4,848 research outputs found
Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources
In conventional cryptography, information-theoretically secure message authentication
can be achieved by means of universal hash functions, and requires that the two legitimate users
share a random secret key, which is at least twice as long as the tag. We address the question of
whether quantum resources can offer any advantage over classical unconditionally secure message
authentication codes. It is shown that a broad class of symmetric prepare-and-measure quantum
message-authentication schemes cannot do better than their classical counterparts
New security notions and feasibility results for authentication of quantum data
We give a new class of security definitions for authentication in the quantum
setting. These definitions capture and strengthen existing definitions of
security against quantum adversaries for both classical message authentication
codes (MACs) and well as full quantum state authentication schemes. The main
feature of our definitions is that they precisely characterize the effective
behavior of any adversary when the authentication protocol accepts, including
correlations with the key. Our definitions readily yield a host of desirable
properties and interesting consequences; for example, our security definition
for full quantum state authentication implies that the entire secret key can be
re-used if the authentication protocol succeeds.
Next, we present several protocols satisfying our security definitions. We
show that the classical Wegman-Carter authentication scheme with 3-universal
hashing is secure against superposition attacks, as well as adversaries with
quantum side information. We then present conceptually simple constructions of
full quantum state authentication.
Finally, we prove a lifting theorem which shows that, as long as a protocol
can securely authenticate the maximally entangled state, it can securely
authenticate any state, even those that are entangled with the adversary. Thus,
this shows that protocols satisfying a fairly weak form of authentication
security automatically satisfy a stronger notion of security (in particular,
the definition of Dupuis, et al (2012)).Comment: 50 pages, QCrypt 2016 - 6th International Conference on Quantum
Cryptography, added a new lifting theorem that shows equivalence between a
weak form of authentication security and a stronger notion that considers
side informatio
Quantum authentication with key recycling
We show that a family of quantum authentication protocols introduced in
[Barnum et al., FOCS 2002] can be used to construct a secure quantum channel
and additionally recycle all of the secret key if the message is successfully
authenticated, and recycle part of the key if tampering is detected. We give a
full security proof that constructs the secure channel given only insecure
noisy channels and a shared secret key. We also prove that the number of
recycled key bits is optimal for this family of protocols, i.e., there exists
an adversarial strategy to obtain all non-recycled bits. Previous works
recycled less key and only gave partial security proofs, since they did not
consider all possible distinguishers (environments) that may be used to
distinguish the real setting from the ideal secure quantum channel and secret
key resource.Comment: 38+17 pages, 13 figures. v2: constructed ideal secure channel and
secret key resource have been slightly redefined; also added a proof in the
appendix for quantum authentication without key recycling that has better
parameters and only requires weak purity testing code
Approximate Quantum Error-Correcting Codes and Secret Sharing Schemes
It is a standard result in the theory of quantum error-correcting codes that
no code of length n can fix more than n/4 arbitrary errors, regardless of the
dimension of the coding and encoded Hilbert spaces. However, this bound only
applies to codes which recover the message exactly. Naively, one might expect
that correcting errors to very high fidelity would only allow small violations
of this bound. This intuition is incorrect: in this paper we describe quantum
error-correcting codes capable of correcting up to (n-1)/2 arbitrary errors
with fidelity exponentially close to 1, at the price of increasing the size of
the registers (i.e., the coding alphabet). This demonstrates a sharp
distinction between exact and approximate quantum error correction. The codes
have the property that any components reveal no information about the
message, and so they can also be viewed as error-tolerant secret sharing
schemes.
The construction has several interesting implications for cryptography and
quantum information theory. First, it suggests that secret sharing is a better
classical analogue to quantum error correction than is classical error
correction. Second, it highlights an error in a purported proof that verifiable
quantum secret sharing (VQSS) is impossible when the number of cheaters t is
n/4. More generally, the construction illustrates a difference between exact
and approximate requirements in quantum cryptography and (yet again) the
delicacy of security proofs and impossibility results in the quantum model.Comment: 14 pages, no figure
Authentication of Quantum Messages
Authentication is a well-studied area of classical cryptography: a sender S
and a receiver R sharing a classical private key want to exchange a classical
message with the guarantee that the message has not been modified by any third
party with control of the communication line. In this paper we define and
investigate the authentication of messages composed of quantum states. Assuming
S and R have access to an insecure quantum channel and share a private,
classical random key, we provide a non-interactive scheme that enables S both
to encrypt and to authenticate (with unconditional security) an m qubit message
by encoding it into m+s qubits, where the failure probability decreases
exponentially in the security parameter s. The classical private key is 2m+O(s)
bits. To achieve this, we give a highly efficient protocol for testing the
purity of shared EPR pairs. We also show that any scheme to authenticate
quantum messages must also encrypt them. (In contrast, one can authenticate a
classical message while leaving it publicly readable.) This has two important
consequences: On one hand, it allows us to give a lower bound of 2m key bits
for authenticating m qubits, which makes our protocol asymptotically optimal.
On the other hand, we use it to show that digitally signing quantum states is
impossible, even with only computational security.Comment: 22 pages, LaTeX, uses amssymb, latexsym, time
Information Theoretic Authentication and Secrecy Codes in the Splitting Model
In the splitting model, information theoretic authentication codes allow
non-deterministic encoding, that is, several messages can be used to
communicate a particular plaintext. Certain applications require that the
aspect of secrecy should hold simultaneously. Ogata-Kurosawa-Stinson-Saido
(2004) have constructed optimal splitting authentication codes achieving
perfect secrecy for the special case when the number of keys equals the number
of messages. In this paper, we establish a construction method for optimal
splitting authentication codes with perfect secrecy in the more general case
when the number of keys may differ from the number of messages. To the best
knowledge, this is the first result of this type.Comment: 4 pages (double-column); to appear in Proc. 2012 International Zurich
Seminar on Communications (IZS 2012, Zurich
Quantum authentication of classical messages
Although key distribution is arguably the most studied context on which to
apply quantum cryptographic techniques, message authentication, i.e.,
certifying the identity of the message originator and the integrity of the
message sent, can also benefit from the use of quantum resources. Classically,
message authentication can be performed by techniques based on hash functions.
However, the security of the resulting protocols depends on the selection of
appropriate hash functions, and on the use of long authentication keys. In this
paper we propose a quantum authentication procedure that, making use of just
one qubit as the authentication key, allows the authentication of binary
classical messages in a secure manner.Comment: LaTeX, 6 page
Qubit authentication
Secure communication requires message authentication. In this paper we
address the problem of how to authenticate quantum information sent through a
quantum channel between two communicating parties with the minimum amount of
resources. Specifically, our objective is to determine whether one elementary
quantum message (a qubit) can be authenticated with a key of minimum length. We
show that, unlike the case of classical-message quantum authentication, this is
not possible.Comment: LaTeX, 8 page
- …