4,274 research outputs found
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
Secure Code Update for Embedded Devices via Proofs of Secure Erasure
Abstract. Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although previously proposed re-mote attestation techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One no-table alternative is software-based attestation, that is both less costly and more efficient. However, recent results identified weaknesses in some proposed software-based methods, thus showing that security of remote software attestation remains a challenge. Inspired by these developments, this paper explores an approach that relies neither on secure hardware nor on tight timing constraints typi-cal of software-based technqiques. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our approach involves a new primitive – Proofs of Secure Erasure (PoSE-s). We also show that, even though it is effective and provably secure, PoSE-based attestation is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.
Composable Security in the Bounded-Quantum-Storage Model
We present a simplified framework for proving sequential composability in the
quantum setting. In particular, we give a new, simulation-based, definition for
security in the bounded-quantum-storage model, and show that this definition
allows for sequential composition of protocols. Damgard et al. (FOCS '05,
CRYPTO '07) showed how to securely implement bit commitment and oblivious
transfer in the bounded-quantum-storage model, where the adversary is only
allowed to store a limited number of qubits. However, their security
definitions did only apply to the standalone setting, and it was not clear if
their protocols could be composed. Indeed, we first give a simple attack that
shows that these protocols are not composable without a small refinement of the
model. Finally, we prove the security of their randomized oblivious transfer
protocol in our refined model. Secure implementations of oblivious transfer and
bit commitment then follow easily by a (classical) reduction to randomized
oblivious transfer.Comment: 21 page
Quantum to Classical Randomness Extractors
The goal of randomness extraction is to distill (almost) perfect randomness
from a weak source of randomness. When the source yields a classical string X,
many extractor constructions are known. Yet, when considering a physical
randomness source, X is itself ultimately the result of a measurement on an
underlying quantum system. When characterizing the power of a source to supply
randomness it is hence a natural question to ask, how much classical randomness
we can extract from a quantum system. To tackle this question we here take on
the study of quantum-to-classical randomness extractors (QC-extractors). We
provide constructions of QC-extractors based on measurements in a full set of
mutually unbiased bases (MUBs), and certain single qubit measurements. As the
first application, we show that any QC-extractor gives rise to entropic
uncertainty relations with respect to quantum side information. Such relations
were previously only known for two measurements. As the second application, we
resolve the central open question in the noisy-storage model [Wehner et al.,
PRL 100, 220502 (2008)] by linking security to the quantum capacity of the
adversary's storage device.Comment: 6+31 pages, 2 tables, 1 figure, v2: improved converse parameters,
typos corrected, new discussion, v3: new reference
A Tight High-Order Entropic Quantum Uncertainty Relation With Applications
We derive a new entropic quantum uncertainty relation involving min-entropy.
The relation is tight and can be applied in various quantum-cryptographic
settings.
Protocols for quantum 1-out-of-2 Oblivious Transfer and quantum Bit
Commitment are presented and the uncertainty relation is used to prove the
security of these protocols in the bounded quantum-storage model according to
new strong security definitions.
As another application, we consider the realistic setting of Quantum Key
Distribution (QKD) against quantum-memory-bounded eavesdroppers. The
uncertainty relation allows to prove the security of QKD protocols in this
setting while tolerating considerably higher error rates compared to the
standard model with unbounded adversaries. For instance, for the six-state
protocol with one-way communication, a bit-flip error rate of up to 17% can be
tolerated (compared to 13% in the standard model).
Our uncertainty relation also yields a lower bound on the min-entropy key
uncertainty against known-plaintext attacks when quantum ciphers are composed.
Previously, the key uncertainty of these ciphers was only known with respect to
Shannon entropy.Comment: 21 pages; editorial changes, additional applicatio
The Bounded Storage Model in The Presence of a Quantum Adversary
An extractor is a function E that is used to extract randomness. Given an
imperfect random source X and a uniform seed Y, the output E(X,Y) is close to
uniform. We study properties of such functions in the presence of prior quantum
information about X, with a particular focus on cryptographic applications. We
prove that certain extractors are suitable for key expansion in the bounded
storage model where the adversary has a limited amount of quantum memory. For
extractors with one-bit output we show that the extracted bit is essentially
equally secure as in the case where the adversary has classical resources. We
prove the security of certain constructions that output multiple bits in the
bounded storage model.Comment: 13 pages Latex, v3: discussion of independent randomizers adde
Entanglement sampling and applications
A natural measure for the amount of quantum information that a physical
system E holds about another system A = A_1,...,A_n is given by the min-entropy
Hmin(A|E). Specifically, the min-entropy measures the amount of entanglement
between E and A, and is the relevant measure when analyzing a wide variety of
problems ranging from randomness extraction in quantum cryptography, decoupling
used in channel coding, to physical processes such as thermalization or the
thermodynamic work cost (or gain) of erasing a quantum system. As such, it is a
central question to determine the behaviour of the min-entropy after some
process M is applied to the system A. Here we introduce a new generic tool
relating the resulting min-entropy to the original one, and apply it to several
settings of interest, including sampling of subsystems and measuring in a
randomly chosen basis. The sampling results lead to new upper bounds on quantum
random access codes, and imply the existence of "local decouplers". The results
on random measurements yield new high-order entropic uncertainty relations with
which we prove the optimality of cryptographic schemes in the bounded quantum
storage model.Comment: v3: fixed some typos, v2: fixed minor issue with the definition of
entropy and improved presentatio
Commitment and Oblivious Transfer in the Bounded Storage Model with Errors
The bounded storage model restricts the memory of an adversary in a
cryptographic protocol, rather than restricting its computational power, making
information theoretically secure protocols feasible. We present the first
protocols for commitment and oblivious transfer in the bounded storage model
with errors, i.e., the model where the public random sources available to the
two parties are not exactly the same, but instead are only required to have a
small Hamming distance between themselves. Commitment and oblivious transfer
protocols were known previously only for the error-free variant of the bounded
storage model, which is harder to realize
Unforgeable Noise-Tolerant Quantum Tokens
The realization of devices which harness the laws of quantum mechanics
represents an exciting challenge at the interface of modern technology and
fundamental science. An exemplary paragon of the power of such quantum
primitives is the concept of "quantum money". A dishonest holder of a quantum
bank-note will invariably fail in any forging attempts; indeed, under
assumptions of ideal measurements and decoherence-free memories such security
is guaranteed by the no-cloning theorem. In any practical situation, however,
noise, decoherence and operational imperfections abound. Thus, the development
of secure "quantum money"-type primitives capable of tolerating realistic
infidelities is of both practical and fundamental importance. Here, we propose
a novel class of such protocols and demonstrate their tolerance to noise;
moreover, we prove their rigorous security by determining tight fidelity
thresholds. Our proposed protocols require only the ability to prepare, store
and measure single qubit quantum memories, making their experimental
realization accessible with current technologies.Comment: 18 pages, 5 figure
- …