15 research outputs found
Short seed extractors against quantum storage
Some, but not all, extractors resist adversaries with limited quantum
storage. In this paper we show that Trevisan's extractor has this property,
thereby showing an extractor against quantum storage with logarithmic seed
length
Quantum entropic security and approximate quantum encryption
We present full generalisations of entropic security and entropic
indistinguishability to the quantum world where no assumption but a limit on
the knowledge of the adversary is made. This limit is quantified using the
quantum conditional min-entropy as introduced by Renato Renner. A proof of the
equivalence between the two security definitions is presented. We also provide
proofs of security for two different cyphers in this model and a proof for a
lower bound on the key length required by any such cypher. These cyphers
generalise existing schemes for approximate quantum encryption to the entropic
security model.Comment: Corrected mistakes in the proofs of Theorems 3 and 6; results
unchanged. To appear in IEEE Transactions on Information Theory
Leftover Hashing Against Quantum Side Information
The Leftover Hash Lemma states that the output of a two-universal hash
function applied to an input with sufficiently high entropy is almost uniformly
random. In its standard formulation, the lemma refers to a notion of randomness
that is (usually implicitly) defined with respect to classical side
information. Here, we prove a (strictly) more general version of the Leftover
Hash Lemma that is valid even if side information is represented by the state
of a quantum system. Furthermore, our result applies to arbitrary delta-almost
two-universal families of hash functions. The generalized Leftover Hash Lemma
has applications in cryptography, e.g., for key agreement in the presence of an
adversary who is not restricted to classical information processing
Quantum authentication and encryption with key recycling
We propose an information-theoretically secure encryption scheme for classical messages with quantum ciphertexts that offers detection of eavesdropping attacks, and re-usability of the key in case no eavesdropping took place: the entire key can be securely re-used for encrypting new messages as long as no attack is detected. This is known to be impossible for fully classical schemes, where there is no way to detect plain eavesdropping attacks. This particular application of quantum techniques to cryptography was originally proposed by Bennett, Brassard and Breidbart in 1982, even before proposing quantum-key-distribution, and a simple candidate scheme was suggested but no rigorous security analysis was given. The idea was picked up again in 2005, when Damgård, Pedersen and Salvail suggested a new scheme for the same task, but now with a rigorous security analysis. However, their scheme is much more demanding in terms of quantum capabilities: it requires the users to have a quantum computer. In contrast, and like the original scheme by Bennett et al., our new scheme requires from the honest users merely to prepare and measure single BB84 qubits. As such, we not only show the first provably-secure scheme that is within reach of current technology, but we also confirm Bennett et al.’s original intuition that a scheme in the spirit of their original construction is indeed secure
Sampling of min-entropy relative to quantum knowledge
Let X_1, ..., X_n be a sequence of n classical random variables and consider
a sample of r positions selected at random. Then, except with (exponentially in
r) small probability, the min-entropy of the sample is not smaller than,
roughly, a fraction r/n of the total min-entropy of all positions X_1, ...,
X_n, which is optimal. Here, we show that this statement, originally proven by
Vadhan [LNCS, vol. 2729, Springer, 2003] for the purely classical case, is
still true if the min-entropy is measured relative to a quantum system. Because
min-entropy quantifies the amount of randomness that can be extracted from a
given random variable, our result can be used to prove the soundness of locally
computable extractors in a context where side information might be
quantum-mechanical. In particular, it implies that key agreement in the
bounded-storage model (using a standard sample-and-hash protocol) is fully
secure against quantum adversaries, thus solving a long-standing open problem.Comment: 48 pages, late