Composability in quantum cryptography

In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to generate a continuous key stream by sequentially composing rounds of a quantum key distribution protocol. In a second part, we take a more general point of view, which is necessary for the study of cryptographic situations involving, for example, mutually distrustful parties. We explain the universal composability framework and state the composition theorem which guarantees that secure protocols can securely be composed to larger applicationsComment: 18 pages, 2 figure

Practical unconditionally secure signature schemes and related protocols

The security guarantees provided by digital signatures are vital to many modern applications such as online banking, software distribution, emails and many more. Their ubiquity across digital communications arguably makes digital signatures one of the most important inventions in cryptography. Worryingly, all commonly used schemes – RSA, DSA and ECDSA – provide only computational security, and are rendered completely insecure by quantum computers. Motivated by this threat, this thesis focuses on unconditionally secure signature (USS) schemes – an information theoretically secure analogue of digital signatures. We present and analyse two new USS schemes. The first is a quantum USS scheme that is both information-theoretically secure and realisable with current technology. The scheme represents an improvement over all previous quantum USS schemes, which were always either realisable or had a full security proof, but not both. The second is an entirely classical USS scheme that uses minimal resources and is vastly more efficient than all previous schemes, to such an extent that it could potentially find real-world application. With the discovery of such an efficient classical USS scheme using only minimal resources, it is difficult to see what advantage quantum USS schemes may provide. Lastly, we remain in the information-theoretic security setting and consider two quantum protocols closely related to USS schemes – oblivious transfer and quantum money. For oblivious transfer, we prove new lower bounds on the minimum achievable cheating probabilities in any 1-out-of-2 protocol. For quantum money, we present a scheme that is more efficient and error tolerant than all previous schemes. Additionally, we show that it can be implemented using a coherent source and lossy detectors, thereby allowing for the first experimental demonstration of quantum coin creation and verification

The Quantum Frontier

The success of the abstract model of computation, in terms of bits, logical operations, programming language constructs, and the like, makes it easy to forget that computation is a physical process. Our cherished notions of computation and information are grounded in classical mechanics, but the physics underlying our world is quantum. In the early 80s researchers began to ask how computation would change if we adopted a quantum mechanical, instead of a classical mechanical, view of computation. Slowly, a new picture of computation arose, one that gave rise to a variety of faster algorithms, novel cryptographic mechanisms, and alternative methods of communication. Small quantum information processing devices have been built, and efforts are underway to build larger ones. Even apart from the existence of these devices, the quantum view on information processing has provided significant insight into the nature of computation and information, and a deeper understanding of the physics of our universe and its connections with computation. We start by describing aspects of quantum mechanics that are at the heart of a quantum view of information processing. We give our own idiosyncratic view of a number of these topics in the hopes of correcting common misconceptions and highlighting aspects that are often overlooked. A number of the phenomena described were initially viewed as oddities of quantum mechanics. It was quantum information processing, first quantum cryptography and then, more dramatically, quantum computing, that turned the tables and showed that these oddities could be put to practical effect. It is these application we describe next. We conclude with a section describing some of the many questions left for future work, especially the mysteries surrounding where the power of quantum information ultimately comes from.Comment: Invited book chapter for Computation for Humanity - Information Technology to Advance Society to be published by CRC Press. Concepts clarified and style made more uniform in version 2. Many thanks to the referees for their suggestions for improvement

