10,654 research outputs found
Quantum authentication with key recycling
We show that a family of quantum authentication protocols introduced in
[Barnum et al., FOCS 2002] can be used to construct a secure quantum channel
and additionally recycle all of the secret key if the message is successfully
authenticated, and recycle part of the key if tampering is detected. We give a
full security proof that constructs the secure channel given only insecure
noisy channels and a shared secret key. We also prove that the number of
recycled key bits is optimal for this family of protocols, i.e., there exists
an adversarial strategy to obtain all non-recycled bits. Previous works
recycled less key and only gave partial security proofs, since they did not
consider all possible distinguishers (environments) that may be used to
distinguish the real setting from the ideal secure quantum channel and secret
key resource.Comment: 38+17 pages, 13 figures. v2: constructed ideal secure channel and
secret key resource have been slightly redefined; also added a proof in the
appendix for quantum authentication without key recycling that has better
parameters and only requires weak purity testing code
Key recycling in authentication
In their seminal work on authentication, Wegman and Carter propose that to
authenticate multiple messages, it is sufficient to reuse the same hash
function as long as each tag is encrypted with a one-time pad. They argue that
because the one-time pad is perfectly hiding, the hash function used remains
completely unknown to the adversary.
Since their proof is not composable, we revisit it using a composable
security framework. It turns out that the above argument is insufficient: if
the adversary learns whether a corrupted message was accepted or rejected,
information about the hash function is leaked, and after a bounded finite
amount of rounds it is completely known. We show however that this leak is very
small: Wegman and Carter's protocol is still -secure, if
-almost strongly universal hash functions are used. This implies
that the secret key corresponding to the choice of hash function can be reused
in the next round of authentication without any additional error than this
.
We also show that if the players have a mild form of synchronization, namely
that the receiver knows when a message should be received, the key can be
recycled for any arbitrary task, not only new rounds of authentication.Comment: 17+3 pages. 11 figures. v3: Rewritten with AC instead of UC. Extended
the main result to both synchronous and asynchronous networks. Matches
published version up to layout and updated references. v2: updated
introduction and reference
Improving the redundancy of Knuth's balancing scheme for packet transmission systems
A simple scheme was proposed by Knuth to generate binary balanced codewords
from any information word. However, this method is limited in the sense that
its redundancy is twice that of the full sets of balanced codes. The gap
between Knuth's algorithm's redundancy and that of the full sets of balanced
codes is significantly considerable. This paper attempts to reduce that gap.
Furthermore, many constructions assume that a full balancing can be performed
without showing the steps. A full balancing refers to the overall balancing of
the encoded information together with the prefix. We propose an efficient way
to perform a full balancing scheme that does not make use of lookup tables or
enumerative coding.Comment: 11 pages, 4 figures, journal article submitted to Turkish journal of
electrical and computer science
Block encryption of quantum messages
In modern cryptography, block encryption is a fundamental cryptographic
primitive. However, it is impossible for block encryption to achieve the same
security as one-time pad. Quantum mechanics has changed the modern
cryptography, and lots of researches have shown that quantum cryptography can
outperform the limitation of traditional cryptography.
This article proposes a new constructive mode for private quantum encryption,
named , which is a very simple method to construct quantum
encryption from classical primitive. Based on mode, we
construct a quantum block encryption (QBE) scheme from pseudorandom functions.
If the pseudorandom functions are standard secure, our scheme is
indistinguishable encryption under chosen plaintext attack. If the pseudorandom
functions are permutation on the key space, our scheme can achieve perfect
security. In our scheme, the key can be reused and the randomness cannot, so a
-bit key can be used in an exponential number of encryptions, where the
randomness will be refreshed in each time of encryption. Thus -bit key can
perfectly encrypt qubits, and the perfect secrecy would not be broken
if the -bit key is reused for only exponential times.
Comparing with quantum one-time pad (QOTP), our scheme can be the same secure
as QOTP, and the secret key can be reused (no matter whether the eavesdropping
exists or not). Thus, the limitation of perfectly secure encryption (Shannon's
theory) is broken in the quantum setting. Moreover, our scheme can be viewed as
a positive answer to the open problem in quantum cryptography "how to
unconditionally reuse or recycle the whole key of private-key quantum
encryption". In order to physically implement the QBE scheme, we only need to
implement two kinds of single-qubit gates (Pauli gate and Hadamard gate),
so it is within reach of current quantum technology.Comment: 13 pages, 1 figure. Prior version appears in
eprint.iacr.org(iacr/2017/1247). This version adds some analysis about
multiple-message encryption, and modifies lots of contents. There are no
changes about the fundamental result
Remote State Preparation
Quantum teleportation uses prior entanglement and forward classical
communication to transmit one instance of an unknown quantum state. Remote
state preparation (RSP) has the same goal, but the sender knows classically
what state is to be transmitted. We show that the asymptotic classical
communication cost of RSP is one bit per qubit - half that of teleportation -
and becomes even less when transmitting part of a known entangled state. We
explore the tradeoff between entanglement and classical communication required
for RSP, and discuss RSP capacities of general quantum channels.Comment: 4 pages including 1 epsf figure; v3 has an additional author and
discusses relation to work of Devetak and Berger (quant-ph/0102123); v4
improves low-entanglement protocols without back communication to perform as
well as low-entanglement protocols with back communication; v5 (journal
version) has a few small change
- …