07381 Abstracts Collection -- Cryptography

From 16.09.2007 to 21.09.2007 the Dagstuhl Seminar 07381 ``Cryptography\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Leftover Hashing Against Quantum Side Information

The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input with sufficiently high entropy is almost uniformly random. In its standard formulation, the lemma refers to a notion of randomness that is (usually implicitly) defined with respect to classical side information. Here, we prove a (strictly) more general version of the Leftover Hash Lemma that is valid even if side information is represented by the state of a quantum system. Furthermore, our result applies to arbitrary delta-almost two-universal families of hash functions. The generalized Leftover Hash Lemma has applications in cryptography, e.g., for key agreement in the presence of an adversary who is not restricted to classical information processing

Quantum entropic security and approximate quantum encryption

We present full generalisations of entropic security and entropic indistinguishability to the quantum world where no assumption but a limit on the knowledge of the adversary is made. This limit is quantified using the quantum conditional min-entropy as introduced by Renato Renner. A proof of the equivalence between the two security definitions is presented. We also provide proofs of security for two different cyphers in this model and a proof for a lower bound on the key length required by any such cypher. These cyphers generalise existing schemes for approximate quantum encryption to the entropic security model.Comment: Corrected mistakes in the proofs of Theorems 3 and 6; results unchanged. To appear in IEEE Transactions on Information Theory

Short seed extractors against quantum storage

Some, but not all, extractors resist adversaries with limited quantum storage. In this paper we show that Trevisan's extractor has this property, thereby showing an extractor against quantum storage with logarithmic seed length

A Hypercontractive Inequality for Matrix-Valued Functions with Applications to Quantum Computing and LDCs

The Bonami-Beckner hypercontractive inequality is a powerful tool in Fourier analysis of real-valued functions on the Boolean cube. In this paper we present a version of this inequality for matrix-valued functions on the Boolean cube. Its proof is based on a powerful inequality by Ball, Carlen, and Lieb. We also present a number of applications. First, we analyze maps that encode $n$ classical bits into $m$ qubits, in such a way that each set of $k$ bits can be recovered with some probability by an appropriate measurement on the quantum encoding; we show that if $m<0.7 n$, then the success probability is exponentially small in $k$. This result may be viewed as a direct product version of Nayak's quantum random access code bound. It in turn implies strong direct product theorems for the one-way quantum communication complexity of Disjointness and other problems. Second, we prove that error-correcting codes that are locally decodable with 2 queries require length exponential in the length of the encoded string. This gives what is arguably the first ``non-quantum'' proof of a result originally derived by Kerenidis and de Wolf using quantum information theory, and answers a question by Trevisan.Comment: This is the full version of a paper that will appear in the proceedings of the IEEE FOCS 08 conferenc

Sampling of min-entropy relative to quantum knowledge

Let X_1, ..., X_n be a sequence of n classical random variables and consider a sample of r positions selected at random. Then, except with (exponentially in r) small probability, the min-entropy of the sample is not smaller than, roughly, a fraction r/n of the total min-entropy of all positions X_1, ..., X_n, which is optimal. Here, we show that this statement, originally proven by Vadhan [LNCS, vol. 2729, Springer, 2003] for the purely classical case, is still true if the min-entropy is measured relative to a quantum system. Because min-entropy quantifies the amount of randomness that can be extracted from a given random variable, our result can be used to prove the soundness of locally computable extractors in a context where side information might be quantum-mechanical. In particular, it implies that key agreement in the bounded-storage model (using a standard sample-and-hash protocol) is fully secure against quantum adversaries, thus solving a long-standing open problem.Comment: 48 pages, late