9 research outputs found
Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation
We revisit the notion of deniability in quantum key exchange (QKE), a topic
that remains largely unexplored. In the only work on this subject by Donald
Beaver, it is argued that QKE is not necessarily deniable due to an
eavesdropping attack that limits key equivocation. We provide more insight into
the nature of this attack and how it extends to other constructions such as QKE
obtained from uncloneable encryption. We then adopt the framework for quantum
authenticated key exchange, developed by Mosca et al., and extend it to
introduce the notion of coercer-deniable QKE, formalized in terms of the
indistinguishability of real and fake coercer views. Next, we apply results
from a recent work by Arrazola and Scarani on covert quantum communication to
establish a connection between covert QKE and deniability. We propose DC-QKE, a
simple deniable covert QKE protocol, and prove its deniability via a reduction
to the security of covert QKE. Finally, we consider how entanglement
distillation can be used to enable information-theoretically deniable protocols
for QKE and tasks beyond key exchange.Comment: 16 pages, published in the proceedings of NordSec 201
Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation
We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely unexplored. In the only work on this subject by Donald Beaver, it is argued that QKE is not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and how it extends to other constructions such as QKE obtained from uncloneable encryption. We then adopt the framework for quantum authenticated key exchange, developed by Mosca et al., and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. Next, we apply results from a recent work by Arrazola and Scarani on covert quantum communication to establish a connection between covert QKE and deniability. We propose DC-QKE, a simple deniable covert QKE protocol, and prove its deniability via a reduction to the security of covert QKE. Finally, we consider how entanglement distillation can be used to enable information-theoretically deniable protocols for QKE and tasks beyond key exchange
From Information Theory Puzzles in Deletion Channels to Deniability in Quantum Cryptography
Research questions, originally rooted in quantum key exchange (QKE), have branched off into independent lines of inquiry ranging from information theory to fundamental physics. In a similar vein, the first part of this thesis is dedicated to information theory problems in deletion channels that arose in the context of QKE. From the output produced by a memoryless deletion channel with a uniformly random input of known length n, one obtains a posterior distribution on the channel input. The difference between the Shannon entropy of this distribution and that of the uniform prior measures the amount of information about the channel input which is conveyed by the output of length m. We first conjecture on the basis of experimental data that the entropy of the posterior is minimized by the constant strings 000..., 111... and maximized by the alternating strings 0101..., 1010.... Among other things, we derive analytic expressions for minimal entropy and propose alternative approaches for tackling the entropy extremization problem. We address a series of closely related combinatorial problems involving binary (sub/super)-sequences and prove the original minimal entropy conjecture for the special cases of single and double deletions using clustering techniques and a run-length encoding of strings. The entropy analysis culminates in a fundamental characterization of the extremal entropic cases in terms of the distribution of embeddings. We confirm the minimization conjecture in the asymptotic limit using results from hidden word statistics by showing how the analytic-combinatorial methods of Flajolet, Szpankowski and VallĂ©e, relying on generating functions, can be applied to resolve the case of fixed output length and n â â.
