Strong converse for the classical capacity of optical quantum communication channels

We establish the classical capacity of optical quantum channels as a sharp transition between two regimes---one which is an error-free regime for communication rates below the capacity, and the other in which the probability of correctly decoding a classical message converges exponentially fast to zero if the communication rate exceeds the classical capacity. This result is obtained by proving a strong converse theorem for the classical capacity of all phase-insensitive bosonic Gaussian channels, a well-established model of optical quantum communication channels, such as lossy optical fibers, amplifier and free-space communication. The theorem holds under a particular photon-number occupation constraint, which we describe in detail in the paper. Our result bolsters the understanding of the classical capacity of these channels and opens the path to applications, such as proving the security of noisy quantum storage models of cryptography with optical links.Comment: 15 pages, final version accepted into IEEE Transactions on Information Theory. arXiv admin note: text overlap with arXiv:1312.328

Verifying security protocols by knowledge analysis

This paper describes a new interactive method to analyse knowledge of participants involved in security protocols and further to verify the correctness of the protocols. The method can detect attacks and flaws involving interleaving sessions besides normal attacks. The implementation of the method in a generic theorem proving environment, namely Isabelle, makes the verification of protocols mechanical and efficient; it can verify a medium-sized security protocol in less than ten seconds. As an example, the paper finds the flaw in the Needham-Schroeder public key authentication protocol and proves the secure properties and guarantees of the protocol with Lowe's fix to show the effectiveness of this method

Generalized weights: an anticode approach

In this paper we study generalized weights as an algebraic invariant of a code. We first describe anticodes in the Hamming and in the rank metric, proving in particular that optimal anticodes in the rank metric coincide with Frobenius-closed spaces. Then we characterize both generalized Hamming and rank weights of a code in terms of the intersection of the code with optimal anticodes in the respective metrics. Inspired by this description, we propose a new algebraic invariant, which we call "Delsarte generalized weights", for Delsarte rank-metric codes based on optimal anticodes of matrices. We show that our invariant refines the generalized rank weights for Gabidulin codes proposed by Kurihara, Matsumoto and Uyematsu, and establish a series of properties of Delsarte generalized weights. In particular, we characterize Delsarte optimal codes and anticodes in terms of their generalized weights. We also present a duality theory for the new algebraic invariant, proving that the Delsarte generalized weights of a code completely determine the Delsarte generalized weights of the dual code. Our results extend the theory of generalized rank weights for Gabidulin codes. Finally, we prove the analogue for Gabidulin codes of a theorem of Wei, proving that their generalized rank weights characterize the worst-case security drops of a Gabidulin rank-metric code

Verifying a signature architecture: a comparative case study

We report on a case study in applying different formal methods to model and verify an architecture for administrating digital signatures. The architecture comprises several concurrently executing systems that authenticate users and generate and store digital signatures by passing security relevant data through a tightly controlled interface. The architecture is interesting from a formal-methods perspective as it involves complex operations on data as well as process coordination and hence is a candidate for both data-oriented and process-oriented formal methods. We have built and verified two models of the signature architecture using two representative formal methods. In the first, we specify a data model of the architecture in Z that we extend to a trace model and interactively verify by theorem proving. In the second, we model the architecture as a system of communicating processes that we verify by finite-state model checking. We provide a detailed comparison of these two different approaches to formalization (infinite state with rich data types versus finite state) and verification (theorem proving versus model checking). Contrary to common belief, our case study suggests that Z is well suited for temporal reasoning about process models with complex operations on data. Moreover, our comparison highlights the advantages of proving theorems about such models and provides evidence that, in the hands of an experienced user, theorem proving may be neither substantially more time-consuming nor more complex than model checkin

Security of quantum key distribution with iterative sifting

Several quantum key distribution (QKD) protocols employ iterative sifting. After each quantum transmission round, Alice and Bob disclose part of their setting information (including their basis choices) for the detected signals. The quantum phase of the protocol then ends when the numbers of detected signals per basis exceed certain pre-agreed threshold values. Recently, however, Pfister et al. [New J. Phys. 18 053001 (2016)] showed that iterative sifting makes QKD insecure, especially in the finite key regime, if the parameter estimation for privacy amplification uses the random sampling theory. This implies that a number of existing finite key security proofs could be flawed and cannot guarantee security. Here, we solve this serious problem by showing that the use of Azuma's inequality for parameter estimation makes QKD with iterative sifting secure again. This means that the existing protocols whose security proof employs this inequality remain secure even if they employ iterative sifting. Also, our results highlight a fundamental difference between the random sampling theorem and Azuma's inequality in proving security.Comment: 9 pages. We have found a flaw in the first version, which we have corrected in the revised versio