Short seed extractors against quantum storage

Some, but not all, extractors resist adversaries with limited quantum storage. In this paper we show that Trevisan's extractor has this property, thereby showing an extractor against quantum storage with logarithmic seed length

From Graphs to Keyed Quantum Hash Functions

We present two new constructions of quantum hash functions: the first based on expander graphs and the second based on extractor functions and estimate the amount of randomness that is needed to construct them. We also propose a keyed quantum hash function based on extractor function that can be used in quantum message authentication codes and assess its security in a limited attacker model

Leftover Hashing Against Quantum Side Information

The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input with sufficiently high entropy is almost uniformly random. In its standard formulation, the lemma refers to a notion of randomness that is (usually implicitly) defined with respect to classical side information. Here, we prove a (strictly) more general version of the Leftover Hash Lemma that is valid even if side information is represented by the state of a quantum system. Furthermore, our result applies to arbitrary delta-almost two-universal families of hash functions. The generalized Leftover Hash Lemma has applications in cryptography, e.g., for key agreement in the presence of an adversary who is not restricted to classical information processing

On Quantum Fingerprinting and Quantum Cryptographic Hashing

Fingerprinting and cryptographic hashing have quite different usages in computer science, but have similar properties. Interpretation of their properties is determined by the area of their usage: fingerprinting methods are methods for constructing efficient randomized and quantum algorithms for computational problems, whereas hashing methods are one of the central cryptographical primitives. Fingerprinting and hashing methods are being developed from the mid of the previous century, whereas quantum fingerprinting and quantum hashing have a short history. In this chapter, we investigate quantum fingerprinting and quantum hashing. We present computational aspects of quantum fingerprinting and quantum hashing and discuss cryptographical properties of quantum hashing

Convex-split and hypothesis testing approach to one-shot quantum measurement compression and randomness extraction

We consider the problem of quantum measurement compression with side information in the one-shot setting with shared randomness. In this problem, Alice shares a pure state with Reference and Bob and she performs a measurement on her registers. She wishes to communicate the outcome of this measurement to Bob using shared randomness and classical communication, in such a way that the outcome that Bob receives is correctly correlated with Reference and Bob's own registers. Our goal is to simultaneously minimize the classical communication and randomness cost. We provide a protocol based on convex-split and position based decoding with its communication upper bounded in terms of smooth max and hypothesis testing relative entropies. We also study the randomness cost of our protocol in both one-shot and asymptotic and i.i.d. setting. By generalizing the convex-split technique to incorporate pair-wise independent random variables, we show that our one shot protocol requires small number of bits of shared randomness. This allows us to construct a new protocol in the asymptotic and i.i.d. setting, which is optimal in both the number of bits of communication and the number of bits of shared randomness required. We construct a new protocol for the task of strong randomness extraction in the presence of quantum side information. Our protocol achieves error guarantee in terms of relative entropy (as opposed to trace distance) and extracts close to optimal number of uniform bits. As an application, we provide new achievability result for the task of quantum measurement compression without feedback, in which Alice does not need to know the outcome of the measurement. This leads to the optimal number of bits communicated and number of bits of shared randomness required, for this task in the asymptotic and i.i.d. setting.Comment: version 5: 29 pages, 1 figure. Added applications to randomness extraction (against quantum side information) and measurement compression without feedbac

Trevisan's extractor in the presence of quantum side information

Randomness extraction involves the processing of purely classical information and is therefore usually studied in the framework of classical probability theory. However, such a classical treatment is generally too restrictive for applications, where side information about the values taken by classical random variables may be represented by the state of a quantum system. This is particularly relevant in the context of cryptography, where an adversary may make use of quantum devices. Here, we show that the well known construction paradigm for extractors proposed by Trevisan is sound in the presence of quantum side information. We exploit the modularity of this paradigm to give several concrete extractor constructions, which, e.g, extract all the conditional (smooth) min-entropy of the source using a seed of length poly-logarithmic in the input, or only require the seed to be weakly random.Comment: 20+10 pages; v2: extract more min-entropy, use weakly random seed; v3: extended introduction, matches published version with sections somewhat reordere

Quantum-Proof Extractors: Optimal up to Constant Factors

We give the first construction of a family of quantum-proof extractors that has optimal seed length dependence O(log(n/ǫ)) on the input length n and error ǫ. Our extractors support any min-entropy k = Ω(log n + log1+α (1/ǫ)) and extract m = (1 − α)k bits that are ǫ-close to uniform, for any desired constant α > 0. Previous constructions had a quadratically worse seed length or were restricted to very large input min-entropy or very few output bits. Our result is based on a generic reduction showing that any strong classical condenser is automatically quantum-proof, with comparable parameters. The existence of such a reduction for extractors is a long-standing open question; here we give an affirmative answer for condensers. Once this reduction is established, to obtain our quantum-proof extractors one only needs to consider high entropy sources. We construct quantum-proof extractors with the desired parameters for such sources by extending a classical approach to extractor construction, based on the use of block-sources and sampling, to the quantum setting. Our extractors can be used to obtain improved protocols for device-independent randomness expansion and for privacy amplification

Unconditional security from noisy quantum storage

We consider the implementation of two-party cryptographic primitives based on the sole assumption that no large-scale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide security even against the most general attack. Such unconditional results were previously only known in the so-called bounded-storage model which is a special case of our setting. Our protocols can be implemented with present-day hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to appear in IEEE Transactions on Information Theory), including bit wise min-entropy sampling. however, for experimental purposes block sampling can be much more convenient, please see v3 arxiv version if needed. See arXiv:0911.2302 for a companion paper addressing aspects of a practical implementation using block samplin