The Impossibility Of Secure Two-Party Classical Computation

We present attacks that show that unconditionally secure two-party classical computation is impossible for many classes of function. Our analysis applies to both quantum and relativistic protocols. We illustrate our results by showing the impossibility of oblivious transfer.Comment: 10 page

Entropic uncertainty relations and locking: tight bounds for mutually unbiased bases

We prove tight entropic uncertainty relations for a large number of mutually unbiased measurements. In particular, we show that a bound derived from the result by Maassen and Uffink for 2 such measurements can in fact be tight for up to sqrt{d} measurements in mutually unbiased bases. We then show that using more mutually unbiased bases does not always lead to a better locking effect. We prove that the optimal bound for the accessible information using up to sqrt{d} specific mutually unbiased bases is log d/2, which is the same as can be achieved by using only two bases. Our result indicates that merely using mutually unbiased bases is not sufficient to achieve a strong locking effect, and we need to look for additional properties.Comment: 9 pages, RevTeX, v3: complete rewrite, new title, many new results, v4: minor changes, published versio

06371 Abstracts Collection -- From Security to Dependability

From 10.09.06 to 15.09.06, the Dagstuhl Seminar 06371 ``From Security to Dependability\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Quantum private queries

We propose a cheat sensitive quantum protocol to perform a private search on a classical database which is efficient in terms of communication complexity. It allows a user to retrieve an item from the server in possession of the database without revealing which item she retrieved: if the server tries to obtain information on the query, the person querying the database can find it out. Furthermore our protocol ensures perfect data privacy of the database, i.e. the information that the user can retrieve in a single queries is bounded and does not depend on the size of the database. With respect to the known (quantum and classical) strategies for private information retrieval, our protocol displays an exponential reduction both in communication complexity and in running-time computational complexity.Comment: 4 pages, 1 figur

Fast and secure key distribution using mesoscopic coherent states of light

This work shows how two parties A and B can securely share sequences of random bits at optical speeds. A and B possess true-random physical sources and exchange random bits by using a random sequence received to cipher the following one to be sent. A starting shared secret key is used and the method can be described as an unlimited one-time-pad extender. It is demonstrated that the minimum probability of error in signal determination by the eavesdropper can be set arbitrarily close to the pure guessing level. Being based on the $M$-ry encryption protocol this method also allows for optical amplification without security degradation, offering practical advantages over the BB84 protocol for key distribution.Comment: 11 pages and 4 figures. This version updates the one published in PRA 68, 052307 (2003). Minor changes were made in the text and one section on Mutual Information was adde

Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps

{\em Verifiable computation} (VC) allows a computationally weak client to outsource the evaluation of a function on many inputs to a powerful but untrusted server. The client invests a large amount of off-line computation and gives an encoding of its function to the server. The server returns both an evaluation of the function on the client's input and a proof such that the client can verify the evaluation using substantially less effort than doing the evaluation on its own. We consider how to privately outsource computations using {\em privacy preserving} VC schemes whose executions reveal no information on the client's input or function to the server. We construct VC schemes with {\em input privacy} for univariate polynomial evaluation and matrix multiplication and then extend them such that the {\em function privacy} is also achieved. Our tool is the recently developed {mutilinear maps}. The proposed VC schemes can be used in outsourcing {private information retrieval (PIR)}.Comment: 23 pages, A preliminary version appears in the 12th International Conference on Cryptology and Network Security (CANS 2013

Quantum cryptography with 3-state systems

We consider quantum cryptographic schemes where the carriers of information are 3-state particles. One protocol uses four mutually unbiased bases and appears to provide better security than obtainable with 2-state carriers. Another possible method allows quantum states to belong to more than one basis. The security is not better, but many curious features arise.Comment: 11 pages Revte

Possibility, Impossibility and Cheat-Sensitivity of Quantum Bit String Commitment

Unconditionally secure non-relativistic bit commitment is known to be impossible in both the classical and the quantum worlds. But when committing to a string of n bits at once, how far can we stretch the quantum limits? In this paper, we introduce a framework for quantum schemes where Alice commits a string of n bits to Bob in such a way that she can only cheat on a bits and Bob can learn at most b bits of information before the reveal phase. Our results are two-fold: we show by an explicit construction that in the traditional approach, where the reveal and guess probabilities form the security criteria, no good schemes can exist: a+b is at least n. If, however, we use a more liberal criterion of security, the accessible information, we construct schemes where a=4log n+O(1) and b=4, which is impossible classically. We furthermore present a cheat-sensitive quantum bit string commitment protocol for which we give an explicit tradeoff between Bob's ability to gain information about the committed string, and the probability of him being detected cheating.Comment: 10 pages, RevTex, 2 figure. v2: title change, cheat-sensitivity adde

Estimates for practical quantum cryptography

In this article I present a protocol for quantum cryptography which is secure against attacks on individual signals. It is based on the Bennett-Brassard protocol of 1984 (BB84). The security proof is complete as far as the use of single photons as signal states is concerned. Emphasis is given to the practicability of the resulting protocol. For each run of the quantum key distribution the security statement gives the probability of a successful key generation and the probability for an eavesdropper's knowledge, measured as change in Shannon entropy, to be below a specified maximal value.Comment: Authentication scheme corrected. Other improvements of presentatio