In the second part, we revisit the notion of deniability in QKE, a topic that remains largely unexplored. In a work by Donald Beaver it is argued that QKE protocols are not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and discuss how it extends to other prepare-and-measure QKE schemes such as QKE obtained from uncloneable encryption. We adopt the framework for quantum authenticated key exchange developed by Mosca et al. and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. We also elaborate on the differences between our model and the standard simulation-based definition of deniable key exchange in the classical setting. We establish a connection between the concept of covert communication and deniability by applying results from a work by Arrazola and Scarani on obtaining covert quantum communication and covert QKE to propose a simple construction for coercer-deniable QKE. We prove the deniability of this scheme via a reduction to the security of covert QKE. We relate deniability to fundamental concepts in quantum information theory and suggest a generic approach based on entanglement distillation for achieving information-theoretic deniability, followed by an analysis of other closely related results such as the relation between the impossibility of unconditionally secure quantum bit commitment and deniability. Finally, we present an efficient coercion-resistant and quantum-secure voting scheme, based on fully homomorphic encryption (FHE) and recent advances in various FHE primitives such as hashing, zero-knowledge proofs of correct decryption, verifiable shuffles and threshold FHE
The art of post-truth in quantum cryptography
LâĂ©tablissement de clĂ© quantique (abrĂ©gĂ© QKD en anglais) permet Ă deux participants distants, Alice et Bob, dâĂ©tablir une clĂ© secrĂšte commune (mais alĂ©atoire) qui est connue uniquement de ces deux personnes (câest-Ă -dire inconnue dâĂve et de tout autre tiers parti). La clĂ© secrĂšte partagĂ©e est inconditionnellement privĂ©e et peut ĂȘtre plus tard utilisĂ©e, par Alice et Bob, pour transmettre des messages en toute confidentialitĂ©, par exemple sous la forme dâun masque jetable. Le protocole dâĂ©tablissement de clĂ© quantique garantit la confidentialitĂ© inconditionnelle du message en prĂ©sence dâun adversaire (Ăve) limitĂ© uniquement par les lois de la mĂ©canique quantique, et qui ne peut agir sur lâinformation que se partagent Alice et Bob que lors de son transit Ă travers des canaux classiques et quantiques. Mais que se passe-t-il lorsque Ăve a le pouvoir supplĂ©mentaire de contraindre Alice et/ou Bob Ă rĂ©vĂ©ler toute information, jusquâalors gardĂ©e secrĂšte, gĂ©nĂ©rĂ©e lors de lâexĂ©cution (rĂ©ussie) du protocole dâĂ©tablissement de clĂ© quantique (Ă©ventuellement suite Ă la transmission entre Alice et Bob dâun ou plusieurs messages chiffrĂ©s classique Ă lâaide de cette clĂ©), de maniĂšre Ă ce quâĂve puisse reproduire lâentiĂšretĂ© du protocole et retrouver la clĂ© (et donc aussi le message quâelle a chiffrĂ©) ? Alice et Bob peuvent-ils nier la crĂ©ation de la clĂ© de maniĂšre plausible en rĂ©vĂ©lant des informations mensongĂšres pour quâĂve aboutisse sur une fausse clĂ© ? Les protocoles dâĂ©tablissement de clĂ© quantiques peuvent-ils tels quels garantir la possibilitĂ© du doute raisonnable ? Dans cette thĂšse, câest sur cette Ă©nigme que nous nous penchons.
Dans le reste de ce document, nous empruntons le point de vue de la thĂ©orie de lâinformation pour analyser la possibilitĂ© du doute raisonnable lors de lâapplication de protocoles dâĂ©tablissement de clĂ© quantiques. Nous formalisons rigoureusement diffĂ©rents types et degrĂ©s de doute raisonnable en fonction de quel participant est contraint de rĂ©vĂ©ler la clĂ©, de ce que lâadversaire peut demander, de la taille de lâensemble de fausses clĂ©s quâAlice et Bob peuvent prĂ©tendre Ă©tablir, de quand les parties doivent dĂ©cider de la ou des clĂ©s fictives, de quelle est la tolĂ©rance dâĂve aux Ă©vĂ©nements moins probables, et du recours ou non Ă des hypothĂšses de calcul.
Nous dĂ©finissons ensuite rigoureusement une classe gĂ©nĂ©rale de protocoles dâĂ©tablissement de clĂ© quantiques, basĂ©e sur un canal quantique presque parfait, et prouvons que tout protocole dâĂ©tablissement de clĂ© quantique appartenant Ă cette classe satisfait la dĂ©finition la plus gĂ©nĂ©rale de doute raisonnable : Ă savoir, le doute raisonnable universel. Nous en fournissons quelques exemples. Ensuite, nous proposons un protocole hybride selon lequel tout protocole
QKD peut ĂȘtre au plus existentiellement dĂ©niable. De plus, nous dĂ©finissons une vaste classe de protocoles dâĂ©tablissement de clĂ© quantiques, que nous appelons prĂ©paration et mesure, et prouvons lâimpossibilitĂ© dâinstiller lors de ceux-ci tout degrĂ© de doute raisonnable.
