4,740 research outputs found
Quantum Key Recycling with 8-state encoding (The Quantum One-Time Pad is more interesting than we thought)
Perfect encryption of quantum states using the Quantum One-Time Pad (QOTP) requires two classical key bits per qubit. Almost-perfect encryption, with information-theoretic security, requires only slightly more than 1. We slightly improve lower bounds on the key length. We show that key length n+2log1ε n+2log1ε suffices to encrypt n n qubits in such a way that the cipherstate’s L 1 L1 -distance from uniformity is upperbounded by ε ε . For a stricter security definition involving the ∞ ∞ -norm, we prove sufficient key length n+logn+2log1ε +1+1n log1δ +logln21−ε n+logn+2log1ε+1+1nlog1δ+logln21−ε , where δ δ is a small probability of failure. Our proof uses Pauli operators, whereas previous results on the ∞ ∞ -norm needed Haar measure sampling. We show how to QOTP-encrypt classical plaintext in a nontrivial way: we encode a plaintext bit as the vector ±(1,1,1)∕3 – √ ±(1,1,1)∕3 on the Bloch sphere. Applying the Pauli encryption operators results in eight possible cipherstates which are equally spread out on the Bloch sphere. This encoding, especially when combined with the half-keylength option of QOTP, has advantages over 4-state and 6-state encoding in applications such as Quantum Key Recycling (QKR) and Unclonable Encryption (UE). We propose a key recycling scheme that is more efficient and can tolerate more noise than a recent scheme by Fehr and Salvail. For 8-state QOTP encryption with pseudorandom keys, we do a statistical analysis of the cipherstate eigenvalues. We present numerics up to nine qubits
Quantum authentication with key recycling
We show that a family of quantum authentication protocols introduced in
[Barnum et al., FOCS 2002] can be used to construct a secure quantum channel
and additionally recycle all of the secret key if the message is successfully
authenticated, and recycle part of the key if tampering is detected. We give a
full security proof that constructs the secure channel given only insecure
noisy channels and a shared secret key. We also prove that the number of
recycled key bits is optimal for this family of protocols, i.e., there exists
an adversarial strategy to obtain all non-recycled bits. Previous works
recycled less key and only gave partial security proofs, since they did not
consider all possible distinguishers (environments) that may be used to
distinguish the real setting from the ideal secure quantum channel and secret
key resource.Comment: 38+17 pages, 13 figures. v2: constructed ideal secure channel and
secret key resource have been slightly redefined; also added a proof in the
appendix for quantum authentication without key recycling that has better
parameters and only requires weak purity testing code
How to reuse a one-time pad and other notes on authentication, encryption and protection of quantum information
Quantum information is a valuable resource which can be encrypted in order to
protect it. We consider the size of the one-time pad that is needed to protect
quantum information in a number of cases. The situation is dramatically
different from the classical case: we prove that one can recycle the one-time
pad without compromising security. The protocol for recycling relies on
detecting whether eavesdropping has occurred, and further relies on the fact
that information contained in the encrypted quantum state cannot be fully
accessed. We prove the security of recycling rates when authentication of
quantum states is accepted, and when it is rejected. We note that recycling
schemes respect a general law of cryptography which we prove relating the size
of private keys, sent qubits, and encrypted messages. We discuss applications
for encryption of quantum information in light of the resources needed for
teleportation. Potential uses include the protection of resources such as
entanglement and the memory of quantum computers. We also introduce another
application: encrypted secret sharing and find that one can even reuse the
private key that is used to encrypt a classical message. In a number of cases,
one finds that the amount of private key needed for authentication or
protection is smaller than in the general case.Comment: 13 pages, improved rate of recycling proved in the case of rejection
of authenticatio
Distributing Secret Keys with Quantum Continuous Variables: Principle, Security and Implementations
The ability to distribute secret keys between two parties with
information-theoretic security, that is, regardless of the capacities of a
malevolent eavesdropper, is one of the most celebrated results in the field of
quantum information processing and communication. Indeed, quantum key
distribution illustrates the power of encoding information on the quantum
properties of light and has far reaching implications in high-security
applications. Today, quantum key distribution systems operate in real-world
conditions and are commercially available. As with most quantum information
protocols, quantum key distribution was first designed for qubits, the
individual quanta of information. However, the use of quantum continuous
variables for this task presents important advantages with respect to qubit
based protocols, in particular from a practical point of view, since it allows
for simple implementations that require only standard telecommunication
technology. In this review article, we describe the principle of
continuous-variable quantum key distribution, focusing in particular on
protocols based on coherent states. We discuss the security of these protocols
and report on the state-of-the-art in experimental implementations, including
the issue of side-channel attacks. We conclude with promising perspectives in
this research field.Comment: 21 pages, 2 figures, 1 tabl
Cryptographic security of quantum key distribution
This work is intended as an introduction to cryptographic security and a
motivation for the widely used Quantum Key Distribution (QKD) security
definition. We review the notion of security necessary for a protocol to be
usable in a larger cryptographic context, i.e., for it to remain secure when
composed with other secure protocols. We then derive the corresponding security
criterion for QKD. We provide several examples of QKD composed in sequence and
parallel with different cryptographic schemes to illustrate how the error of a
composed protocol is the sum of the errors of the individual protocols. We also
discuss the operational interpretations of the distance metric used to quantify
these errors.Comment: 31+23 pages. 28 figures. Comments and questions welcom
Qubit-based Unclonable Encryption with Key Recycling
We re-visit Unclonable Encryption as introduced by Gottesman in 2003. We look
at the combination of Unclonable Encryption and Key Recycling, while aiming for
low communication complexity and high rate. We introduce a qubit-based
prepare-and-measure Unclonable Encryption scheme with re-usable keys. Our
scheme consists of a single transmission by Alice and a single classical
feedback bit from Bob. The transmission from Alice to Bob consists entirely of
qubits. The rate, defined as the message length divided by the number of
qubits, is higher than what can be achieved using Gottesman's scheme. We
provide a security proof based on the diamond norm distance, taking noise into
account
- …