150 research outputs found
Classical Cryptographic Protocols in a Quantum World
Cryptographic protocols, such as protocols for secure function evaluation
(SFE), have played a crucial role in the development of modern cryptography.
The extensive theory of these protocols, however, deals almost exclusively with
classical attackers. If we accept that quantum information processing is the
most realistic model of physically feasible computation, then we must ask: what
classical protocols remain secure against quantum attackers?
Our main contribution is showing the existence of classical two-party
protocols for the secure evaluation of any polynomial-time function under
reasonable computational assumptions (for example, it suffices that the
learning with errors problem be hard for quantum polynomial time). Our result
shows that the basic two-party feasibility picture from classical cryptography
remains unchanged in a quantum world.Comment: Full version of an old paper in Crypto'11. Invited to IJQI. This is
authors' copy with different formattin
Improved on Identity-based quantum signature based on Bell states
In 2020 Xin et al.proposed a new identity-based quantum signature based on Bell states scheme. By using a one-time padding (OTP) for both-side transfer operations like, XOR , Hadamard H, and Y, they confirmed the security of the proposed scheme. However, after analyses, we found that the scheme cannot resist both the existing forgery attack and meaningful message attack. Therefore, we modified their scheme to include the required security, unforgeability, which is very important in quantum signature scheme
Practical unconditionally secure signature schemes and related protocols
The security guarantees provided by digital signatures are vital to many modern applications such as online banking, software distribution, emails and many more. Their ubiquity across digital communications arguably makes digital signatures one of the most important inventions in cryptography. Worryingly, all commonly used schemes – RSA, DSA and ECDSA – provide only computational security, and are rendered completely insecure by quantum computers. Motivated by this threat, this thesis focuses on unconditionally secure signature (USS) schemes – an information theoretically secure analogue of digital signatures. We present and analyse two new USS schemes. The first is a quantum USS scheme that is both information-theoretically secure and realisable with current technology. The scheme represents an improvement over all previous quantum USS schemes, which were always either realisable or had a full security proof, but not both. The second is an entirely classical USS scheme that uses minimal resources and is vastly more efficient than all previous schemes, to such an extent that it could potentially find real-world application. With the discovery of such an efficient classical USS scheme using only minimal resources, it is difficult to see what advantage quantum USS schemes may provide. Lastly, we remain in the information-theoretic security setting and consider two quantum protocols closely related to USS schemes – oblivious transfer and quantum money. For oblivious transfer, we prove new lower bounds on the minimum achievable cheating probabilities in any 1-out-of-2 protocol. For quantum money, we present a scheme that is more efficient and error tolerant than all previous schemes. Additionally, we show that it can be implemented using a coherent source and lossy detectors, thereby allowing for the first experimental demonstration of quantum coin creation and verification
Non-Destructive Zero-Knowledge Proofs on Quantum States, and Multi-Party Generation of Authorized Hidden GHZ States
Due to the special no-cloning principle, quantum states appear to be very
useful in cryptography. But this very same property also has drawbacks: when
receiving a quantum state, it is nearly impossible for the receiver to
efficiently check non-trivial properties on that state without destroying it.
In this work, we initiate the study of Non-Destructive Zero-Knowledge Proofs
on Quantum States. Our method binds a quantum state to a classical encryption
of that quantum state. That way, the receiver can obtain guarantees on the
quantum state by asking to the sender to prove properties directly on the
classical encryption. This method is therefore non-destructive, and it is
possible to verify a very large class of properties. For instance, we can force
the sender to send different categories of states depending on whether they
know a classical password or not. Moreover, we can also provide guarantees to
the sender: for example, we can ensure that the receiver will never learn
whether the sender knows the password or not.
We also extend this method to the multi-party setting. We show how it can
prove useful to distribute a GHZ state between different parties, in such a way
that only parties knowing a secret can be part of this GHZ. Moreover, the
identity of the parties that are part of the GHZ remains hidden to any
malicious party. A direct application would be to allow a server to create a
secret sharing of a qubit between unknown parties, authorized for example by a
third party Certification Authority.
