133 research outputs found
Weak randomness completely trounces the security of QKD
In usual security proofs of quantum protocols the adversary (Eve) is expected
to have full control over any quantum communication between any communicating
parties (Alice and Bob). Eve is also expected to have full access to an
authenticated classical channel between Alice and Bob. Unconditional security
against any attack by Eve can be proved even in the realistic setting of device
and channel imperfection. In this Letter we show that the security of QKD
protocols is ruined if one allows Eve to possess a very limited access to the
random sources used by Alice. Such knowledge should always be expected in
realistic experimental conditions via different side channels
Optimality of private quantum channels
We addressed the question of optimality of private quantum channels. We have
shown that the Shannon entropy of the classical key necessary to securely
transfer the quantum information is lower bounded by the entropy exchange of
the private quantum channel and von Neumann entropy of the ciphertext
state . Based on these bounds we have shown that decomposition
of private quantum channels into orthogonal unitaries (if exists) is optimizing
the entropy. For non-ancillary single qubit PQC we have derived the optimal
entropy for arbitrary set of plaintexts. In particular, we have shown that
except when the (closure of the) set of plaintexts contains all states, one bit
key is sufficient. We characterized and analyzed all the possible single qubit
private quantum channels for arbitrary set of plaintexts. For the set of
plaintexts consisting of all qubit states we have characterized all possible
approximate private quantum channels and we have derived the relation between
the security parameter and the corresponding minimal entropy.Comment: no commen
Fair and optimistic quantum contract signing
We present a fair and optimistic quantum contract signing protocol between
two clients that requires no communication with the third trusted party during
the exchange phase. We discuss its fairness and show that it is possible to
design such a protocol for which the probability of a dishonest client to cheat
becomes negligible, and scales as N^{-1/2}, where N is the number of messages
exchanged between the clients. Our protocol is not based on the exchange of
signed messages: its fairness is based on the laws of quantum mechanics. Thus,
it is abuse-free, and the clients do not have to generate new keys for each
message during the Exchange phase. We discuss a real-life scenario when the
measurement errors and qubit state corruption due to noisy channels occur and
argue that for real, good enough measurement apparatus and transmission
channels, our protocol would still be fair. Our protocol could be implemented
by today's technology, as it requires in essence the same type of apparatus as
the one needed for BB84 cryptographic protocol. Finally, we briefly discuss two
alternative versions of the protocol, one that uses only two states (based on
B92 protocol) and the other that uses entangled pairs, and show that it is
possible to generalize our protocol to an arbitrary number of clients.Comment: 11 pages, 2 figure
Recommended from our members
A framework for estimating societyâs economic welfare following the introduction of an animal disease: the case of Johneâs disease
Animal diseases are global issues affecting the productivity and financial profitability of affected farms. Johneâs disease is distributed on farms worldwide and is an endemic contagious bacterial infection in ruminants caused by Mycobacterium avium subspecies paratuberculosis. In cattle, the clinical disease manifests itself as chronic enteritis resulting in reduced production, weight loss, and eventually death. Johneâs disease is prevalent in the UK, including Scotland. Direct costs and losses associated with Johneâs disease have been estimated in previous research, confirming an important economic impact of the disease in UK herds. Despite this, the distributional impact of Johneâs disease among milk consumers and producers in Scotland has not been estimated. In this paper, we evaluate the change in societyâs economic welfare, namely to dairy producers (i.e. infected and uninfected herds) and milk consumers in Scotland induced by the introduction of Johneâs disease in the national Scottish dairy herd. At the national-level, we conclude that the economic burden falls mainly on producers of infected herds and, to a lesser extent, milk consumers, while producers of uninfected herds benefit from the presence of Johneâs. An infected producerâs loss per cow is approximately two times larger in magnitude than that of an uninfected producerâs gain. Such economic welfare estimates are an important comparison of the relative costs of national herd prevalence and the wider economic welfare implications for both producers and consumers. This is particularly important from a policy, public good, cost sharing, and human health perspective. The economic welfare framework presented in this paper can be applied to other diseases to examine the relative burden of societyâs economic welfare of alternative livestock disease scenarios. In addition, the sensitivity analysis evaluates uncertainty in economic welfare given limited data and uncertainty in the national herd prevalence, and other input parameters, associated with Johneâs disease in Scotland. Therefore, until the prevalence of Johneâs is better understood, the full economic cost to Scottish dairy herds remains uncertain but in the meantime the sensitivity analysis evaluates the robustness of economic welfare to such uncertainties
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
The impact of using BARCIST 1.0 criteria on quantification of BAT volume and activity in three independent cohorts of adults
Human brown adipose tissue (BAT) is commonly assessed by cold-induced 18F-fluorodeoxyglucose
(FDG) PET-CT using several quantification criteria. Uniform criteria for data analysis became available
recently (BARCIST 1.0). We compared BAT volume and activity following BARCIST 1.0 criteria
against the most commonly used criteria [Hounsfield Units (HU):-250, -50, standardized uptake
value (SUV):2.0; HU: Not applied, SUV:2.0 and HU:-180, -10, SUV:1.5] in a prospective study using
three independent cohorts of men including young lean adults, young overweight/obese adults and
middle-aged overweight/obese adults. BAT volume was the most variable outcome between criteria.
While BAT volume calculated using the HU: NA; SUV: 2.0 criteria was up to 207% higher than the BAT
volume calculated based on BARCIST 1.0 criteria, it was up to 57% lower using the HU: -250, -50; SUV:
2.0 criteria compared to the BARCIST 1.0. Similarly, BAT activity (expressed as SUVmean) also differed
between different thresholds mainly because SUVmean depends on BAT volume. SUVpeak was the most
consistent BAT outcome across the four study criteria. Of note, we replicated these findings in three
independent cohorts. In conclusion, BAT volume and activity as determined by 18F-FDG-PET/CT highly
depend on the quantification criteria used. Future human BAT studies should conduct sensitivity
analysis with different thresholds in order to understand whether results are driven by the selected HU
and/or SUV thresholds. The design of the present study precludes providing any conclusive threshold,
but before more definitive thresholds for HU and SUV are available, we support the use of BARCIST 1.0
criteria to facilitate interpretation of BAT characteristics between research groups
How much randomness can be extracted from memoryless Shannon entropy sources?
We revisit the classical problem: given a memoryless source having a certain amount of Shannon Entropy, how many random bits can be extracted? This question appears in works studying random number generators built from physical entropy sources.
Some authors use a heuristic estimate obtained from the Asymptotic Equipartition Property, which yields roughly extractable bits, where is the total Shannon entropy amount. However the best known precise form gives only , where is the distance of the extracted bits from uniform. In this paper we show a matching upper bound. Therefore, the loss of bits is necessary. As we show, this theoretical bound is of practical relevance. Namely, applying the imprecise AEP heuristic to a mobile phone accelerometer one might overestimate extractable entropy even by , no matter what the extractor is. Thus, the ``AEP extracting heuristic\u27\u27 should not be used without taking the precise error into account
- âŠ