2 research outputs found
Quantum Encryption and Generalized Quantum Shannon Impossibility
The famous Shannon impossibility result says that any encryption scheme with
perfect secrecy requires a secret key at least as long as the message. In this
paper we provide its quantum analogue with imperfect secrecy and imperfect
correctness. We also give a systematic study of information-theoretically
secure quantum encryption with two secrecy definitions. We show that the weaker
one implies the stronger but with a security loss in , where is the
dimension of the encrypted quantum system. This is good enough if the target
secrecy error is of .Comment: 10 pages. corrected a few errors in the previous versio
Security Formalizations and Their Relationships for Encryption and Key Agreement in Information-Theoretic Cryptography
This paper revisits formalizations of information-theoretic security for
symmetric-key encryption and key agreement protocols which are very fundamental
primitives in cryptography. In general, we can formalize information-theoretic
security in various ways: some of them can be formalized as stand-alone
security by extending (or relaxing) Shannon's perfect secrecy or by other ways
such as semantic security; some of them can be done based on composable
security. Then, a natural question about this is: what is the gap between the
formalizations? To answer the question, we investigate relationships between
several formalizations of information-theoretic security for symmetric-key
encryption and key agreement protocols. Specifically, for symmetric-key
encryption protocols in a general setting including the case where there exist
decryption-errors, we deal with the following formalizations of security:
formalizations extended (or relaxed) from Shannon's perfect secrecy by using
mutual information and statistical distance; information-theoretic analogues of
indistinguishability and semantic security by Goldwasser and Micali; and
composable security by Maurer et al. and Canetti. Then, we explicitly show the
equivalence and non-equivalence between those formalizations. Under the model,
we also derive lower bounds on the adversary's (or distinguisher's) advantage
and the size of secret-keys required under all of the above formalizations.
Although some of them may be already known, we can explicitly derive them all
at once through our relationships between the formalizations. In addition, we
briefly observe impossibility results which easily follow from the lower
bounds. The similar results are also shown for key agreement protocols in a
general setting including the case where there exist agreement-errors in the
protocols.Comment: 25 pages. Submitted to IEEE Trans. Inf. Theor