Finally, we provide simpler "blind" versions of the protocols that could
prove useful in Anonymous Transmission or Quantum Onion Routing, and we
explicit a cryptographic function required in our protocols based on the
Learning With Errors hardness problem.Comment: 50 page
Quantum cryptography: key distribution and beyond
Uniquely among the sciences, quantum cryptography has driven both
foundational research as well as practical real-life applications. We review
the progress of quantum cryptography in the last decade, covering quantum key
distribution and other applications.Comment: It's a review on quantum cryptography and it is not restricted to QK
Ideal quantum protocols in the non-ideal physical world
The development of quantum protocols from conception to experimental realizations is one of
the main sources of the stimulating exchange between fundamental and experimental research
characteristic to quantum information processing. In this thesis we contribute to the development
of two recent quantum protocols, Universal Blind Quantum Computation (UBQC) and Quantum
Digital Signatures (QDS). UBQC allows a client to delegate a quantum computation to a more
powerful quantum server while keeping the input and computation private. We analyse the resilience
of the privacy of UBQC under imperfections. Then, we introduce approximate blindness
quantifying any compromise to privacy, and propose a protocol which enables arbitrary levels of
security despite imperfections. Subsequently, we investigate the adaptability of UBQC to alternative
implementations with practical advantages. QDS allow a party to send a message to other
parties which cannot be forged, modified or repudiated. We analyse the security properties of a
first proof-of-principle experiment of QDS, implemented in an optical system. We estimate the
security failure probabilities of our system as a function of protocol parameters, under all but the
most general types of attacks. Additionally, we develop new techniques for analysing transformations
between symmetric sets of states, utilized not only in the security proofs of QDS but in
other applications as well
Classically Verifiable NIZK for QMA with Preprocessing
We propose three constructions of classically verifiable non-interactive zero-knowledge proofs and arguments (CV-NIZK) for QMA in various preprocessing models.
1. We construct a CV-NIZK for QMA in the quantum secret parameter model where a trusted setup sends a quantum proving key to the prover and a classical verification key to the verifier. It is information theoretically sound and zero-knowledge.
2. Assuming the quantum hardness of the learning with errors problem, we construct a CV-NIZK for QMA in a model where a trusted party generates a CRS and the verifier sends an instance-independent quantum message to the prover as preprocessing. This model is the same as one considered in the recent work by Coladangelo, Vidick, and Zhang (CRYPTO \u2720). Our construction has the so-called dual-mode property, which means that there are two computationally indistinguishable modes of generating CRS, and we have information theoretical soundness in one mode and information theoretical zero-knowledge property in the other. This answers an open problem left by Coladangelo et al, which is to achieve either of soundness or zero-knowledge information theoretically. To the best of our knowledge, ours is the first dual-mode NIZK for QMA in any kind of model.
3. We construct a CV-NIZK for QMA with quantum preprocessing in the quantum random oracle model. This quantum preprocessing is the one where the verifier sends a random Pauli-basis states to the prover. Our construction uses the Fiat-Shamir transformation. The quantum preprocessing can be replaced with the setup that distributes Bell pairs among the prover and the verifier, and therefore we solve the open problem by Broadbent and Grilo (FOCS \u2720) about the possibility of NIZK for QMA in the shared Bell pair model via the Fiat-Shamir transformation
Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures
Recent work, including ZKBoo, ZKB++, and Ligero, has developed efficient non-interactive zero-knowledge proofs of knowledge (NIZKPoKs) for arbitrary Boolean circuits based on symmetric- key primitives alone using the “MPC-in-the-head” paradigm of Ishai et al. We show how to instantiate this paradigm with MPC protocols in the preprocessing model; once optimized, this results in an NIZKPoK with shorter proofs (and comparable computation) as in prior work for circuits containing roughly 300–100,000 AND gates. In contrast to prior work, our NIZKPoK also supports witness-independent preprocessing, which allows the prover to move most of its work to an offline phase before the witness is known.
We use our NIZKPoK to construct a signature scheme based only on symmetric-key primitives (and hence with “post-quantum” security). The resulting scheme has shorter signatures than the scheme built using ZKB++ (with comparable signing/verification time), and is even competitive with hash-based signature schemes.
To further highlight the flexibility and power of our NIZKPoK, we also use it to build efficient ring and group signatures based on symmetric-key primitives alone. To our knowledge, the resulting schemes are the most efficient constructions of these primitives that offer post-quantum security
Non-interactive zero-knowledge arguments for QMA, with preprocessing
A non-interactive zero-knowledge (NIZK) proof system for a language L∈NP allows a prover (who is provided with an instance x∈L, and a witness w for x) to compute a classical certificate π for the claim that x∈L such that π has the following properties: 1) π can be verified efficiently, and 2) π does not reveal any information about w, besides the fact that it exists (i.e. that x∈L). NIZK proof systems have recently been shown to exist for all languages in NP in the common reference string (CRS) model and under the learning with errors (LWE) assumption.
We initiate the study of NIZK arguments for languages in QMA. Our first main result is the following: if LWE is hard for quantum computers, then any language in QMA has an NIZK argument with preprocessing. The preprocessing in our argument system consists of (i) the generation of a CRS and (ii) a single (instance-independent) quantum message from verifier to prover. The instance-dependent phase of our argument system involves only a single classical message from prover to verifier. Importantly, verification in our protocol is entirely classical, and the verifier needs not have quantum memory; its only quantum actions are in the preprocessing phase.
Our second contribution is to extend the notion of a classical proof of knowledge to the quantum setting. We introduce the notions of arguments and proofs of quantum knowledge (AoQK/PoQK), and we show that our non-interactive argument system satisfies the definition of an AoQK. In particular, we explicitly construct an extractor which can recover a quantum witness from any prover who is successful in our protocol. We also show that any language in QMA has an (interactive) proof of quantum knowledge
- …