Unconditionally Secure and Universally Composable Commitments from Physical Assumptions

We present a constant-round unconditional black-box compiler that transforms any ideal (i.e., statistically-hiding and statistically-binding) straight-line extractable commitment scheme, into an extractable and equivocal commitment scheme, therefore yielding to UC-security [9]. We exemplify the usefulness of our compiler by providing two (constant-round) instantiations of ideal straight-line extractable commitment based on (malicious) PUFs [36] and stateless tamper-proof hardware tokens [26], therefore achieving the first unconditionally UC-secure commitment with malicious PUFs and stateless tokens, respectively. Our constructions are secure for adversaries creating arbitrarily malicious stateful PUFs/tokens. Previous results with malicious PUFs used either computational assumptions to achieve UC- secure commitments or were unconditionally secure but only in the indistinguishability sense [36]. Similarly, with stateless tokens, UC-secure commitments are known only under computational assumptions [13, 24, 15], while the (not UC) unconditional commitment scheme of [23] is secure only in a weaker model in which the adversary is not allowed to create stateful tokens. Besides allowing us to prove feasibility of unconditional UC-security with (malicious) PUFs and stateless tokens, our compiler can be instantiated with any ideal straight-line extractable commitment scheme, thus allowing the use of various setup assumptions which may better fit the application or the technology available

Composability in quantum cryptography

In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to generate a continuous key stream by sequentially composing rounds of a quantum key distribution protocol. In a second part, we take a more general point of view, which is necessary for the study of cryptographic situations involving, for example, mutually distrustful parties. We explain the universal composability framework and state the composition theorem which guarantees that secure protocols can securely be composed to larger applicationsComment: 18 pages, 2 figure

A Private Quantum Bit String Commitment

We propose an entanglement-based quantum bit string commitment protocol whose composability is proven in the random oracle model. This protocol has the additional property of preserving the privacy of the committed message. Even though this property is not resilient against man-in-the-middle attacks, this threat can be circumvented by considering that the parties communicate through an authenticated channel. The protocol remains secure (but not private) if we realize the random oracles as physical unclonable functions in the so-called bad PUF model with access before the opening phase.Comment: 8 pages, 4 figure

Universally Composable Quantum Multi-Party Computation

The Universal Composability model (UC) by Canetti (FOCS 2001) allows for secure composition of arbitrary protocols. We present a quantum version of the UC model which enjoys the same compositionality guarantees. We prove that in this model statistically secure oblivious transfer protocols can be constructed from commitments. Furthermore, we show that every statistically classically UC secure protocol is also statistically quantum UC secure. Such implications are not known for other quantum security definitions. As a corollary, we get that quantum UC secure protocols for general multi-party computation can be constructed from commitments

Generation and Distribution of Quantum Oblivious Keys for Secure Multiparty Computation

The oblivious transfer primitive is sufficient to implement secure multiparty computation. However, secure multiparty computation based only on classical cryptography is severely limited by the security and efficiency of the oblivious transfer implementation. We present a method to efficiently and securely generate and distribute oblivious keys by exchanging qubits and by performing commitments using classical hash functions. With the presented hybrid approach, quantum and classical, we obtain a practical and high-speed oblivious transfer protocol, secure even against quantum computer attacks. The oblivious distributed keys allow implementing a fast and secure oblivious transfer protocol, which can pave the way for the widespread of applications based on secure multiparty computation.Comment: 11 pages, 5 figure

Quantum oblivious transfer: a short review

Quantum cryptography is the field of cryptography that explores the quantum properties of matter. Its aim is to develop primitives beyond the reach of classical cryptography or to improve on existing classical implementations. Although much of the work in this field is dedicated to quantum key distribution (QKD), some important steps were made towards the study and development of quantum oblivious transfer (QOT). It is possible to draw a comparison between the application structure of both QKD and QOT primitives. Just as QKD protocols allow quantum-safe communication, QOT protocols allow quantum-safe computation. However, the conditions under which QOT is actually quantum-safe have been subject to a great amount of scrutiny and study. In this review article, we survey the work developed around the concept of oblivious transfer in the area of theoretical quantum cryptography, with an emphasis on some proposed protocols and their security requirements. We review the impossibility results that daunt this primitive and discuss several quantum security models under which it is possible to prove QOT security.Comment: 40 pages, 14 figure

Device-Independent Relativistic Quantum Bit Commitment

We examine the possibility of device-independent relativistic quantum bit commitment. We note the potential threat of {\it location attacks}, in which the behaviour of untrusted devices used in relativistic quantum cryptography depends on their space-time location. We describe relativistic quantum bit commitment schemes that are immune to these attacks, and show that these schemes offer device-independent security against hypothetical post-quantum adversaries subject only to the no-signalling principle. We compare a relativistic classical bit commitment scheme with similar features, and note some possible advantages of the quantum schemes