Unconditionally Secure Computation with Reduced Interaction

We study the question of how much interaction is needed for unconditionally secure multiparty computation. We first consider the number of messages that need to be sent to compute a Boolean function with semi-honest security, where all $n$ parties learn the result. We consider two classes of functions called $t$-difficult and $t$-very difficult functions, here $t$ refers to the number of corrupted players. One class is contained in the other. For instance, the AND of an input bit from each player is $t$-very difficult while the XOR is $t$-difficult but not $t$-very difficult. We show lower bounds on the message complexity of both types of functions, considering two notions of message complexity called conservative and liberal, where the conservative one is the more standard one. In all cases the bounds are $\Omega(nt)$. We also show upper bounds for $t=1$ and functions in deterministic log-space, as well as a stronger upper bound for the XOR function. This matches the lower bound for conservative complexity, so we find that the conservative message complexity of $1$-very difficult functions in deterministic log space is $2n$, while the conservative message complexity for XOR (and $t=1$) is $2n-1$. Next, we consider round complexity. It is a long-standing open problem to determine whether all efficiently computable functions can also be efficiently computed in constant-round with {\em unconditional} security. Motivated by this, we consider the question of whether we can compute any function securely, while minimizing the interaction of {\em some of} the players? And if so, how many players can this apply to? Note that we still want the standard security guarantees (correctness, privacy, termination) and we consider the standard communication model with secure point-to-point channels. We answer the questions as follows: for passive security, with $n=2t+1$ players and $t$ corruptions, up to $t$ players can have minimal interaction, i.e., they send 1 message in the first round to each of the $t+1$ remaining players and receive one message from each of them in the last round. Using our result on message complexity, we show that this is (unconditionally) optimal. For malicious security with $n=3t+1$ players and $t$ corruptions, up to $t$ players can have minimal interaction, and we show that this is also optimal

The Case for Quantum Key Distribution

Quantum key distribution (QKD) promises secure key agreement by using quantum mechanical systems. We argue that QKD will be an important part of future cryptographic infrastructures. It can provide long-term confidentiality for encrypted information without reliance on computational assumptions. Although QKD still requires authentication to prevent man-in-the-middle attacks, it can make use of either information-theoretically secure symmetric key authentication or computationally secure public key authentication: even when using public key authentication, we argue that QKD still offers stronger security than classical key agreement.Comment: 12 pages, 1 figure; to appear in proceedings of QuantumComm 2009 Workshop on Quantum and Classical Information Security; version 2 minor content revision

Increasing the power of the verifier in Quantum Zero Knowledge

In quantum zero knowledge, the assumption was made that the verifier is only using unitary operations. Under this assumption, many nice properties have been shown about quantum zero knowledge, including the fact that Honest-Verifier Quantum Statistical Zero Knowledge (HVQSZK) is equal to Cheating-Verifier Quantum Statistical Zero Knowledge (QSZK) (see [Wat02,Wat06]). In this paper, we study what happens when we allow an honest verifier to flip some coins in addition to using unitary operations. Flipping a coin is a non-unitary operation but doesn't seem at first to enhance the cheating possibilities of the verifier since a classical honest verifier can flip coins. In this setting, we show an unexpected result: any classical Interactive Proof has an Honest-Verifier Quantum Statistical Zero Knowledge proof with coins. Note that in the classical case, honest verifier SZK is no more powerful than SZK and hence it is not believed to contain even NP. On the other hand, in the case of cheating verifiers, we show that Quantum Statistical Zero Knowledge where the verifier applies any non-unitary operation is equal to Quantum Zero-Knowledge where the verifier uses only unitaries. One can think of our results in two complementary ways. If we would like to use the honest verifier model as a means to study the general model by taking advantage of their equivalence, then it is imperative to use the unitary definition without coins, since with the general one this equivalence is most probably not true. On the other hand, if we would like to use quantum zero knowledge protocols in a cryptographic scenario where the honest-but-curious model is sufficient, then adding the unitary constraint severely decreases the power of quantum zero knowledge protocols.Comment: 17 pages, 0 figures, to appear in FSTTCS'0

Quantum Cryptography Beyond Quantum Key Distribution

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries---including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference

Quantum Computers and Quantum Coherence

If the states of spins in solids can be created, manipulated, and measured at the single-quantum level, an entirely new form of information processing, quantum computing, will be possible. We first give an overview of quantum information processing, showing that the famous Shor speedup of integer factoring is just one of a host of important applications for qubits, including cryptography, counterfeit protection, channel capacity enhancement, distributed computing, and others. We review our proposed spin-quantum dot architecture for a quantum computer, and we indicate a variety of first generation materials, optical, and electrical measurements which should be considered. We analyze the efficiency of a two-dot device as a transmitter of quantum information via the ballistic propagation of carriers in a Fermi sea.Comment: 13 pages, latex, one eps figure. Prepared for special issue of J. Mag. Magn. Matl., "Magnetism beyond 2000". Version 2: small revisions and correction

Beyond the Goldenberg-Vaidman protocol: Secure and efficient quantum communication using arbitrary, orthogonal, multi-particle quantum states

It is shown that maximally efficient protocols for secure direct quantum communications can be constructed using any arbitrary orthogonal basis. This establishes that no set of quantum states (e.g. GHZ states, W states, Brown states or Cluster states) has an advantage over the others, barring the relative difficulty in physical implementation. The work provides a wide choice of states for experimental realization of direct secure quantum communication protocols. We have also shown that this protocol can be generalized to a completely orthogonal state based protocol of Goldenberg-Vaidman (GV) type. The security of these protocols essentially arises from duality and monogamy of entanglement. This stands in contrast to protocols that employ non-orthogonal states, like Bennett-Brassard 1984 (BB84), where the security essentially comes from non-commutativity in the observable algebra.Comment: 7 pages, no figur

Explaining the unobserved: why quantum mechanics is not only about information

A remarkable theorem by Clifton, Bub and Halvorson (2003)(CBH) characterizes quantum theory in terms of information--theoretic principles. According to Bub (2004, 2005) the philosophical significance of the theorem is that quantum theory should be regarded as a ``principle'' theory about (quantum) information rather than a ``constructive'' theory about the dynamics of quantum systems. Here we criticize Bub's principle approach arguing that if the mathematical formalism of quantum mechanics remains intact then there is no escape route from solving the measurement problem by constructive theories. We further propose a (Wigner--type) thought experiment that we argue demonstrates that quantum mechanics on the information--theoretic approach is incomplete.Comment: 34 Page

Explaining the Unobserved: Why Quantum Theory Ain't Only About Information

A remarkable theorem by Clifton, Bub and Halvorson (2003) (CBH) characterizes quantum theory in terms of information--theoretic principles. According to Bub (2004, 2005) the philosophical significance of the theorem is that quantum theory should be regarded as a ``principle'' theory about (quantum) information rather than a ``constructive'' theory about the dynamics of quantum systems. Here we criticize Bub's principle approach arguing that if the mathematical formalism of quantum mechanics remains intact then there is no escape route from solving the measurement problem by constructive theories. We further propose a (Wigner--type) thought experiment that we argue demonstrates that quantum mechanics on the information--theoretic approach is incomplete