Authentication Protocols and Privacy Protection

Tato dizertační práce se zabývá kryptografickými prostředky pro autentizaci. Hlavním tématem však nejsou klasické autentizační protokoly, které nabízejí pouze ověření identity, ale tzv. atributové autentizační systémy, pomocí kterých mohou uživatelé prokazovat svoje osobní atributy. Tyto atributy pak mohou představovat jakékoliv osobní informace, např. věk, národnost či místo narození. Atributy mohou být prokazovány anonymně a s podporou mnoha funkcí na ochranu digitální identity. Mezi takové funkce patří např. nespojitelnost autentizačních relací, nesledovatelnost, možnost výběru prokazovaných atributů či efektivní revokace. Atributové autentizační systémy jsou již nyní považovány za nástupce současných systémů v oficiálních strategických plánech USA (NSTIC) či EU (ENISA). Část požadovaných funkcí je již podporována existujícími kryptografickými koncepty jako jsou U-Prove či idemix. V současné době však není známý systém, který by poskytoval všechny potřebné funkce na ochranu digitální identity a zároveň byl prakticky implementovatelný na zařízeních, jako jsou čipové karty. Mezi klíčové slabiny současných systémů patří především chybějící nespojitelnost relací a absence revokace. Není tak možné efektivně zneplatnit zaniklé uživatele, ztracené či ukradené autentizační karty či karty škodlivých uživatelů. Z těchto důvodů je v této práci navrženo kryptografické schéma, které řeší slabiny nalezené při analýze existujících řešení. Výsledné schéma, jehož návrh je založen na ověřených primitivech, jako jsou $\Sigma$-protokoly pro důkazy znalostí, kryptografické závazky či ověřitelné šifrování, pak podporuje všechny požadované vlastnosti pro ochranu soukromí a digitální identity. Zároveň je však návrh snadno implementovatelný v prostředí smart-karet. Tato práce obsahuje plný kryptografický návrh systému, formální ověření klíčových vlastností, matematický model schématu v programu Mathematica pro ověření funkčnosti a výsledky experimentální implementace v prostředí .NET smart-karet. I přesto, že navrhovaný systém obsahuje podporu všech funkcí na ochranu soukromí, včetně těch, které chybí u existujících systémů, jeho výpočetní složitost zůstává stejná či nižší, doba ověření uživatele je tedy kratší než u existujících systémů. Výsledkem je schéma, které může velmi znatelně zvýšit ochranu soukromí uživatelů při jejich ověřování, především při využití v elektronických dokladech, přístupových systémech či Internetových službách.This dissertation thesis deals with the cryptographic constructions for user authentication. Rather than classical authentication protocols which allow only the identity verification, the attribute authentication systems are the main topic of this thesis. The attribute authentication systems allow users to give proofs about the possession of personal attributes. These attributes can represent any personal information, for example age, nationality or birthplace. The attribute ownership can be proven anonymously and with the support of many features for digital identity protection. These features include, e.g., the unlinkability of verification sessions, untraceability, selective disclosure of attributes or efficient revocation. Currently, the attribute authentication systems are considered to be the successors of existing authentication systems by the official strategies of USA (NSTIC) and EU (ENISA). The necessary features are partially provided by existing cryptographic concepts like U-Prove and idemix. But at this moment, there is no system providing all privacy-enhancing features which is implementable on computationally restricted devices like smart-cards. Among all weaknesses of existing systems, the missing unlinkability of verification sessions and the absence of practical revocation are the most critical ones. Without these features, it is currently impossible to invalidate expired users, lost or stolen authentication cards and cards of malicious users. Therefore, a new cryptographic scheme is proposed in this thesis to fix the weaknesses of existing schemes. The resulting scheme, which is based on established primitives like $\Sigma$-protocols for proofs of knowledge, cryptographic commitments and verifiable encryption, supports all privacy-enhancing features. At the same time, the scheme is easily implementable on smart-cards. This thesis includes the full cryptographic specification, the formal verification of key properties, the mathematical model for functional verification in Mathematica software and the experimental implementation on .NET smart-cards. Although the scheme supports all privacy-enhancing features which are missing in related work, the computational complexity is the same or lower, thus the time of verification is shorter than in existing systems. With all these features and properties, the resulting scheme can significantly improve the privacy of users during their verification, especially when used in electronic ID systems, access systems or Internet services.

On the security of the Quantum Key Distribution protocols

6 pages, 1 table.-- Communication presented at the 5th World Multiconference on Systemics, Cybernetics and Informatics and 7th International Conference on Information System Analysis and Synthesis (SCI/ISAS 2001, Orlando, Florida, Jul 22-25, 2001).The advent of quantum computers may compromise the security of today's conventional cryptosystems. Quantum key distribution protocols are proposed to ward off such threat; but, for the moment, the proposed quantum protocols are an hybrid of classical and quantum mechanisms and, as a consequence, they will result compromised as easily as conventional cryptography by quantum cryptanalysis.This work was supported by CICYT, Spain, under grant TEL98-1020 and by MEC under Programa de estancias de Científicos y Tecnólogos Extranjeros en España.Peer reviewe

Exploiting Turbulence to increase Quantum Key Distribution feasibility over free-space channels

La principale problematica quando si ha a che fare con le comunicazioni free-space -ed in particolare con quelle a grande distanza- è la turbolenza atmosferica. Si propone un approccio innovativo per sfruttare questa criticità anzichè contrastarla, in modo da migliorare le prestazioni del sistemaopenEmbargo per motivi di segretezza e/o di proprietà dei risultati e/o informazioni sensibil

A brief overview of modern cryptographic tools with application to Internet

Here a brief overview of some of the cryptographic tools used in Internet today is illustrated. This document briefly introduces cryptography starting from a short resume of historical events showing the evolution and role played by cryptography narrating some representative real life events in history. A more formal introduction mentioning the advantages obtainable with cryptography is then undertaken starting from symmetric and asymmetric cryptography. Other uses of cryptography are then explained to finally present two widely used communication protocols in Internet. Representative examples are provided reverting to a minimal mathematical approach