Implementation of Quantum Key Distribution with Composable Security Against Coherent Attacks using Einstein-Podolsky-Rosen Entanglement

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution (QKD) this is achieved without relying on the hardness of mathematical problems which might be compromised by improved algorithms or by future quantum computers. State-of-the-art QKD requires composable security against coherent attacks for a finite number of samples. Here, we present the first implementation of QKD satisfying this requirement and additionally achieving security which is independent of any possible flaws in the implementation of the receiver. By distributing strongly Einstein-Podolsky-Rosen entangled continuous variable (CV) light in a table-top arrangement, we generated secret keys using a highly efficient error reconciliation algorithm. Since CV encoding is compatible with conventional optical communication technology, we consider our work to be a major promotion for commercialized QKD providing composable security against the most general channel attacks.Comment: 7 pages, 3 figure

On defining partition entropy by inequalities

Partition entropy is the numerical metric of uncertainty within a partition of a finite set, while conditional entropy measures the degree of difficulty in predicting a decision partition when a condition partition is provided. Since two direct methods exist for defining conditional entropy based on its partition entropy, the inequality postulates of monotonicity, which conditional entropy satisfies, are actually additional constraints on its entropy. Thus, in this paper partition entropy is defined as a function of probability distribution, satisfying all the inequalities of not only partition entropy itself but also its conditional counterpart. These inequality postulates formalize the intuitive understandings of uncertainty contained in partitions of finite sets.We study the relationships between these inequalities, and reduce the redundancies among them. According to two different definitions of conditional entropy from its partition entropy, the convenient and unified checking conditions for any partition entropy are presented, respectively. These properties generalize and illuminate the common nature of all partition entropies

Evaluation of Some Algorithms for Hardware-Oriented Message Authentication

In this technical report, we consider ultra light-weight constructions of message authentication in hardware applications. We examine several known constructions and evaluate details around their hardware implementations. These constructions are all based on the framework of universal hash functions

On Recent Advances in Key Derivation via the Leftover Hash Lemma

Barak et al. showed how to significantly reduce the entropy loss, which is necessary in general, in the use of the Leftover Hash Lemma (LHL) to derive a secure key for many important cryptographic applications. If one wants this key to be secure against any additional short leakage, then the min-entropy of the source used with the LHL must be big enough. Recently, Berens came up with a notion of collision entropy that is much weaker than min-entropy and allows proving a version of the LHL with leakage robustness but without any entropy saving. We combine both approaches and extend the results of Barak et. al to the collision entropy. Summarizing, we obtain a version of the LHL with optimized entropy loss, leakage robustness and weak entropy requirements

Authentication codes from ε-ASU hash functions with partially secret keys

An authentication code can be constructed with a family of e-Almost strong universal (e-ASU) hash functions, with the index of hash functions as the authentication key. This paper considers the performance of authentication codes from e-ASU, when the authentication key is only partially secret. We show how to apply the result to privacy amplification against active attacks in the scenario of two independent partially secret strings shared between a sender and a receiver. Keywords: Authentication code; Information theory; Privacy amplification; Unconditional securit

Forging Attacks on two Authenticated Encryptions COBRA and POET

In FSE 2014, an authenticated encryption mode COBRA [4], based on pseudorandom permutation (PRP) blockcipher, and POET [3], based on Almost XOR-Universal (AXU) hash and strong pseudorandom permutation (SPRP), were proposed. Few weeks later, COBRA mode and a simple variant of the original proposal of POET (due to a forging attack [13] on the original proposal) with AES as an underlying blockcipher, were submitted in CAESAR, a competition [1] of authenticated encryption (AE). In this paper we show a forging attack on the mode COBRA based on any n-bit blockcipher. Our attack on COBRA requires about O(n) queries with success probability about 1/2. This disproves the claim proved in FSE 2014 paper. We also show both privacy and forging attack on the parallel version of POET, denoted POET-m. In case of the modes POET or POE (the underlying modes for encryption), we show one query distinguishing attack when we instantiate the underlying AXU-hash function with some other AXU hash function, namely uniform random involution. Thus, our result violates the designer\u27s main claim (Theorem 8.1 in [1]). However, the attacks can not be extended directly for the specific choices of existing submitted versions to the CAESAR competition

On one-round reliable message transmission

In this paper, we consider one-round protocols for reliable message transmission (RMT) when $t$ out of $n=2t+1$ available channels are controlled by an adversary. We show impossibility of constructing such a protocol that achieves a transmission rate of less than $\Theta(n)$ for constant-size messages and arbitrary reliability parameter. In addition, we show how to improve two existing protocols for RMT to allow for either larger messages or reduced field sizes