Ensuite, nous proposons une variante du protocole, que nous appelons prĂ©paration et mesure floues qui offre un certain niveau de doute raisonnable lorsque Ăve est juste. Par la suite, nous proposons un protocole hybride en vertu duquel tout protocole dâĂ©tablissement de clĂ© quantique ne peut offrir au mieux que lâoption de doute raisonnable existentiel. Finalement, nous proposons une variante du protocole, que nous appelons mono-dĂ©niable qui est seulement Alice dĂ©niable ou Bob dĂ©niable (mais pas les deux).Quantum Key Establishment (QKD) enables two distant parties Alice and Bob to establish a common random secret key known only to the two of them (i.e., unknown to Eve and anyone else). The common secret key is information-theoretically secure. Later, Alice and Bob may use this key to transmit messages securely, for example as a one-time pad. The QKD protocol guarantees the confidentiality of the key from an information-theoretic perspective against an adversary Eve who is only limited by the laws of quantum theory and can act only on the signals as they pass through the classical and quantum channels. But what if Eve has the extra power to coerce Alice and/or Bob after the successful execution of the QKD protocol forcing either both or only one of them to reveal all their private information (possibly also after one or several (classical) ciphertexts encrypted with that key have been transmitted between Alice and Bob) then Eve could go through the protocol and obtain the key (hence also the message)? Can Alice and Bob deny establishment of the key plausibly by revealing fake private information and hence also a fake key? Do QKD protocols guarantee deniability for free in this case? In this Thesis, we investigate this conundrum.
In the rest of this document, we take an information-theoretic perspective on deniability in quantum key establishment protocols. We rigorously formalize different levels and flavours of deniability depending on which party is coerced, what the adversary may ask, what is the size of the fake set that surreptitious parties can pretend to be established, when the parties should decide on the fake key(s), and what is the coercerâs tolerance to less likely events and possibly also computational assumptions.
We then rigorously define a general class of QKD protocols, based on an almost-perfect quantum channel, and prove that any QKD protocol that belongs to this class satisfies the most general flavour of deniability, i.e.,universal deniability. Moreover, we define a broad class of QKD protocols, which we call prepare-and-measure, and prove that these protocols are not deniable in any level or flavour.
Moreover, we define a class of QKD protocols, which we refer to as fuzzy prepare-andmeasure, that provides a certain level of deniability conditioned on Eve being fair. Furthermore, we propose a hybrid protocol under which any QKD protocol can be at most existentially deniable. Finally, we define a class of QKD protocols, which we refer to as mono-deniable, which is either Alice or Bob (but not both) deniable
Unmet goals of tracking: within-track heterogeneity of students' expectations for
Educational systems are often characterized by some form(s) of ability grouping, like tracking. Although substantial variation in the implementation of these practices exists, it is always the aim to improve teaching efficiency by creating homogeneous groups of students in terms of capabilities and performances as well as expected pathways. If studentsâ expected pathways (university, graduate school, or working) are in line with the goals of tracking, one might presume that these expectations are rather homogeneous within tracks and heterogeneous between tracks. In Flanders (the northern region of Belgium), the educational system consists of four tracks. Many students start out in the most prestigious, academic track. If they fail to gain the necessary credentials, they move to the less esteemed technical and vocational tracks. Therefore, the educational system has been called a 'cascade system'. We presume that this cascade system creates homogeneous expectations in the academic track, though heterogeneous expectations in the technical and vocational tracks. We use data from the International Study of City Youth (ISCY), gathered during the 2013-2014 school year from 2354 pupils of the tenth grade across 30 secondary schools in the city of Ghent, Flanders. Preliminary results suggest that the technical and vocational tracks show more heterogeneity in studentâs expectations than the academic track. If tracking does not fulfill the desired goals in some tracks, tracking practices should be questioned as tracking occurs along social and ethnic lines, causing social inequality
Esa 12th Conference: Differences, Inequalities and Sociological Imagination: Abstract Book
Esa 12th Conference: Differences, Inequalities and Sociological Imagination: Abstract Boo