of one-time quantum authentication
which, unlike all previous approaches, authenticates ciphertexts rather than
plaintexts.Comment: 22+2 pages, 1 figure. v3: error in the definition of QIND-CCA2 fixed,
some proofs related to QIND-CCA2 clarifie
Quantum Lightning Never Strikes the Same State Twice
Public key quantum money can be seen as a version of the quantum no-cloning
theorem that holds even when the quantum states can be verified by the
adversary. In this work, investigate quantum lightning, a formalization of
"collision-free quantum money" defined by Lutomirski et al. [ICS'10], where
no-cloning holds even when the adversary herself generates the quantum state to
be cloned. We then study quantum money and quantum lightning, showing the
following results:
- We demonstrate the usefulness of quantum lightning by showing several
potential applications, such as generating random strings with a proof of
entropy, to completely decentralized cryptocurrency without a block-chain,
where transactions is instant and local.
- We give win-win results for quantum money/lightning, showing that either
signatures/hash functions/commitment schemes meet very strong recently proposed
notions of security, or they yield quantum money or lightning.
- We construct quantum lightning under the assumed multi-collision resistance
of random degree-2 systems of polynomials.
- We show that instantiating the quantum money scheme of Aaronson and
Christiano [STOC'12] with indistinguishability obfuscation that is secure
against quantum computers yields a secure quantum money schem
Sumcheck-based delegation of quantum computing to rational server
Delegated quantum computing enables a client with a weak computational power
to delegate quantum computing to a remote quantum server in such a way that the
integrity of the server is efficiently verified by the client. Recently, a new
model of delegated quantum computing has been proposed, namely, rational
delegated quantum computing. In this model, after the client interacts with the
server, the client pays a reward to the server. The rational server sends
messages that maximize the expected value of the reward. It is known that the
classical client can delegate universal quantum computing to the rational
quantum server in one round. In this paper, we propose novel one-round rational
delegated quantum computing protocols by generalizing the classical rational
sumcheck protocol. The construction of the previous rational protocols depends
on gate sets, while our sumcheck technique can be easily realized with any
local gate set. Furthermore, as with the previous protocols, our reward
function satisfies natural requirements. We also discuss the reward gap. Simply
speaking, the reward gap is a minimum loss on the expected value of the
server's reward incurred by the server's behavior that makes the client accept
an incorrect answer. Although our sumcheck-based protocols have only
exponentially small reward gaps as with the previous protocols, we show that a
constant reward gap can be achieved if two non-communicating but entangled
rational servers are allowed. We also discuss that a single rational server is
sufficient under the (widely-believed) assumption that the learning-with-errors
problem is hard for polynomial-time quantum computing. Apart from these
results, we show, under a certain condition, the equivalence between
and delegated quantum computing protocols. Based on this
equivalence, we give a reward-gap amplification method.Comment: 28 pages, 1 figure, Because of the character limitation, the abstract
was shortened compared with the PDF fil
- …