17,184 research outputs found
Unconditional security from noisy quantum storage
We consider the implementation of two-party cryptographic primitives based on
the sole assumption that no large-scale reliable quantum storage is available
to the cheating party. We construct novel protocols for oblivious transfer and
bit commitment, and prove that realistic noise levels provide security even
against the most general attack. Such unconditional results were previously
only known in the so-called bounded-storage model which is a special case of
our setting. Our protocols can be implemented with present-day hardware used
for quantum key distribution. In particular, no quantum storage is required for
the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to
appear in IEEE Transactions on Information Theory), including bit wise
min-entropy sampling. however, for experimental purposes block sampling can
be much more convenient, please see v3 arxiv version if needed. See
arXiv:0911.2302 for a companion paper addressing aspects of a practical
implementation using block samplin
On the Commitment Capacity of Unfair Noisy Channels
Noisy channels are a valuable resource from a cryptographic point of view.
They can be used for exchanging secret-keys as well as realizing other
cryptographic primitives such as commitment and oblivious transfer. To be
really useful, noisy channels have to be consider in the scenario where a
cheating party has some degree of control over the channel characteristics.
Damg\r{a}rd et al. (EUROCRYPT 1999) proposed a more realistic model where such
level of control is permitted to an adversary, the so called unfair noisy
channels, and proved that they can be used to obtain commitment and oblivious
transfer protocols. Given that noisy channels are a precious resource for
cryptographic purposes, one important question is determining the optimal rate
in which they can be used. The commitment capacity has already been determined
for the cases of discrete memoryless channels and Gaussian channels. In this
work we address the problem of determining the commitment capacity of unfair
noisy channels. We compute a single-letter characterization of the commitment
capacity of unfair noisy channels. In the case where an adversary has no
control over the channel (the fair case) our capacity reduces to the well-known
capacity of a discrete memoryless binary symmetric channel
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
On Oblivious Amplification of Coin-Tossing Protocols
We consider the problem of amplifying two-party coin-tossing protocols: given a protocol where it is possible to bias the common output by at most ?, we aim to obtain a new protocol where the output can be biased by at most ?* < ?. We rule out the existence of a natural type of amplifiers called oblivious amplifiers for every ?* < ?. Such amplifiers ignore the way that the underlying ?-bias protocol works and can only invoke an oracle that provides ?-bias bits.
We provide two proofs of this impossibility. The first is by a reduction to the impossibility of deterministic randomness extraction from Santha-Vazirani sources. The second is a direct proof that is more general and also rules outs certain types of asymmetric amplification. In addition, it gives yet another proof for the Santha-Vazirani impossibility
Implementation of two-party protocols in the noisy-storage model
The noisy-storage model allows the implementation of secure two-party
protocols under the sole assumption that no large-scale reliable quantum
storage is available to the cheating party. No quantum storage is thereby
required for the honest parties. Examples of such protocols include bit
commitment, oblivious transfer and secure identification. Here, we provide a
guideline for the practical implementation of such protocols. In particular, we
analyze security in a practical setting where the honest parties themselves are
unable to perform perfect operations and need to deal with practical problems
such as errors during transmission and detector inefficiencies. We provide
explicit security parameters for two different experimental setups using weak
coherent, and parametric down conversion sources. In addition, we analyze a
modification of the protocols based on decoy states.Comment: 41 pages, 33 figures, this is a companion paper to arXiv:0906.1030
considering practical aspects, v2: published version, title changed in
accordance with PRA guideline
Separating Two-Round Secure Computation From Oblivious Transfer
We consider the question of minimizing the round complexity of protocols for secure multiparty computation (MPC) with security against an arbitrary number of semi-honest parties. Very recently, Garg and Srinivasan (Eurocrypt 2018) and Benhamouda and Lin (Eurocrypt 2018) constructed such 2-round MPC protocols from minimal assumptions. This was done by showing a round preserving reduction to the task of secure 2-party computation of the oblivious transfer functionality (OT). These constructions made a novel non-black-box use of the underlying OT protocol. The question remained whether this can be done by only making black-box use of 2-round OT. This is of theoretical and potentially also practical value as black-box use of primitives tends to lead to more efficient constructions.
Our main result proves that such a black-box construction is impossible, namely that non-black-box use of OT is necessary. As a corollary, a similar separation holds when starting with any 2-party functionality other than OT.
As a secondary contribution, we prove several additional results that further clarify the landscape of black-box MPC with minimal interaction. In particular, we complement the separation from 2-party functionalities by presenting a complete 4-party functionality, give evidence for the difficulty of ruling out a complete 3-party functionality and for the difficulty of ruling out black-box constructions of 3-round MPC from 2-round OT, and separate a relaxed "non-compact" variant of 2-party homomorphic secret sharing from 2-round OT
On the Efficiency of Classical and Quantum Secure Function Evaluation
We provide bounds on the efficiency of secure one-sided output two-party
computation of arbitrary finite functions from trusted distributed randomness
in the statistical case. From these results we derive bounds on the efficiency
of protocols that use different variants of OT as a black-box. When applied to
implementations of OT, these bounds generalize most known results to the
statistical case. Our results hold in particular for transformations between a
finite number of primitives and for any error. In the second part we study the
efficiency of quantum protocols implementing OT. While most classical lower
bounds for perfectly secure reductions of OT to distributed randomness still
hold in the quantum setting, we present a statistically secure protocol that
violates these bounds by an arbitrarily large factor. We then prove a weaker
lower bound that does hold in the statistical quantum setting and implies that
even quantum protocols cannot extend OT. Finally, we present two lower bounds
for reductions of OT to commitments and a protocol based on string commitments
that is optimal with respect to both of these bounds
Commitment and Oblivious Transfer in the Bounded Storage Model with Errors
The bounded storage model restricts the memory of an adversary in a
cryptographic protocol, rather than restricting its computational power, making
information theoretically secure protocols feasible. We present the first
protocols for commitment and oblivious transfer in the bounded storage model
with errors, i.e., the model where the public random sources available to the
two parties are not exactly the same, but instead are only required to have a
small Hamming distance between themselves. Commitment and oblivious transfer
protocols were known previously only for the error-free variant of the bounded
storage model, which is harder to realize
Robust Cryptography in the Noisy-Quantum-Storage Model
It was shown in [WST08] that cryptographic primitives can be implemented
based on the assumption that quantum storage of qubits is noisy. In this work
we analyze a protocol for the universal task of oblivious transfer that can be
implemented using quantum-key-distribution (QKD) hardware in the practical
setting where honest participants are unable to perform noise-free operations.
We derive trade-offs between the amount of storage noise, the amount of noise
in the operations performed by the honest participants and the security of
oblivious transfer which are greatly improved compared to the results in
[WST08]. As an example, we show that for the case of depolarizing noise in
storage we can obtain secure oblivious transfer as long as the quantum
bit-error rate of the channel does not exceed 11% and the noise on the channel
is strictly less than the quantum storage noise. This is optimal for the
protocol considered. Finally, we show that our analysis easily carries over to
quantum protocols for secure identification.Comment: 34 pages, 2 figures. v2: clarified novelty of results, improved
security analysis using fidelity-based smooth min-entropy, v3: typos and
additivity proof in appendix correcte
- …